Into the Clouds

By Monique Lucey

Cloud computing is certainly becoming the buzzword du jour, but how exactly does it apply to what you’re trying to accomplish in higher education IT?

At its most basic, cloud computing is a way for organizations to replace on-site applications and related data center infrastructure with services available via the Internet. In doing this, you can avoid the massive capital expenditures of hardware, software and storage, as well as data center facilities costs such as power, heating and cooling. Most cloud computing models feature a predictable service fee structure based on number of users or actual usage.

With cloud computing, IT teams can quickly meet user demands. For instance, if researchers need server and storage capacity for a short-term project, IT can provision the resources through a cloud computing provider and then end the contract when the researchers have concluded their project. This is a highly cost-effective way to support the short-term, resource-intensive projects that pop up at a university. By moving your gear off-site, you can also broaden the services you offer your users without expanding the footprint of your data center.

Cloud computing is a general term that applies to several different options: software as a service, infrastructure as a service, platform as a service, and computing as a service. Each peels away the layers of the data center and places it in the hands of the provider. For instance, infrastructure as a service enables you to offload storage, servers and other infrastructure. Computing as a service gives you access to compute power through massive server (and virtual server) farms. Platform as a service enables customers to build their own applications using a platform’s underpinnings, including the operating system, databases and interfaces. (For more detail, check out “Cloud Computing’s Top Issues for Higher Education” in the June issue of University Business.)

Software as a service is the most recognizable cloud computing format in use today. IT can use it to provide applications to your users via the Internet, without having to maintain the hardware and deal with software updates and patches.

In his University Business article, author John Nicholson sums up the benefits of cloud computing for higher education: “For academia, cloud computing lets students, faculty, staff, administrators, and other campus users access file storage, e-mail, databases, and other university applications anywhere on-demand. This expanded, device-neutral access theoretically lets everyone use information more effectively,” he writes.

However, as you’ll find, there are some obstacles that higher education faces with cloud computing regarding privacy protection, federal mandates and virtualization. For instance, providers depend on virtualization to get the most out their physical server investment, putting multiple virtual machines (which in most cases means multiple customers’ data) on a single host. They also use features such as VMware’s VMotion to help with load balancing, which might result in your data being automatically moved between numerous data centers in various states or even countries. While this helps them to keep costs down, this architecture presents issues if you have to prove to auditors that you can pinpoint the physical location of your data at any given time.

We’ll dig into this problem and others that cloud computing presents in the next blog on January 5^th.

Risky Business

By Monique Lucey

It’s hard to believe there was a time in higher education IT where you would try for a secure network but it was okay for users to trump those attempts in favor of being unencumbered. Now, as the list of compliance mandates coming at you from all angles grows and higher education security is considered critical from a business and academic standpoint, suddenly the pressure is on to deploy unparalleled network security.

Most importantly, you are on the hook to provide proof in audits that you’ve taken significant measures to protect the privacy of sensitive student, employee and even research subject information.

Here’s just a sampling of the regulations to which most colleges and universities have to adhere:

• The Health Insurance Portability and Accounting Act (HIPAA) of 1996
• The Payment Card Industry’s Data Security Standard (PCI DSS)
• The Family Education Rights and Privacy Act (FERPA)
• Multiple rulings under the U.S. Food and Drug Administration

Each of these, in addition to the dozens of individual state privacy laws, dictate how institutions must safeguard data in motion and at rest through a solid security infrastructure, access control and enforceable policies. And in most cases, their guidelines must be provable in periodic and/or sometimes random audits.

The problem that most higher education institutions face in meeting these demands is that information needed to create reports and comply with audit demands lies in systems sprinkled around the enterprise. There is often no unified strategy for addressing what, in many cases, are common requirements, such as encryption for data at rest, the use of firewalls, and user authentication.

Instead, the financial aid and admissions office is left to tackle the PCI DSS and FERPA because they deal with electronic payments and student records. The on-campus clinic has a small group looking at HIPAA compliance for student medical data. And then the labs, which interact with the FDA regarding research, try to ensure their own proper handling of electronic records.

You’ll find that it would be much easier and efficient to gather a cross-functional team of administrators, researchers, clinicians and others that are close to these mandates and map out the crossover in requirements. From there you can develop campus-wide policies that satisfy the requirements. And finally, with this comprehensive, collaborative view, you can deploy technology across the entire network to automate the monitoring, auditing and reporting necessary to manage and enforce these policies and stay in compliance.

Suddenly, what once seemed like an impossible task – securing the network – is achievable and you can once again set your talents to allowing your users the freedom and flexibility to thrive.

How does your institution address compliance: in a one-off fashion where each group tackles what they perceive as their own mandates or as a unified whole? If each group is doing compliance separately, what do you think of that approach? Has it been successful?  Let us know.

Is higher education network security making the grade? How does your institution score?

By Monique Lucey

Welcome to the H3C On-Demand Higher Education blog. I’m Monique Lucey, the higher education solutions marketing manager for the H3C product line.  I’m responsible for understanding the technology trends and issues in higher education and ensuring that our solutions deliver performance and value to meet the specific needs of academic institutions around the globe.

We’re launching this blog to create a dialogue about the business and technology challenges you’re confronting as you support collaboration among your users via secure on-demand access.  Our goal:  To help you enable your institution to deliver best-in-class services to achieve enhanced collaboration and academic excellence.

In the coming months, my colleagues and I will offer a look at the industry from our point of view which encompasses the latest research, analyst and industry expert views on topics such as cloud versus data centers, implications of web 2.0 on security and the growing demand for Network Access Control to name a few. We hope to get your feedback to round out the discussions.

So let me kick off this premier edition with the top concern among academic institutions – security and student privacy.  As the headline of this entry suggests, higher education network security is at risk.

This Network World article looks at some alarming survey results which make it clear that higher education institutions perceive the threat of viruses and malware as the greatest network security threat.  58% of respondents claim the most common way they fight these shortcomings is through education of students and staff. But is education alone enough?

I’m wondering if you’re seeing increased pressure in your institution to shore up your network against the latest security threats.  If so, what are you doing to meet this demand?

Over the next few weeks, we’ll continue to probe into this topic, share your insight and best practices. We hope you continue to visit us to join in on the discussion and stay tuned for more on the topic of security as it relates to FERPA (Family Educational Rights and Privacy Act) and other compliance challenges in higher education.