Security blind spot resolved: university protects mobile assets and prevents loss of sensitive data on laptops.
Since its installation, the wireless program has been successful, Bruns says, creating a mobile atmosphere that is pervasive at the school, founded in 1964 and one of South Carolina's largest accredited private universities with about 3,200 students. More than 70 percent of residential students and 100 percent of faculty now carry Wi-Fi-enabled laptops and use the network, which spans all seven residence halls and every classroom, laboratory, administrative and support building on campus.
"Laptops are very attractive here because you can carry them anywhere and still have fast Internet service, whether you're in class, the dormitory or library," Bruns says.
Last year, however, the downside of this mobile atmosphere was revealed when thieves broke into a campus lab and stole several laptop computers. School security officials, worried that sensitive data resided on those computers, immediately called Bruns.
The theft "took me by surprise because this had never happened before. I had to hurry to the school and literally stand there helplessly while local police investigated the situation."
That call came at 1 a.m., and Bruns calls it his security wake-up call. Fortunately, he soon learned none of the missing laptops held sensitive personal or financial data, but the theft demonstrated there was a need for more security on these devices, especially as the university was planning to expand its wireless network, which would mean sensitive student and financial records would be on the laptop computers.
A MAJOR BLIND SPOT
"From that day forward, we no longer viewed our campus-wide mobile atmosphere with the same high level of confidence," he says. "We realized a Wi-Fi-based laptop environment made us very vulnerable beyond hardware replacement costs. Data on lost or stolen laptops is a major blind spot, because if the device is stolen, you lose all control over the information it contains.
"Despite the obvious risks, it appeared the campus community was willing to accept them in exchange for continued, open wireless access," he adds. "But as CIO, I was extremely uncomfortable with this tradeoff, because losing sensitive administrative data would be catastrophic. We're no longer talking about lab projects and class notes; rather, detailed financial, academic, employment, security, payroll and personal information that could hurt the school monetarily and expose it to legal redress if not properly protected."
With demand increasing for more and better laptops, CSU's IT group started investigating different products and technologies that could help prevent theft, as well as control and protect the sensitive data held on these devices.
The solution Bruns selected is the OmniAccess 3500 Nonstop Laptop Guardian (NLG) from Alcatel-Lucent. The NLG is a wireless access card combined with a "computer on a card" that is installed in a laptop's PCMCIA card slot. The card uses wireless broadband technology configured for data and comes complete with its own battery, memory, processor, operating system and software that links it to the laptop. This ensures the protected laptop is always available wirelessly to the IT staff, working off its own battery power, even if the laptop is switched off or the card removed from it. All laptops with PCMCIA slots are compatible with this card.
The system offered users a suite of data security capabilities, including VPN tunneling and data encryption on the hard drive. What attracted Bruns to the NLG, however, was what happens when a laptop computer is stolen. The always-on feature of the NLG means that if the computer is lost or stolen, the IT team can use the wireless network to communicate with the card. It also features a global positioning system (GPS) transponder to help recover the computer.
The technology also increases the value of encryption solutions by protecting encryption keys on the card. If stolen or misplaced, the IT staff can wirelessly contact the specific card for the laptop, revoke the encryption key and make all data stored on the encrypted drive unreadable. If a missing laptop is later found, or located using the GPS feature, the encryption key can be enabled again, restoring all data and returning the laptop to full functionality.
"This kind of solution lets you take immediate control of a deplorable situation and turn it around to thwart those who caused it. It is the ultimate answer to our laptop security concerns," Bruns explains, "and also fits perfectly with our major investment in campus-wide Wi-Fi communications."
Currently, CSU faculty and staff are using the technology. A program to offer it to students at special pricing is being explored. Student grant funding for NLG is also a possibility in the future.
The GPS tracking feature of the NLG has meant that CSU has been able to locate all laptops that have been reported missing or stolen, saving the costly replacement charges and time wasted to reorder and reload each device. While the lost productivity and cost of replacing a computer are significant for Bruns and his team, these issues pale in comparison to the risks associated with sensitive data loss, which can lead to more damaging activity, such as identity theft.
With the system in place, when a laptop is reported lost or stolen, Bruns and his team simply log on to a dedicated Web site, highlight the preregistered entry for the device and send the command to lock it down. The device is immediately rendered useless because the hard drive becomes inaccessible. Sensitive data can no longer be compromised. The only way to overcome this action is for IT to turn it back on.
What Bruns likes best about the system is that it allows his department to deliver the wireless experience, with all of its freedom, productivity and convenience, while still maintaining control over the network and all sensitive data on NLG-equipped computers.
"Had NLG been available years ago, I could have immediately entered the master Web site and wirelessly locked down the stolen laptops without leaving my home," he offers. "If the thief tried to remove each laptop's card, the net effect would be the same--a valuable laptop PC with even more precious data inside would be rendered useless.
"Today, we have an unmatched ability to securely manage and control laptop devices 24/7, while protecting the data they contain," he concludes. "This solution answered our laptop security concerns, and fit perfectly with our major investment in Wi-Fi communications."
For more information from Alcatel Lucent: rsleads.com/712cn-251
Give our editors your thoughts in our online blogs www.comnews.com
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Network Security|
|Comment:||Security blind spot resolved: university protects mobile assets and prevents loss of sensitive data on laptops.(Network Security)|
|Date:||Dec 1, 2007|
|Previous Article:||Security for applications.|
|Next Article:||Wi-Fi access control.|