Security

How Universities Can Mitigate IoT Risk on Campus

Increasing numbers of IoT devices on campus means IT teams will need to be on guard for endpoint vulnerabilities.

Eli is Associate Editor for EdTech Magazine Higher Education. When not in the office, Eli is busy scanning the web for the latest podcasts or stepping into the boxing ring for a few rounds.

Universities are experiencing an exponential growth of Internet of Things devices, which means university IT teams will need to increase their security measures to ensure their campuses are protected.

In 2017, hackers broke into an unnamed university’s network by attacking more than 5,000 IoT connected devices on campus, according to Verizon’s “2017 Data Breach Digest” report.

While the technology behind IoT devices has improved over the past year, hackers have also become more sophisticated, which means universities cannot ignore the possibility of a threat.

“In two short years, there could be nearly 30 billion autonomous Internet of Things devices on our networks,” says Perry Alexander, director of the Information and Telecommunication Technology Center at the University of Kansas. “Unlike computers and smartphones, these sensors, appliances, controllers and other devices talk to each other without requiring human interaction.”

Secure IoT Devices on Campus Through Action with Intent

Among the various strategies to protect connected devices on campus, one factor stands out clearly: intent.

“It is not just about enterprise security around data risk or data leaking or hacking. It is really about how we use the data coming from IoT to make decisions properly,” says Anthony Salcito, vice president of education for Microsoft. “A lot of collections and centers are not being integrated and aggregated to experiences about keeping kids safe, to make the campus life more valuable and efficient. I think those are the things we have got to push on.”

At Montana State University, IT administrators implemented intent-based networking to help understand how the campus network is used.

Having a deep understanding of students’ intentions on the network helps the campus security team by making them more aware of an access request that seems out of place.

“We basically get a fingerprint of the student experience, and we can scale that in software to make the network personal for our users regardless of where they are on campus,” says Jerry Sheehan, CIO of MSU. “That also makes things more secure, because we understand the intention of what the student is attempting to do, and we can make sure that the network allows that to happen.”

Another way to ensure a more secure IoT network is for campus IT teams to be the ones to install them across campus. This gives them the power to strategize about where IoT devices should live around campus for maximum security and efficiency.

At Virginia Commonwealth University, CIO Alex Henson and his team deployed IoT devices across the campus, and they work with the CISO and campus police to ensure campus and IoT security.

In addition to choosing where the devices go, Henson and his team segment their network to ensure minimal damage if a breach were to occur.