From On-Campus to On-Demand: Secure Networking for the New Higher Education - Photo by Windows on UnsplashEven before the COVID-19 pandemic, connectivity played an important role in university life. In recent years, it has become the norm for students to attend lectures virtually. A wealth of online learning resources is available, both within university networks and on the internet. Meanwhile, online retail, banking, health services, gaming, media, and more are mainstays of student life.

Now, a global pandemic has radically accelerated this trend. As a result, universities everywhere have been forced to create and expand online remote access for their students, many from scratch. More than just a convenience, connectivity has become a lifeline for students and universities alike. For university IT departments, this means making a fundamental shift from on-campus networking to supporting a distributed network across the globe.

Empowering the New University

The pandemic has been a wake-up call for IT departments in universities. It shows that improvisation and a patchwork of legacy infrastructure and security will no longer suffice. Instead, higher education institutions need a well-thought-out plan for moving to a more resilient, on-demand model. With current on-campus traffic relatively light at many universities, the best time to upgrade is now.

Continued Needs of the On-campus Model

Universities need to leverage their existing on-campus networks to support growing devices and traffic for their on-campus learning population. Even if the on-campus population is not growing, the number of devices and connections continues to rise. Rather than purchasing costly new IPv4 addresses on the market, a carrier-grade network (CGN) solution makes it possible to extend their current pool through carrier-grade NAT (CGNAT). It will enable large-scale address and port translation to extend the life of an IPv4 network infrastructure.

Meanwhile, it is important to have a plan in place for IPv6 migration. Specialised resources such as student ERP, registration, billing, online classes, and collaboration will increasingly be accessed on devices running IPv6. Meanwhile, network infrastructures may still be running IPv4 for the foreseeable future. Since IPv6 is not backwardly compatible with IPv4, universities will have to accommodate the coexistence of IPv4 and IPv6 networks to ensure business continuity and prepare for future growth.

Ensuring High Availability

Higher education faces one of the most challenging environments in IT. From proliferating unmanaged devices to spiky traffic patterns driven by class schedules to highly latency-sensitive applications such as online classes, research, video, music, and gaming, the demands on university IT echo those of a commercial service provider rather than an enterprise. IT must have a fully developed strategy to ensure high availability, disaster recovery, multi-cloud security, and load balancing to meet these requirements.

Secure On-demand Education

As the university environment expands beyond campus, institutions need a security model that recognises that a threat can come from anywhere. The Zero Trust model responds to these challenges. It uses the approach of “trust nobody”—inside or outside the network. Cybersecurity strategies are redesigned accordingly, along the following key principles:

  • Create network micro-segments and micro-perimeters to restrict east-west traffic flow and limit excessive user privileges and access as much as possible.
  • Strengthen incident detection and response using comprehensive analytics and automation.
  • Provide comprehensive and centralised visibility into users, devices, data, the network, and workflows.

With learning platforms and resources accessible via the web, it is essential to protect them against HTTP and web application-based security flaws. Web application firewall (WAF) systems use specific knowledge of HTTP and web-application vulnerabilities to filter or block these attacks without ever exposing the web servers or applications. In addition, it helps protect the environment against attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).

Automated DDoS protection is critical to protect against widespread and easily launched DDoS attacks. Universities should leverage DDoS threat intelligence, combined with real-time threat detection, to defend against DDoS attacks no matter where they originate. Methods such as automated signature extraction and black-listing botnets’ IP addresses and available vulnerable servers can help organizations proactively defend themselves even before the attacks starts.

Integrated Security Approach

Over the years, most organisations have collected a number of security point solutions. These address specific threats and are typically from many different vendors. These legacy systems are often added incrementally as new threats were identified or a new approach provided. They increase the complexity of operations, add latency into applications and reduce security efficacy. An integrated approach that consolidates security functions as much as possible will allow these functions to work together seamlessly, enabling compliance and unified security.

The COVID-19 pandemic has accelerated the shift to remote and on-demand learning. However, the transformation of higher education had already been well underway. Trends in finances and enrolment were already driving universities to expand the opportunities and options available to students not only on campus but around the world. The evolution in business models is now clear. What remains is to ensure that the university’s technology infrastructure can support the new direction. The network is front-and-centre in this effort.

By upgrading their capability to support growing numbers of connections and rising traffic, ensure cybersecurity and compliance, and maintain availability wherever and however students connect, universities can provide a solid foundation for success for their institutions and students alike.

A10 LogoA10 Networks (NYSE: ATEN) provides Reliable Security Always™, with a range of high-performance application networking solutions that help organisations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide.


Please enter your comment!
Please enter your name here