While it’s certainly appropriate to do some gambling while in Las Vegas, it’s not so safe to gamble on your organization’s network and data security protocols. That was the message relayed during Tuesday evening’s ITEXPO 2014 CIO Roundtable keynote titled, “IT and IP Converge—What Comes Next?”
The session welcomed panelists David Gustafson, CIO, State of Nevada; Bill Schrier, OCIO, State of Washington; and Dr. Lori Temple, Vice Provost for IT, University of Nevada, Las Vegas (UNLV) during day two of ITEXPO 2014, taking place this week through August 14 at The Rio in Las Vegas.
First thing is first: you can’t let users into your enterprise’s system if they are not allowed to be there. Similarly, if they are permitted access to your network, they should only be allowed to see those pieces of data for which they are permitted access. For example, a student should be able to log into his or her account but should only be able to see course or transcript information—not unauthorized data such as private school records. As such, securing available network applications should be a main concern. “That’s a big enough challenge,” said Temple.
Organizations across virtually every industry want to keep their networks wide open to provide users with full transparency; however, what happens when you have a user base of 30,000 students, like at UNLV, and your network must remain securely airtight at all times? This also doesn’t take into account guests attending the public campus and tapping into the institution’s network. This undoubtedly heightens the network’s risk of threat and, thus, need for security. Meanwhile, “bad guys,” as Gustafson calls them, are banging on organizations’ firewalls, sometimes as much as hundreds of times every month.
So, how do they secure their environment? According to Gustafson, you can’t have your cake and eat it, too.
“Securing the network in the way that traditional IT guys want to is no longer a reality,” he said. But that doesn’t change the fact that organizations are entrusted to protect a variety of pertinent data and assets. Gustafson stresses the importance of prioritizing correctly. “My first and foremost priority is to secure data at all costs,” he explained. So, identify where your company’s core data is that must be protected and exert your time and energy into protecting that data. If you don’t, it will unquestionably get compromised.
“We have an appliance that sits on our network that uses a global intelligence network, which updates known malware sites,” Gustafson said. “So, if users of our network happen to click on links that take them to places they shouldn’t be going, it will block the outbound traffic.”
Meanwhile, UNLV takes a different approach to network security and monitoring. “Prostitution is legal in the state of Nevada. Students study prostitution and sexual topics; therefore we have to accommodate. We have virtually zero restrictions,” said Temple.
Tuesday evening’s CIO roundtable on data and network security makes it more than clear: Data is big and it’s only getting bigger; however, organizations must be able to strike a balance between an open network and an uncompromised one.