Monday, 27 September 2010

JANET stakeholder meeting - security

Still catching up with blog posts - it's been a  busy week!

Last Wednesday I was chairing  a JANET stakeholder meeting, and this time the topic was security. JANET is our network provider, and we were looking at what they can do to assist us with the issues we currently face. Of course, they do an excellent job already, especially through their CSIRT team.

One of the issues we touched on was the conflict between tight security, and people - make it too difficult, make things too locked down, and people will get round it. Security is typically bypassed, not penetrated. People want to access information, data, the internet on any device and in a platform agnostic world you don't want complicated security models.We all had anecdotes of people merely emailing data to their own personal email address so they could use it on their own laptop rather than the tightly locked down one they'd been issued with.

The development of shared service centres, especially if financial or personal data is involved, also gives its own security issues, and there was some discussion of how that might be handled on the JANET network.

One of the things those of us work in Universities often forget, is the different issues facing other education institutions on the network such as schools, who have to deal with child protection issues, web filtering, monitoring and reporting. Often smaller institutions don't have a dedicated security person, or skilled network and system administrators and we discussed how they could be helped.

CSIRT gave us an interesting and informative presentation on what they do and the sort of security problems they face, and the number of incidents they have to deal with - the greatest of which is malware.

So, a very productive meeting with lots of suggestions for future action.

No comments: