The Importance of Network Security & Planning in Educational Institutions

Whether it’s for a college, university or K-12 institution, networking and IT teams engaged in the management and monitoring of campus networks are facing some big challenges today:

• Maintaining very large, complex local wireless and fixed WAN networks that include access to research networks that span broad geographies
• Identifying and stopping security threats such as DDoS attacks and malware intrusion
• Enforcing copyright laws and restricting content
• Supporting a disparate collection of network and user devices
• Supporting high numbers of remote and transient users engaged in research activities creating a higher security risk
• Dealing with unpredictable student users who may have an inclination to maliciously misuse or breach network security
• Monitoring high volumes of large file sharing and file downloading that can impact overall network performance
• Maintaining information privacy

These challenges not only impose a responsibility on school network operations staff to keep networks running smoothly but provide some watchdog duties as well to avoid misuse of network resources. At the same time, professors and teachers are looking to leverage the latest in network-based collaboration and learning tools that incorporate streaming HD audio and video for virtual classroom environments. New applications and methods of communication are constantly added to the mix that can affect network performance without any warning.

What is Needed? Two needs have risen to the top of the list for educational institutions wanting to maintain control of their network. The first is eliminating internal network misuse. The second is preventing security threats originating from outside their networks. Both of these can bring a network to a halt, or worse yet result in data getting compromised. And unlike enterprises, educational institutions (in particular, universities with students living on campus) are particularly vulnerable to cyber attacks, caused by possible gaming retaliation initiated by outside “poor losers” or to the inherent “openness” of an educational network. After all, the latter is what facilitates the free exchange of ideas, making it easier for researchers to engage in worldwide collaboration in pursuit of common research goals. It’s apparent that the need for network security and planning is crucial to educational institutions, but they may not have as large of a budget as enterprises do to efficiently monitor their networks. When budgets are a concern, it’s crucial to find a network monitoring solution that can still scale to monitor the largest, most complex networks without breaking the budget.

Key capabilities of a cost-effective network monitoring solution should include:

• Leveraging a SaaS solution to save on maintenance and management costs
• Improving the speed and accuracy of anomaly detection and alerting
• Enabling cross-departmental traffic visibility
• Providing DDoS detection and mitigation
• Supporting ISP traffic analysis to ensure quality of service
• Troubleshooting and investigating network abuse complaints

A solution that meets these requirements can provide the following benefits:

• Eliminated CapEx because no dedicated network monitoring devices are required.
• Reduced OpEx by not needing dedicated staff to configure and maintain dedicated monitoring devices; and by reducing traffic on ISP links that billed based on usage.
• Customized reporting to campus network topology by reporting on dorm/building/department etc. or other campus-specific user populations as identified by their IP address, VLAN, or MAC address.
• Ensured service levels. Higher education institutions in particular experience dramatic traffic spikes due to the usage patterns of large residential student populations. Properly managing network investments involves optimizing traffic delivery across existing links before determining if upgrades are required.
• Improved network security. Defend more successfully against DDoS attacks, and find and shut down network or other IT abuses.
• Identification of excessive network usage by users, devices, and OTT services.

A big data, SaaS approach is ideal for unifying network data at scale and providing the compute power to achieve these benefits. If you’re interested in learning more about how Kentik’s big data approach enhances network security and planning, check out Kentik for DDoS Protection and Defense solution brief. If you already know that you want to implement a much more cost-effective network security and planning solution for your institutional network, start a free trial.