Security Experts:

Universities, the Pioneers of Private Clouds

Reputed innovators, universities crave the cutting edge. They need to keep current. They need to trailblaze. It’s how they can continue to advance academic status and attract fresh talent. For this reason, it makes sense that university IT departments aren’t shy about investigating and participating in the latest and greatest technology trends—including virtualization and cloud computing.

Private Cloud InnovationFor the most part, these IT groups face similar challenges as their counterparts in the enterprise world. Even with limited budgets and finite resources, they are under constant pressure to streamline business processes and lower costs even more. At the same time, they are responsible for continuing to provide state-of-the-art resource-rich environments that enable them to meet and uphold service-level agreements and data security standards.

The Pursuit of New Technologies

To succeed in doing more with less, many universities became early adopters of virtualization, benefitting from server consolidation, improved energy efficiency, and cost savings and consequently enabling some of the U.S.’s largest private clouds.

For universities, private clouds offer a new approach to delivering IT services. They promise not only to cut hardware and software expenditures, but also facilitate and hasten the ability to meet departmental demands for compute and network resources.

This type of internal cloud environment provides on-demand computing resources, use-based service models, and on-the-fly up-and-down system scalability to deal with spikes in demand for a particular application or service. A university is able to offer the CPU, storage, and access to high-end networking-as-a-service to departments across the university, thus saving money that would otherwise be spent on new hardware for a large, disparate number of departments.

Security, The University Private Cloud Enabler

For a university private cloud to work, the IT department has to ensure that the resources of each college or department are isolated properly from one another and those communications paths among departments follow university security policies. This is extremely important because like enterprise networks, university networks are subject to regulatory compliance for maintaining the privacy and safekeeping of student records (FERPA), protecting financial and credit card information (PCI), and ensuring the confidentiality of patient data stored within medical colleges (HIPAA), among others.

And perhaps unlike tightly managed business networks, university cloud computing environments are at greater risk from information loss and misuse since these are environments for broad use and experimentation by their very design. So when it comes to putting high-value or security-intense data on virtual machines in the private cloud, university IT departments know that they must also provision their cloud with security measures. These security measures must allow for highly granular access control and selective isolation of VM groups that restrict use and mitigate the risks to which one college’s academic pursuits may subject another.

So if the college of engineering is testing computer viruses on their portion of the cloud, the medical college can house patient data on its VMs with complete faith that traffic from one will automatically be prevented from reaching the other. The accidental migration or motion of a VM to the wrong part of the cloud should also be prevented. This type of “security bubble” system, which some virtualization security vendors call hypervisor-based, mitigates the risks of cross-pollinating traffic, and makes the pursuit of higher education in the cloud a reality.

Read More in SecurityWeek's Cloud and Virtualization Security Section

view counter
Johnnie Konstantas heads Gigamon’s security solutions marketing and business development. With 20+ years in telecommunications, as well as data and cybersecurity, she has done a little bit of everything spanning engineering, product management and marketing for large firms and fledglings. Most recently, she was the VP of Marketing at Dato, a company pioneering large-scale machine learning. She was also VP Marketing at Altor Networks (acquired by Juniper), an early leader in virtualization security and at Varonis Systems. Past roles have included product management and marketing for Check Point, Neoteris, NetScreen and RedSeal Systems. Johnnie started her career at Motorola, designing and implementing large-scale cellular infrastructure. She holds a B.S. in Electrical Engineering from the University of Maryland.