The Art of Protection

After several years of cobbling together a client security approach using network switches, Jones' team last year decided to install two SonicWALL NSA 4500 unified threat management firewalls, which connect the two campuses via a virtual private network tunnel. Plus, says Jones, the appliances give IT staff access to advanced security features, such as tracking, monitoring, scheduling, packet filtering and automatic shutdown.

“We needed a more formal, fully featured approach” to client security, Jones says. “With the SonicWALL appliances, we can easily monitor client connections and outgoing and incoming information, blocking intrusions, viruses and threats long before they have a chance to enter our internal network.”

By creating security layers, the IT team can increase the protection it affords students accessing the college's data infrastructure, while also insulating data from tampering, Jones adds.

Campus computers at both locations also run McAfee antivirus software and Faronics Deep Freeze, which restore computers to their original starting point after each user session.

Protecting clients via both software and network-based tools is smart, says Eric Ogren, founder and principal analyst of the Ogren Group. "Higher education is about the only vertical where network access control has some traction, to make sure student computers have active client security before [they are allowed to connect] to the network."

Soft Sell

The University of Arizona could be viewed as the Art Center Design College's polar opposite in terms of student enrollment (nearly 40,000 versus 600, respectively), but the two share many of the same client security issues. UA's IT department maintains a segregated network for students' personal devices, but staff also must manage university-owned PCs and systems used by administrators, researchers, staff and students.

A recent campuswide IT risk assessment found that although most computers were running the university-mandated suite of Sophos client security tools – which includes antivirus, spyware and firewall protection – some lacked disk encryption capabilities.

“We have a lot of data that has to remain secure, and we need to find additional ways to protect it,” says Cathy Bates, the university's information security officer. “We think the best way to do that is through encryption.”

Bates' team is planning to upgrade to Sophos' latest Endpoint Security and Data Protection suite, which offers device control, network access control, encryption and real-time access to the SophosLabs database of compromised sites to avoid, as well as antivirus and malware protection. The university hasn't yet decided which elements of the suite they'll use, however.

The IT staff also are researching standalone full and partial disk encryption tools.

Regardless of the path UA chooses, Bates believes products are just one component of the overall client security equation. Old-fashioned education is equally important, she says.

“We have more than 250 independent security liaisons who work with academic and administrative units to get the word out about security,” Bates says. “That includes monthly security newsletters and coordinated risk assessments, as well as other methods of campuswide security education.”