A Utah university found a solution to enable secure access to the campus network – while cutting down on help desk calls, reports Greg Masters.
Institutions of higher learning present a daunting challenge for the IT security pros charged with running network operations. Not only students and faculty, but visitors as well need to access a university's wireless network using their personal devices.
The challenge for a college in Utah was how to give 30,000 students, 5,000 faculty and various guests easy access to network resources for which they are authorized – without jeopardizing security or overwhelming the IT staff.
Utah Valley University (UVU), located in Orem, Utah, is the second largest institution of higher learning in the state. The campus is home to seven colleges and many other programs and institutions. With the explosive growth of personal devices, the Home of the Wolverines sought a flexible, fully automated solution that would address bring-your-own-device (BYOD) issues.
For several years the IT staff relied on a legacy network access control (NAC) solution that was not designed for a BYOD environment, says Duke Heaton (left), network engineer II, network infrastructure team at UVU. This legacy system required an agent to check devices for security compliance, he says, and students disliked it because it was slow and intrusive. As a result many stopped bringing their laptops to class.
Additionally, as more and more students attempted to access the network with their mobile devices there was a significant increase in the number of calls to the help desk because of associated network access and security problems. In fact, more than 50 percent of all calls to the IT help desk were related to problems logging onto the wireless network on campus, and the majority of those calls were about the NAC agent.
BYOD has become an integral part of the higher education experience, says Heaton. “Students and faculty members expect to be able to use their personal devices on campus to access their university's wireless network, not just for convenience, but increasingly to take advantage of new learning opportunities made possible with mobile technology.”
Colleges and universities need to make it easy for them to do it, he says, even when thousands of students and other users are demanding access. Additionally, different kinds of visitors – from contractors to high school students – also need access to university resources using their personal devices, he says.
Heaton, along with Ray Walker, associate vice president and CIO at UVU, began a search for a solution. They examined nine or 10 NAC vendors. Their key priorities included being able to quickly and safely allow student-owned devices onto the campus network while providing 100 percent visibility into all mobile devices connecting to the network. It was also necessary to enable a fast, automated, self-service registration process for thousands of student-owned devices, automatically provisioning the appropriate level of network access for faculty, students and guests, and confirming devices were fully protected before gaining access to the network. It was also imperative that the choice be available at a price the school could afford – and could justify to university management, Heaton says.
After detailed evaluations, they selected Network Sentry from Bradford Networks. “It has the capabilities we were looking for to address UVU's key BYOD challenges,” says Heaton.
The solution, Heaton says, combines visibility into every device and user accessing the network, with the ability to set flexible, granular policies for access control, according to device status and user role. Students registering for the first time, enter their login credentials. Then, Network Sentry scans their machine, checking for the latest operating system patches, service packs and anti-virus software.