I read an interesting article in The Atlantic this weekend, "Can Campus Networks ever be secure?" The writer, Josephine Wolff, highlights the challenges that most organizations face with the openness of their networks (in this case, a large modern university). Fostering open collaboration and convenience while also securing the network and everyone's private information is a large concern today.
Using references to the security issues and responsibilities of the modern university campus, and protecting IP and secure private information, Josephine Wolff put together a good story. While a compelling narrative, the article brought together somewhat haphazard facts into a common storyline. I will say, the way foreign students were discussed does smack of xenophobia at best.
The fact that education and in particular university campuses are big users of both Aruba Networks wireless infrastructure and our security tools, suggests that we may have some real experience to share. I wish Ms. Wolff had gotten in touch with us – I would have been happy to show her a demo of the how Aruba BYOD solutions lower costs, increase security and improve accountability in the student body, all while protecting the university, its assets and IP from attack and theft.
Actually – our customers – none of whom were featured in this article, have more to say. We have some of the largest higher educations customers in the world – Ivy League, PAC 12, Big Ten, community colleges and entire K-12 districts. They face these same issues, and openly share the best methods that balance BYOD and collaboration while maintaining a positive security posture.
Credit to Ms. Wolff – she did mention segmentation – which is important. But for Aruba Networks ClearPass customers, segmentation starts and ends at the device endpoint. It's really that simple. Every connected device is an island, it has a UniqueID. That UniqueID is formed from the credentials used and the device type, see formula below. This way ClearPass can leverage different rules for a BYOD smartphone instead of a tablet, or a university issued Chromebook.
The UniqueID attribute above will work across your wired or wireless environment, regardless of your access point, controller or switch provider (unlike other NAC providers we work with all Wi-Fi and wired vendors, not just our own and immediate family).
And the UniqueID is subject to policy enforcement regardless of where that user goes to define what resources they access and use. Think of it as a firewall attribute that follows the device around – not to protect it – but to protect the enterprise from it. Again if it sounds simple – well, it is – the whole thing is automated.
If you're reading this and want to learn more how both our enterprise and education customers achieve a secure but collaborative environment get in touch.
