By: Amr Alashaal, Regional Vice President – Middle East at A10 Networks
Even before the COVID-19 pandemic, connectivity played an important role in university life. In recent years, it has become a routine practice for students to attend lectures virtually. A wealth of online learning resources is available both within university networks and on the internet. Meanwhile, online retail, banking, health services, gaming, media, and more are mainstays of student life.
Now a global pandemic has radically accelerated this trend. Universities everywhere have been forced to create and expand online remote access for their students, including many of which had not yet begun the evolution. More than just a convenience, connectivity has become a lifeline for students—and network admins to meet their needs. For university IT, this means making a fundamental shift from on-campus networking to supporting a distributed network across the globe.
Empowering the New University
The pandemic has been a wakeup call for university IT: Improvisation and patchwork of legacy infrastructure and security will no longer suffice. Institutions of higher education need a well-thought-out plan for moving to a more resilient, on-demand model. With current on campus traffic relatively light at many universities, the best time to upgrade is now.
Continued Needs of the On-campus Model
For their on-campus learning population, universities need to leverage their existing on-campus networks to support growing devices and traffic. Even if the on-campus population is not growing, the number of devices and connections continues to rise. Rather than purchasing costly new IPv4 addresses on the market, a carrier-grade network (CGN) solution makes it possible to extend their current pool through carrier-grade NAT (CGNAT), which uses address and port translation in large scale to extend the life of an IPv4 network infrastructure.
Meanwhile, it’s important to have a plan in place for IPv6 migration. Specialized resources such as student ERP, registration, billing, online classes, and collaboration will be accessed on devices that will increasingly run IPv6, while network infrastructures may still be running IPv4 for the foreseeable future. Since IPv6 is not backward compatible with IPv4, universities will have to accommodate the coexistence of IPv4 and IPv6 networks to ensure business continuity and prepare for future growth.
Ensuring High Availability
Higher education faces one of the most challenging environments in IT. From proliferating unmanaged devices, to spiky traffic patterns driven by class schedules, to highly latency-sensitive applications such as online classes, research, video, music, and gaming, university IT faces requirements more similar to a commercial service provider than an enterprise. In meeting these demands, IT must have a fully developed strategy to ensure high availability, disaster recovery, multi-cloud security, and load balancing.
Secure On-demand Education
As the university environment expands beyond campus, institutions need a security model based on the recognition that a threat can come from anywhere. The Zero Trust model responds to these challenges by adopting the approach of “trust nobody”—inside or outside the network. Cybersecurity strategies are redesigned accordingly along the following key principles:
- Create network micro-segments and micro-perimeters to restrict east-west traffic flow and limit excessive user privileges and access as much as possible.
- Strengthen incident detection and response using comprehensive analytics and automation.
- Provide comprehensive and centralized visibility into users, devices, data, the network, and workflows.
With learning platforms and resources accessible via the web, it’s essential to protect them against HTTP and web application-based security flaws. Web application firewall (WAF) systems use specific knowledge of HTTP and web-application vulnerabilities to filter or block these attacks without ever exposing the web servers or applications. This helps protect the environment against attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Automated DDoS protection is critical to protect against widespread and easily launched DDoS attacks. Universities should leverage DDoS threat intelligence, combined with real-time threat detection, to defend against DDoS attacks no matter where they originate. Methods such as automated signature extraction and blacklists of the IP addresses of DDoS botnets and available vulnerable servers can help organizations proactively defend themselves even before the attacks starts.
Integrated Security Approach
Over the years, most organizations have collected a number of security point solutions, addressing specific threats and typically from many different vendors, added incrementally as new threats were identified or a new approach provided. These legacy systems increase the complexity of operations, add latency into applications and reduce security efficacy. An integrated approach that consolidates security functions as much as possible will allow these functions to work together seamlessly, enabling compliance and unified security.
In conclusion, while the shift to remote and on-demand learning has been accelerated by the COVID-19 pandemic, the transformation of higher education had already been well underway. Driven by trends in finances and enrollment, universities have needed to expand the opportunities and options available to students not only on campus, but around the world as well. The evolution in business models is now clear; what remains is to ensure that the university’s technology infrastructure can support the new direction. The network is front-and-center in this effort. By upgrading their capability to support growing numbers of connections and rising traffic, ensure cybersecurity and compliance, and maintain availability wherever and however students connect, universities can provide a solid foundation for success for their institutions and students alike.