Case study: Policy-based security and access control
SUNY Old Westbury has more than 3,000 students and hundreds of faculty using a plethora of devices. Their CIO, Marc Seybold, talks about their policy-based approach to securing the network and controlling bandwidth use
By Joan Goodchild , Senior Editor
April 05, 2011 — CSO —
In a university environment, there is no time for the network to go down. The students and faculty at SUNY Old Westbury, a university located on Long Island, New York, demand 24-7 access to the internet, both on and off campus. And, of course, it isn't enough to simply keep things running, they need to be protected, too.
For SUNY Old Westbury CIO Marc Seybold, that is a tall order. He is dealing with many different devices, with many different types of users. He also strives to allow students to have almost-constant use of bandwidth, both for study and after-hours recreation, while still ensuring faculty have the bandwidth they need during class time.
These goals recently prompted Seybold to change to a different model to protect students, faculty, and the network itself. Seybold explained to CSO why he decided to switch from an agent-based control system to a policy-based approach for security and bandwidth control at the school.
CSO: Briefly give us a run down of challenges you face when it comes to securing a college environment such as the one at SUNY Old Westbury.
Seybold: One thing that is unique from a college perspective, as opposed to a business, is that we have very little control over the devices that people bring on to the network. We don't mandate, we don't own, we don't control the devices that students use. Students can bring anything from a laptop, to an iPad-type device, an Android, whatever is on the market right now, as well as smart phones, which are trying associate with Wi-Fi networks. So they are bringing those things back and forth.
Also see: Network Security: The basics
In our case, we have about 1000 students in the dorms and the balance, about 2000+ or so, are commuters. People are going back and forth and some of these machines can become infected with malware when they're at home. They bring them on-campus, and unknowingly put us at risk. They're not doing it on purpose. They're walking around with a machine that they're trying to get their class in school work done on, but those machines can have something that's trying to disrupt the operation of the school's network.
For a college, there is no distinction we can draw from a security point of view between things that come from the outside and things that are on the inside. We have to treat all of the devices as if they are untrusted. And that's a bit more of a severe environment that a typical organization would find.