Schools are for learning, and the information technology and security professionals who support networks and applications in the nation's K-12 and university systems are discovering new tactics in what can be challenging IT environments. Here we talk to four professionals in the education realm to get a sense for their top IT issues and what they do to handle them.
Do vulnerability-assessment on software before you buy it
That's the philosophy adopted at West Virginia University (WVU), which increasingly is asking software vendors to agree to submit their products to a vulnerability-assessment examination before it's purchased. "It's part of the contract process," says Alex Jalso, assistant director of information security at WVU, which uses the IBM AppScan Enterprise software vulnerability-assessment tool to analyze and remediate code vulnerabilities and weaknesses.
Jalso says the analysis process lets the school look deeper into code, which is the intellectual property of the vendor, and for its part the school agrees to work under non-disclosure about any issues that arise. The university hasn't yet gotten all its software vendors on board, but it's headed in that direction. And AppScan is also used by the university to analyze any security weaknesses in the in-house developed Web applications before they go into production. Why is this important? Jalso says it's about being pro-active in identifying software weaknesses that might otherwise become a route for attack by hackers and malware.
There are a lot of legal issues to consider, too, such as not violating data-protection guidelines related to HIPAA, FERPA and PCI rules. The basic idea is it's not too much to ask for someone to prove their software can pass a vulnerability test — if fact, pass it not once, but again and again as the code base changes, Jalso says.
Change vendors -- not your expectations
Ross Elliott is manager of network operations at Brick Township Public Schools in New Jersey, a district with 12 schools and 10,000 students. The IT department for the school district provides wired and wireless access for students and faculty. But earlier this year, the more open portion of the wireless network showed signs of strain with so many students using it for Internet access. As a side effect, the Astaro firewall and the Comcast service "were not playing together well," says Elliott, who thinks the firewall's proxy-based setup was likely a factor but "we were upset at the support we were receiving."
Network availability was getting shakier and it was on his birthday in June, when the wireless network was limping along at its dismal worst and "in the IT department, we were getting bombarded with phone calls." The school system was able to sort out the network issues over the summer, upgrading speed and switching to a SonicWall firewall. Elliott says more changes may be needed to the nature of network access at the school to meet the demands of mobile devices.