Middle East university gets a security lesson

Von Kavitha Rajasekhar

For the American University of Sharjah, a security strategy is not an issue meant just for the back room techies. In fact, it was the basis of its move to initiate a complete rip and replace of the campus IT network infrastructure. In an initiative that began two years ago, when the university signed on Cisco as its sole vendor for networking, AUS began what it calls its move towards student responsiveness using technology. Ensuring IT security therefore became a mainstay and today figures strongly at board level discussions. AUS will spend nearly 7 percent of its annual budget on technology.

Founded in 1997 by His Highness Sheikh Dr Sultan Bin Mohammed Al Qassimi, Supreme Council Member and Ruler of Sharjah, the American University of Sharjah (AUS) today boasts of 4100 students, four schools and colleges (College of Arts and Sciences, The School of Architecture and Design, the School of Business and Management, and the School of Engineering), 260 faculty members and 700 staff.

As a pioneer in the field of American style higher education in the Gulf, AUS relies heavily on its IT infrastructure to support its growth and enable university-wide connectivity. With a charter to pilot emerging technologies and ensure that connectivity and technology is available to every student, AUS Vice Chancellor for Finance and Administration George J DeBin says ensuring network security is of paramount importance.

?As the person responsible for justifying investments in technology infrastructure at AUS, I believe technology initiatives must support the requirements of students, faculty and staff and fulfill both immediate and mid term requirements of the university? says DeBin.

With a heavily networked environment, significant consideration for establishing IT security is a given. ?The university offers both undergraduate and graduate programs and we prioritize our network security requirements from an overall university perspective to ensure the highest level of computing security is provided to all our constituencies ? says DeBin.

?We need to first have a strategy for technology and its use, backed up with a strong security strategy. The university is dealing with students with an advanced understanding of technology as well, so the security policies need to be sound,? says AUS Director of IT Ashi Sheth.

This involved AUS taking stock of the security scenario in terms of both outside to inside information flows (which meant protecting student and university information from any outside attack) and also inside to outside (which meant putting policy in place to regulate student access and on-line activity.

?After revisiting our policies we decided that we needed to set parameters of usage and technology for every segment. Starting from wireless access policies we went right down to things like bandwidth usage. This exercise is clearly aimed at getting the best out of both technology and business requirements,? adds Sheth.

Also, with the university embracing new technologies on all fronts, including solution based education tools, student information systems, on-line information resources for students and wireless access for all, security needed to be embedded right into the system.

?With technology, we were seeking to ensure total student information confidentiality and also enhanced delivery of services. IT literally plays such a central role to the point that we are now heavily focusing on creating a collaborative environment between IT departments across the entire university,? adds DeBin.

Today, in terms of technology usage and deployment, AUS could easily be termed as one of the leading technology users in the market. From total wireless connectivity, to VOIP and RFID, AUS in the coming months will showcase some of the first time technology deployments in the region. Interestingly, the university will also be able to test, perhaps for the first time in the region, security issues on emerging technology areas.

For example, one of the key investments this year will be to double Internet connectivity in support for e-learning and a student portal initiative that will provide an on-line resource for students to store his/her information securely. The challenge in this will be to create a robust system that facilitates a secure interplay of people and technology.

Also, with wired and wireless connectivity set to expand and empower both internal users and guests/visitors, moving to a structure that will have better authentication and encryption capabilities (even at the port level for instance) is of crucial importance.

?In terms of our infrastructure, we are also expanding core capabilities like implementing the 10G Ethernet switch for example. We are also considering deployment of VPNs to secure both internal as well as remote connectivity. With access to Wi-Fi we have facilitated both open access as well as protected access for internal users in designated areas. The idea is to maintain excellent control of our own environment,? says Sheth.

Interestingly, the university has also implemented the 802.1x authentication protocol on wireless networks to enable controlled access to the network. ?Our next step will be to implement it on wired connections,? he adds.

To ensure things are as they should be, getting a unified view of the business is essential. ?AUS sees getting and maintaining a unified view of its operations as imperative to move ahead. This strategy also goes right down to security as well. The idea behind investing in technology is not only to enable better delivery of service, but to also use it as an all integrating layer, so all departments share information that is required for others to perform their mission? says DeBin.

Moving in that direction, AUS has set the stage to merge its security strategy with technology and is strongly considering implementing two-factor authentication. As a build up to it, over the next six to 12 months, AUS teams will be working towards building a single directory service. ?We have SCT Banner -- which is the financial, human resource and student information administration system and we are preparing to roll out the SCT Luminis product for the student portal delivery. The idea is to build a single directory service based on and utilizing these tools which will then give us a single point from where we could administer both VPN and two-factor authentication,? says Sheth.

Centralized monitoring of its network, monitoring control systems and facilities is a key function of the AUS IT team. ?In terms of IT resources, we have a 30+ member team of which five are dedicated to networking.

Technology or point solutions are never the ultimate solution unless backed by strong partner support. AUS elected to move away from a multi-vendor network and opted for a single end-to-end vendor solution. ?Selecting CISCO for the complete network infrastructure was a decision based upon the very best solution available in the marketplace. For AUS, it was about a strategy that offered it full scalability and solutions that could meet its strategic needs for both infrastructure and security,? says Sheth.

?With CISCO we have network infrastructure and an integrated security offering. We also confirmed that, in terms of the future technology roadmap of the vendor, the CISCO strategy compliments AUS ?s future initiatives,? adds DeBin.

?This was one of the big reasons why Cisco believed it could play a key role. As a company our technology and infrastructure solutions are clearly embedding security right into our strategy and products, which benefits institutions like AUS that keen to get both the infrastructure and security right the first time,? says Cisco?s systems engineer Tarek Houbballah.

?Specifically in terms of security, the Cisco infrastructure allows us a single frame of control and we are looking at layering components on top of it as part of our move towards a layered perimeter security strategy,? says Sheth.

Cisco?s acquisition of Protego Networks is also of interest to AUS. ?We were using some network threat monitoring tools from Cisco, but we found that we were having difficulties linking other applications and non-Cisco components into it. With Protego?s capabilities in this segment, we expect to be able to use a single tool that can log a variety of events across applications,? he says.

?Our partnership with CISCO will continue to scale over the next few months. There will be pilot technology deployments such as the planned VOIP deployment in the new AUS library, the use of chassis-based switches for scalability, the 10G switch deployment and finally consideration of moving to a unified messaging platform providing fax, email and voice-mail functions through a single interface,? he adds.