Barry University CIO: Managing The Mobile Security Load
In higher ed, CIOs have to deal with ultra-connected students and faculty whose devices increase the security burden on IT, while managing the growing use of online video as an educational tool. Here's how the CIO of Barry University in Florida handles it all.
10 CIOs Worth Following On Twitter
(Click image for larger view and slideshow.)
IT administrators for universities have to deal with students and faculty armed with personal fleets of connected devices that add to the security load, along with new "flilpped classroom" teaching methods that rely on streaming video. Dr. Hernan Londono, associate CIO at Barry University, in Miami Shores, Fla., shepherds more than 8,000 students and their devices through their academic careers on roughly 20 campuses. It's a task that is evolving rapidly.
Barry University is a private institution founded by Dominican Sisters in 1940. In a telephone interview with InformationWeek, Londono said that the school now offers more than 100 degrees, from bachelors to doctorates, on campuses located primarily in Florida, St.Croix, and the Bahamas.
Londono said that the university's IT operations are highly centralized in a single Miami location. He described the 64 people in the department as working in "a classic IT shop" with traditional client services, communications, training, and information security within the group. The centralization isn't simply the way things have always been, Londono said. It's the result of conscious planning and decisions made over the years.
"I've been here for 18 years, and when I first came people were doing their own thing," Londono said. "Today we're highly centralized for IT. There are still some pockets of very simple things that might happen out of the eye of IT, but if I had to quantify I'd say we're 90% to 95% centralized."
Centralization doesn't extend to user workstations to nearly the same extent as it does to backend servers and infrastructure. Bring your own device (BYOD) is as much an issue for the university as it is for the enterprise.
Beyond Simple BYOD
"BYOD is a challenging phenomenon, but in the network we're dealing with the risk of BYOD as fairly simple," Londono said. In the case of students, the university uses basic network segmentation to keep student systems away from the systems that hold sensitive information.
On the faculty and staff side of the equation, BYOD is important but secondary to another consideration. Mobility, not system ownership, is the larger issue for users who are faculty or staff. "In our case we have seen a shift from desktop systems for our employees to laptops," Londono said. "In most cases, the business justification exists." And when you give a user a mobile workstation, then they tend to be mobile.
(Image: Hernan Londono)
"The nature of work is such that people don't necessarily work 9 to 5, [and they work] from different locations," Londono said. "This aspect brings more risk, because traditional IT thinks of the classic workday." The laptop given to an employee is set up to be on the university network, but the employee will take the laptop to the coffee shop or their home. The danger in that is when they finally come back to the university network, the security infrastructure may be blind to what they have done or brought back with them.
Barry University uses a combination of network segmentation and advanced network protection devices to deal with risks from mobile faculty systems. But Londono said users are changing the security load faced by the university IT team.
More Devices Than Students
Students are leading the move away from traditional laptop computers to smaller, handheld options, and they're doing it with a lot of devices. "Last semester, we saw something like 41,000 unique wireless devices operating on our network. We're calculating 3.1 to 3.2 devices per user right now," Londono said.
According to Londono, cloud services are the biggest factor in the rise of handheld systems on campus. "Cloud is an enabler for many people. They can have their data anywhere. You can connect to your personal data and business data from anywhere on any device," he said. And managing security becomes a process of managing the cloud.
"Managing the security posture of these devices -- mobility in this case -- you have to build the mobility on top of a cloud, which is very positive in terms of elasticity," Londono said. "We have to manage that risk." Of course, security risks aren't the only concerns for the CIO's office. There are issues like managing the bandwidth required to feed all those mobile devices.
Flipping The Classroom
A growing number of educators are embracing the "flipped classroom," in which students are given assignments before they attend a lecture, rather than doing homework in response to a lecture class. In conjunction with the flipped-class scenario, professors are assigning video lectures to students to watch, either before class or as part of the in-depth study in class.
Londono doesn't want to do anything unnecessary to stifle the creativity and innovation of the faculty. "On the faculty side, we mostly let them do what they want to. There's a recognition that any progress comes from a place where you're not so structured," he said. "If you leave people with a little bit of freedom, they tend to be very creative."
On the other hand, students can be very heavy consumers of the campus bandwidth. "In terms of bandwidth, the shift isn't so much from faculty -- they're careful about moving instruction to streaming -- but the younger generation of kids moving to streaming content," Londono said. And the reality of the new classroom means that the university can't use basic tools to deal with the bandwidth issue. "[Packet] shaping would make video painful, but many institutions like ours are trying to step away from that. We can't tell whether someone is watching video for fun or has been given an assignment by the professor," he said.
Londono said that all of these changes are part of the cycles he's seen since joining the staff at Barry. "We went through client technologies, then forgot about them because of a push to the data center. Then the cloud came and pulled things away from the data center, and now we're looking at pervasive devices. That puts client computing back in the forefront," he said.
As for the future, Londono sees desktop clients joining other services his IT group will provision from the cloud. "VDI has a tremendous potential to help us with inventory management and security," he said. "A lot of the good practice from cloud can be applied to these clients. The desktop-as-a-service has a great potential to help us operate in a very elastic way."
Curtis Franklin Jr. is executive editor for technical content at InformationWeek. In this role he oversees product and technology coverage for the publication. In addition he acts as executive producer for InformationWeek Radio and Interop Radio where he works with ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.