Anthony Webb: From On-Campus to On-Demand – Secure Networking for the New Higher Education
Written by Anthony Webb, EMEA VP at A10 Networks
Even before the COVID-19 pandemic, connectivity played an important role in university life. In recent years, it has become the norm for students to attend lectures virtually. A wealth of online learning resources is available, both within university networks and on the internet. Meanwhile, online retail, banking, health services, gaming, media, and more are mainstays of student life.
Now, a global pandemic has radically accelerated this trend. Universities everywhere have been forced to create and expand online remote access for their students, many from scratch. More than just a convenience, connectivity has become a lifeline for students and universities alike. For university IT departments, this means making a fundamental shift from on-campus networking to supporting a distributed network across the globe.
Empowering the New University
The pandemic has been a wakeup call for IT departments in universities: improvisation and a patchwork of legacy infrastructure and security will no longer suffice. Institutions of higher education need a well-thought-out plan for moving to a more resilient, on-demand model. With current on-campus traffic relatively light at many universities, the best time to upgrade is now.
Continued Needs of the On-campus Model
For their on-campus learning population, universities need to leverage their existing on-campus networks to support growing devices and traffic. Even if the on-campus population is not growing, the number of devices and connections continues to rise. Rather than purchasing costly new IPv4 addresses on the market, a carrier-grade network (CGN) solution makes it possible to extend their current pool through carrier-grade NAT (CGNAT), which enables large-scale address and port translation to extend the life of an IPv4 network infrastructure.
Meanwhile, it is important to have a plan in place for IPv6 migration. Specialised resources such as student ERP, registration, billing, online classes, and collaboration will increasingly be accessed on devices running IPv6, while network infrastructures may still be running IPv4 for the foreseeable future. Since IPv6 is not backward compatible with IPv4, universities will have to accommodate the coexistence of IPv4 and IPv6 networks to ensure business continuity and prepare for future growth.
Ensuring High Availability
Higher education faces one of the most challenging environments in IT. From proliferating unmanaged devices to spiky traffic patterns driven by class schedules, to highly latency-sensitive applications such as online classes, research, video, music, and gaming, the demands on university IT echo those of a commercial service provider, rather than an enterprise. In meeting these requirements, IT must have a fully developed strategy to ensure high availability, disaster recovery, multi-cloud security, and load balancing.
Secure On-demand Education
As the university environment expands beyond campus, institutions need a security model that recognises that a threat can come from anywhere. The Zero Trust model responds to these challenges by adopting the approach of “trust nobody”—inside or outside the network. Cybersecurity strategies are redesigned accordingly along the following key principles:
- Create network micro-segments and micro-perimeters to restrict east-west traffic flow and limit excessive user privileges and access as much as possible.
- Strengthen incident detection and response using comprehensive analytics and automation.
- Provide comprehensive and centralised visibility into users, devices, data, the network, and workflows.
With learning platforms and resources accessible via the web, it is essential to protect them against HTTP and web application-based security flaws. Web application firewall (WAF) systems use specific knowledge of HTTP and web-application vulnerabilities to filter or block these attacks without ever exposing the web servers or applications. This helps protect the environment against attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Automated DDoS protection is critical to protect against widespread and easily launched DDoS attacks. Universities should leverage DDoS threat intelligence, combined with real-time threat detection, to defend against DDoS attacks no matter where they originate. Methods such as automated signature extraction and black-listing botnets’ IP addresses and available vulnerable servers can help organizations proactively defend themselves even before the attacks starts.
Integrated Security Approach
Over the years, most organisations have collected a number of security point solutions, addressing specific threats and typically from many different vendors. These legacy systems, added incrementally as new threats were identified or a new approach provided, increase the complexity of operations, add latency into applications and reduce security efficacy. An integrated approach that consolidates security functions as much as possible will allow these functions to work together seamlessly, enabling compliance and unified security.
In conclusion, while the shift to remote and on-demand learning has been accelerated by the COVID-19 pandemic, the transformation of higher education had already been well underway. Trends in finances and enrolment were already driving universities to expand the opportunities and options available to students not only on campus, but around the world. The evolution in business models is now clear; what remains is to ensure that the university’s technology infrastructure can support the new direction. The network is front-and-centre in this effort.
By upgrading their capability to support growing numbers of connections and rising traffic, ensure cybersecurity and compliance, and maintain availability wherever and however students connect, universities can provide a solid foundation for success for their institutions and students alike.