On most every campus today, students arrive with a host of mobile devices in tow. Instructors and guests may have a laptop, smartphone, or tablet—but students will most likely expect that their laptops, tablets, smartphones, and wireless printers are allowed. Here, Santosh Cheeniyil, one of the founders of Avenda, a network access control and security solution, discusses ways campuses can support a wide variety of users and mobile devices, meet compliance guidelines, facilitate seamless mobility, provide access to various campus resources based on roles, and ensure the security of the network, and also shares his thoughts on what this means to the IT team and their users.
Victor: What is Avenda and what do you do?
Santhosh: We provide a transparent layer of user and device network access security, and intelligence for wireless, wired and VPN networks. Our flagship eTIPS product provides differentiated access using a person’s identity, device type, and other contextual attributes. Customers can grant varying levels of access to faculty, staff, students, and guests, based on their role and specific resource needs. Information
captured during the authentication process can then be used to determine network characteristics, like the load on Wi-Fi controllers, the type of devices being used, how often users are running anti-malware applications, etc.
Victor: When you started Avenda, did you think that mobile devices would become as popular as they are today, and that they’d become such an influence on college campuses?
Santosh: When we first started most higher education customers were mainly concerned with the health or posture of laptops being brought onto their networks. But, it was clear that mobile device providers were very focused on making their devices more powerful and easy to use, so we made sure to include features that helped identify and connect mobile devices, regardless of operating system or brand.
It makes sense that campuses would be host to a variety of diverse handhelds and mobile devices, as today’s youth are the ultimate early adopters. The interesting dynamic is that today’s user may have 3 to 4 devices that they would like to connect versus one. It’s a game changer.
Victor: How have these new devices changed the way higher education IT departments look at user and device authentication?
Santosh: In addition to creating security issues related to differentiating user traffic and compliance requirements, the majority of these new devices are personally owned. This adds a layer of complexity, as each device may run different operating systems and applications. Wi-Fi settings are not the same, and authentication methods may differ.
The fact that each user may have multiple devices makes it even more difficult to tie a user to a specific IP address, to keep the network malware free, and to troubleshoot connectivity issues. IT departments are looking for a better way to intelligently compile and use the information they capture during the authentication process.
Victor: Why is it so difficult to secure all these devices brought onto the network by faculty, staff, students, guests, etc.?
Santosh: As mentioned, personally owned devices come in a wide variety of forms – different vendors, operating systems and capabilities vary, etc. They all work differently and have different nuances to consider. Identifying these nuances and capabilities, applying the right security controls and providing a seamless mobility experience to end-users is the key to successfully securing these devices.
Victor: What differentiates Avenda’s solution from other vendors’ offerings for universities?
Santosh: Our policy platform is uniquely multi-functional in nature, and it enables campuses to think in terms of logical rules to secure network access. A typical campus network today has networking equipment from a variety of vendors, different end-user devices and operating systems, and a highly mobile group of employees, students and guests. Deploying even a rudimentary form of access control in such an environment previously required multiple vendor-specific products. Avenda’s eTIPS helps the campus IT organization to consolidate and manage all of these access control use-cases from a single platform.
Furthermore, our platform provides deployment and helpdesk tools that allow universities to test and benchmark policies before going live. This makes a world of difference, because the IT department now has a better sense of when and where to begin a deployment without experiencing outages.
Victor: What are some of the benefits a university should expect to realize with your solution? Why is this important?
Santosh: We allow organizations to gradually add stronger network access security without causing disruption to their users’ workflow. This is important as users will have a tendency to react or push back when they experience problems when connecting to a network, and will forego security or will result in too many helpdesk calls. For example, on some of our customer campuses, students would log in as a guest because authenticating as a student was so difficult before they implemented Avenda’s eTIPS solution.
From a university network administrator point of view, centralized control of security policies, better compliance measures which lead to smoother audits, greater protection of information and resources, and easy-to-use troubleshooting tools are huge benefits when managing such a dynamic user community.
Victor: Talk about some customer scenarios in higher education, and how your solution addressed their needs.
Santosh: Sure. From the student access perspective, the primary goal is provide secure wireless access, and eventually endpoint health checks. Some customers differentiate access by location, for example, the dorms versus the campus network. Others use a student’s identity, with location, and even a known MAC address. A game console may be a known device but can only be used in the dorm.
From the faculty and staff access perspective, we have customers authenticating users and allowing access to secure campus resources, no matter the device that the user prefers.
From the guest access perspective, Avenda’s guest functionality allows IT departments to offload guest registration to sponsors, which makes it easier to create and distribute credentials. In some cases, customers pre-distribute credentials and guests can self-register upon arrival, which makes it much easier to manage large events. We also have customers that are using third party payment systems from our guest portal to ensure that they are capturing valid guest information.
Victor: What’s in store for university campus security from an identity and policy perspective within the next 12 months? What can IT departments expect?
Santosh: Because of the influx of smart devices it will be even more challenging to track and ensure that compliance requirements are met for issues related to acceptable use policies. Provisioning adequate network bandwidth in their wireless networks, and applying the right level of security controls is something IT departments should expect to deal with.
One of our goals is to make this easier to manage, with one place to see all users on the network, and the ability to link each device registered to that user. Expect to hear more from Avenda regarding visibility, control, and user and device intelligence in the coming months.
Victor: Your thoughts on the future of technology in higher education?
Santosh: With the proliferation of smart devices, mobile computing is here to stay. Students and faculty will use these smart devices and continue to push the envelope in areas such as interactive remote learning, multi-room video chats, live tutoring, etc. The demand on the wireless network, in terms of capacity requirements and the granularity of security controls, will increase. There will be a greater need to differentiate access to campus resource, identify high bandwidth users, and provide command and control mechanisms at a user device level.
Victor: Great chatting—anything else you’d like to share about Avenda and the need for universities to secure all these mobile devices?
Santosh: Great chatting with you as well. Thank you for the opportunity to share our experiences with your audience. The last thing that I’d like to mention is that even though these new mobile devices present a challenge, our customers have used a phased approach to tackling the problem. We partner with our customers to solve the immediate concern of maintaining control of their network, and then work together to add more granular policies and control as needed.
Victor Rivero tells the story of 21st-century education transformation. He is the editor-in-chief of EdTech Digest, a magazine about education transformed through technology. He has written white papers, articles and features for schools, nonprofits and companies in the education marketplace. Write to: victor@VictorRivero.com