While a slew of hacking incidents in corporate America have gained recent national attention, experts say that academic institutions are in many ways more vulnerable than corporations to security breaches because universities engender a culture that emphasizes openness and information sharing, not firewalls and threat prevention.
"Even though most colleges and universities employ a professional IT staff, each campus department or office might run its own computer system on the school's network," said Clete Rickert, director of information systems at Villanova University, and a Nuesoft Xpress client. "While this decentralized approach to managing information helps to contribute to the collaborative, open environment that universities foster, it also detracts from IT's ability to effectively secure all of the computers on the network at any given time."
To counter this security challenge, IT professionals are beginning to look for ways to house sensitive data - such as patient information in a health or counseling center - off site, instead of storing it on a campus server that may or may not be sufficiently protected.
One option for many IT staff is the application service provider (ASP) model. ASPs host data and manage software programs for a wide variety of users from a secure, centralized data center. Some ASP applications are delivered via a Web browser. Others, like Nuesoft Xpress, avoid the browser environment altogether, and are delivered by a secure Internet connection between the user's desktop and the ASP's data center.
With so much to think about when considering how to deliver mission critical applications and keep data safe, Rickert advises decision makers to take their time and consider options carefully.
"The notion of handing over your data to an ASP provider might be a little daunting to some people" he said. "And, if you do decide to move toward an ASP model, you then have to consider which type of ASP will best suit your needs. When Villanova's health center staff came to (the IT department) for input during a search for practice management software, we chose Nuesoft Xpress because we felt more comfortable with the security and audit features that an Internet-based system has to offer."
Nuesoft Technologies Chief Technology Officer Shahram Famorzadeh elaborates:
"The fact that the Xpress application is written in Java code adds a second layer of security that a browser-based system can not provide." he said. "Most hackers are very familiar with the addresses of the ports and the protocols that browsers use to send and receive data. That information is standard, and so is commonly known. Additionally, the theft of the users' security credential, one of the most common security vulnerability risks, via "phishing" techniques is not applicable in non-browser systems.
"By avoiding browsers, Nuesoft Technologies can use proprietary protocols and ports that are not commonly published, hence minimizing intrusion risks. Nuesoft strictly controls not only what gets sent, but how it is sent."
And an added layer of protection might not be a bad idea in a university environment where the prevailing philosophy is to allow most everything into the network, rather than keeping most everything out with a firewall.
"Until colleges move away from their current open network approach to security, keeping hackers away will continue to be a challenge, and IT professionals will need to turn to ASP models or other options to provide secure solutions to the campus departments that depend on them," Rickert said.
No comments:
Post a Comment