Securing the IoT Campus: Do policies need updating?

By ghinkel posted Aug 03, 2016 10:30 AM


Customary Considerations

During insightful visits with higher education customers, the following considerations to secure a campus WLAN infrastructure were evident:


  • People: Is the user staff, student, or guest? What access do they require?
  • Place: Does a particular building require different capabilities? Who manages the building IT? If not central IT, how do they overlay with central IT? Does the building include IoT-enabled environments?
  • Device: Is the device BYOD or campus issued? Is a laptop treated differently than a mobile phone? Are IoT devices detectable and manageable on the network?  
  • Use Case and/or Application: What level of prioritization do applications require? Does time of day impact access? Does the network need to support big data transfer or networking research?

Higher education customers have also shared that a significant security risk, becoming more commonplace, is the rapid deployment of IoT-enabled environments.

20 Billion devices.jpg


Policy Considerations

Having intelligent infrastructure, software, and support systems in place are crucial to security. But to better ensure those tools work for long-term success, inter-department policies should be created and regularly reviewed to support campus security goals.

  • Investigate the “Why?”: Understanding drivers for deployments of IoT devices or requests for special access privileges is empowering. Cost savings, research support, environmental concerns, student enrollment or retention, and improved student services could all be potential answers to “why” when departments request network enhancements that are out of the norm. The answers received can help with infrastructure and software decision making, but also in developing SLAs and policies between central IT and departments.
  • Communicate and Education: Continual communication and collaboration might seem like a no-brainer, but don’t take it for granted. Keep in mind that other groups, even those that are tech savvy, may not stay current with recent developments, especially related to security risks. Create a method or process for communication and use it to educate your stakeholders.
  • Policies or Service Level Agreements (SLAs): It is likely that you have SLAs in place. They are designed to keep everyone aligned not only with IT services provided, but how decisions are made, costs, the access level to IT systems, and how potential issues are addressed. If you haven’t reviewed policies or SLAs recently for IoT environments, take a look at yours and seek input from trusted advisors.

Call to Action

In the age of mobile-first campuses, digitization of education, IoT-enabled environments, overlay networks, and de-centralized IT services, securing the campus can be a challenge. Although there is no one-shoe-fits-all guide, you can help achieve your security goals by keeping a pulse on the policy considerations too!  To learn more, watch the webinar “How to Solve Today’s Mobile and IoT Security Challenges” and read Chuck Benson’s, Assistant Director for IT from the University of Washington, EDUCAUSE article “The Internet of Things, IoT Systems, and Higher Education” that includes ideas for socializing IoT system risks to stakeholders.  Also, don’t forget to engage with other in the Airheads Higher Ed Community!