Security

How AI-Enabled Zero-Trust Networking Strengthens Higher Ed Security

Colleges and universities are rethinking network security holistically with artificial intelligence-enabled segmentation at the forefront.

Adam Stone

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies.

Connectivity is fundamental in higher education. Learning, research and campus operations are all tied to the internet, and it needs to be readily accessible. That makes security a major concern.

“Colleges and universities are essentially mini cities, and a secure network is essential to success in that environment,” says Jon Young, director of strategy and innovation for higher education at Extreme Networks.

While implementing zero trust in higher education is riddled with real challenges, a modernized, AI-enabled approach to network architecture can help ensure students, faculty and staff have access to the secure connections they need, without sacrificing the openness of campus culture.

Click the banner below to learn how CDW can guide university tech leaders on their zero-trust journey.

x-2024-zerotrust-guidance-animated-desktop

x-2024-zerotrust-guidance-animated-mobile

The Zero-Trust Challenge

A widely accepted security framework, zero trust is essential in modern security, but the verbiage can off-putting in higher ed. “You cannot tell faculty you don’t trust them,” Young says. “You have to figure out how to have this conversation in a way that’s positive, forward-looking, achievable.”

There are technical challenges as well. IT needs to secure connectivity across classrooms and dorms, cafeterias and research spaces. At the same time, “there’s the expectation of openness and of intellectual freedom for people,” he says.

On top of this, “IT may be short-staffed, and that leads to substantial challenges” as departments look to implement rigorous security with sometimes minimal resources, Young says.

A Way Forward: Identity-Aware, Dynamic Segmentation

Colleges and universities can advance their zero-trust efforts by leveraging identity-aware, dynamic segmentation solutions augmented by artificial intelligence.

Segmentation supports zero trust by isolating systems, controlling communication between them, continuously verifying access, and limiting connectivity to only what’s necessary for each user or device. AI is poised to potentially play a key role by adding an observability layer, especially in support of the monitoring needed to ensure robust security across the network and operating at scale.

In a zero-trust environment, IT teams need clear visibility into what’s supposed to connect to what — and why — and if it’s operating as expected. AI can help tech teams build and implement rules and processes. “It helps you to know what’s happening with a lot more confidence. You can connect the dots in ways that might not have been connectable before,” Young says.

LEARN MORE: See what zero trust means in higher ed.

In addition to automating segmentation tasks, AI can also help the security team to take action when things appear to be going awry. Maybe it’s just an irregular task — or maybe something bad is happening on the network. By parsing the data at faster-than-human speeds, “AI can help jump-start our ability to be more successful there,” Young says.

In addition, AI-enabled segmentation supports the overall performance of the network. “The telemetry provided by the network can feed to AI,” enabling network and security teams to automate network management tasks, he says.

When an element of the network isn’t working properly, the tech team can pull all the network data. Rather than analyze it manually, “the AI can bring those data sets together and say, ‘There are three things happening that are creating that challenge.’ Then, they can deal with that proactively,” he says.

How Extreme Networks Helps

Extreme Fabric delivers a simple, automated, secure and resilient network fabric as a foundational solution in support of zero trust. As a standards-based solution, it offers the ability to create not just five or 10 segments across the university network, but an unlimited number, and setup only takes minutes.

“There is no longer a technological limitation to the practicality of microsegmentation,” Young says. “Every research lab can have its own network. Every classroom technology system can be separated. All the facility systems can be separated.”

The solution also makes it possible to leverage AI-enabled network management. “Say I want to configure a new segment to separate out a research technology that’s going to be deployed by three different labs and 50 different researchers,” Young says. “AI can help to automate group assignment in my identity systems or to implement firewall rules for specific devices and it can receive monitoring & observability telemetry to validate that things operating as they should.”

WATCH: CIOs share their incident response readiness playbook at EDUCAUSE.

How Universities Are Moving Ahead

For colleges and universities looking to implement modernized, AI-enabled network segmentation, it’s important to take a big-picture approach.

“Universities can get stuck when they view all the various parts of the network — the identity systems, the IP address management systems, the analytic systems — as discrete, separate things,” Young says. Modernization happens best when it’s delivered in support of a broader vision.

Look ahead three to five years. “Where do you want to go across all those systems? How does that support the university mission?” he says. “Think about where you want to go and why you want to go there. Then, you can start to build the foundations for success.”

Brought to you by: