20+ million higher-education enrollees averaging roughly three devices per person equals 60+ million devices connecting to institutions’ networks. Additionally, there are over 1.5 million professors and administration staff personnel, meaning there’s probably over 2 million university-provided and BYOD devices. That’s a lot of potential risk and a serious security challenge.
The five largest public university campuses each have enrollments of around 58,000 students. The sheer volume of devices that that represents is staggering. How can IT professionals secure those devices and protect the resources they’re consuming if they can’t even see them?
Now consider eduroam, an international roaming service. While colleges and universities generally provide network and Internet access, typically via Wi-Fi, eduroam is an alternative worldwide Internet access provider that authenticates users based on their local institutions’ credentials, then, using secure back-end mechanisms, passes those credentials to another member institution’s network where the user is authenticated and granted Internet access. Seems like a great way to streamline student connectivity, but one of the challenges with eduroam is the fact that the facility receiving credentials has no visibility of the users and devices connecting to their network. Zero.
While eduroam users make up only a small portion of network users, most colleges and universities, especially ones with multiple facilities, deal with security issues that are often exacerbated by a lack of control of the underlying network environment. In a recent chat I had with a Director of Information Security from a large public university in the Southeast, we discussed the problems caused by limited visibility. While not the primary issue, eduroam was mentioned as a cause for concern due to the lack of visibility of devices and associated unknowns.
After connecting to the Internet, eduroam users can VPN into college or university systems, and that’s the moment when the lack of visibility is the biggest problem. That’s because the moment a compromised device connects is the moment it introduces risk to the institution and all the other connected devices. It’s that risk that educational institutions should look to reduce. By closing the visibility gap, you mitigate that risk and arm your institution against hundreds or even thousands of previously unknown devices (and potential vulnerabilities).
Gaining device visibility of a single campus or even multiple campuses into an aggregated view can be easily obtained. Ask us how.