College and university CIOs are faced with the daunting task of continually expanding their institutions bandwidth and accessibility while at same time ensuring data security. Limiting the amount of IT partners they deal with is one solid strategy that can help higher education institutions better manage this process.
“Moving to a select set of partners and consolidating the IT portfolio has provided us the capability to support our 24/7 operation much more effectively than we would have in the past,” said Jeffrey Neyland, CIO of the University of Texas at Arlington (UTA). “We had been working on cloud implementations for four years. COVID accelerated it, but we were already operational.”
Neyland made these comments during his presentation, “Security: Protecting University and Student Data from the Network to the Endpoint,” at Fierce Education’s recent virtual event, Higher Education: Technology Profiles in Success, Neyland addressed three strategic aspects of the UTA network: data protection, moving to the cloud, and the perils of email. The session is available on demand and can viewed here.
The UTA mission is to provide access for its students to a high-quality education. UTA is ranked #1 among Texas universities for first generation and low-income students. More than 30 percent of students receive Pell grants. The diverse student body numbers 41,000-42,000 students each semester. Prior to the pandemic, UTA had 18,000 online students, then they quickly moved 41,000 additional students online when the university closed down.
Neyland emphasized consolidating their IT portfolio, limiting their partners, and moving most operations to the cloud as the factors that allowed them to have the infrastructure to support faculty and students 24/7 without reducing their capabilities or services. Wireless university devices totaled 27,000 this semester along with 10,000 wired devices split between decentralized and centralized support. The university extends over 70 buildings and has more than 300 classrooms and 300 conference rooms. It is a complex environment. As they have decreased the number and increased the value of partner relationships, the IT team has decreased costs. Now all but one critical service is based in the cloud.
“All of this helped us move quickly to the issues caused by COVID,” said Neyland. Everyone just took their machines home and started using them from there. COVID accelerated the adoption of services that were already available.” Neyland said that you have to develop a risk-based approach as you can’t work on everything at once. You have to work with partners and focus on projects that are critical to the organization.
In managing the network to endpoint, Neyland noted the security path includes:
- Network access control
- Identity management
- Multifactor authentication
- Encryption/antivirus/antimalware
- Data loss prevention
- Intrusion/detection (east/west)
- Firewall/advanced threat protection
- Cloud/firewall/ATP
UTA network traffic consists of approximately one million emails each day along with an average of 40 attacks. The highest percentage of attacks are phishing attacks, and so the UTA IT team has done a lot of training for both faculty and students on the perils of email. Neyland’s recommendations for maintaining the security of your network include:
- Educate and communicate
- Strong security policies and operating procedures
- Simplify the application portfolio with cloud-first strategy
- Establish a risk tolerance baseline for security
- External audits for network vulnerability and security controls
- Perform basic testing – penetration testing, phishing simulations, cross department tabletop – keep an eye on ransomware -
- Develop and test a security incident management response process
- Establish standard security portfolio, products and services
- Watch the marketplace to ensure your partners are staying up to date.
Over the last five years as they’ve consolidated their portfolio, UTA has been able to take at least two to three percent of their budget and reinvest it in newer cloud-based products, so Neyland believes their investment has paid off, and it allows his team to provide white glove service to their campus.
For more articles from Fierce Education’s virtual summit, see:
Collaboration Critical to Technology Transformation in Higher Education