Security and identity management has become the #1 issue for CIOs to resolve to ensure the long-term success of their institution's IT infrastructure, according to the 2006 EDUCAUSE Top Ten Issues survey.

IT funding — the #1 issue for the past three years — was displaced into the #2 spot for the first time by security and identity management in the EDUCAUSE survey of hundreds of educational institution IT professionals. In 2005, security and identity management had moved from the #3 to #2 position of Top Ten issues.

ADDITIONAL RESOURCES    »  Toward Systemically Secure IT Architectures    »  Solaris 10 Operating System Security    »  Sun Secure Global Desktop    »  Sun Ray Thin Clients    »  Sun Java System Identity Manager

The growing importance of security and identity was evident during the annual EDUCAUSE conference, one of the largest trade shows for education technology professionals, held October 10-12 in Dallas, Texas.

Many attendees visiting the Sun booth at EDUCAUSE were looking for security and identity management solutions. No wonder. Education IT professionals face unique security challenges:

• Widely Distributed Networks: Machines in residential university networks are not owned by the university, but by students. The university functions like an ISP with little control over applications and patch management (in contrast to a corporate network, with centralized administration and patch management).
• Viruses, Worms: Unpatched, unprotected student machines are prone to worms, viruses, spyware, associated with usage such as peer-to-peer file-sharing, MP3 swaps, and instant messaging.
• Intellectual Privacy/Asset Loss: Data privacy issues associated with student/alumni data, and IP issues associated with research data or financial data.
• Distributed Denial of Service (DDOS): University networks used as launch pad for cyber attacks.

Click to enlarge

Secure by Design: The Sun Approach to Security
How well an organization has deployed and integrated security into its network can be a significant contributor to its overall productivity. But security is not an object, nor is it simply a list of features. Security is an ongoing discipline that monitors what's happening — in your organization and out in the world — and applies this knowledge to the development and safe deployment of IT resources.

Sun believes that you can minimize the complexity and cost of appropriate security by designing systemic security into flexible, open architectures that include processes for dynamic assessment of policy and risk. By focusing on security as an integral part of all of its products, Sun provides a solid foundation for preventing, not just fixing, security problems.

The bottom line is secure operation. The Solaris Operating System, Sun Secure Global Desktop, Sun Ray thin clients, and Sun Java System Identity Management solutions comprise four key components of Sun's systemic approach to security and identity management.

Solaris 10 Operating System
The release of the Solaris 10 OS marks Sun's most comprehensive, security-enabled OS yet. Most binaries in the Solaris 10 OS are digitally signed, and administrators can track changes easily. All patches or enhancements are embedded with digital signatures, eliminating the false positives associated with most file integrity-checking software when upgrading or patching.

As part of the Solaris Fingerprint Database project, digital signatures are provided for all files shipped in the Solaris OS. These signatures allow you to check the integrity of Solaris files to ensure that no hacker has modified critical system files. Solaris 10 offers unique user rights management (also known as role-based access control, or RBAC) and process rights management (also known as privileges).

These technologies reduce security risk by granting users and applications only the minimum capabilities needed to perform their duties. Unlike other solutions on the market, no application changes are required to take advantage of these security enhancements. For years, the Solaris OS has included firewall protection technology with every copy shipped to protect individual systems from attack.

Sun Secure Global Desktop
Sun Secure Global Desktop Software delivers information, data, and applications through a virtualized desktop environment to desktops, laptops, thin clients, and mobile devices. This solution is able to meet and exceed these demanding secure mobility requirements by facilitating secure application access to a wide variety of applications from a wide range of client devices.

Using Sun Secure Global Desktop Software, desktops PCs running Microsoft Windows, Solaris OS, Linux, and Mac OS X can all be used and mixed on the same network to access multiple applications running on multiple platforms. Sensitive applications can be migrated from desktop PCs to centralized servers where they can be more closely monitored and managed without forfeiting productivity. This model allows IT to maintain strong security policies without limiting user flexibility.

All supported client devices can access applications on Windows, Solaris, Linux, and other UNIX environments, as well as mainframe and midrange systems, without concern that sensitive information is being stored on standalone desktops and laptops. Additionally, users can easily move from device to device and their session follows them, even on Windows mobile Pocket PC devices.

Best of all, Sun Secure Global Desktop replaces the need for complex hardware or software VPN solutions and, unlike a VPN solution, the data never leaves your data center. Users experience real-time access to applications and data with a fully featured and rich graphical experience, whether they are at a desk in the classroom, traveling to a building across campus, or on the other side of the world.

Sun Ray Thin Clients
Traditional thick-client desktops are a costly solution for providing ubiquitous access to services. They are also a source of many well-documented security risks, including software piracy, data theft and loss, and malware infection and propagation. The use of thick-client technology magnifies the security challenges facing organizations today.

The sheer number of deployed systems often makes it difficult and costly to ensure that they are operating in a consistent, compliant, and safe manner. Furthermore, organizations often lack sufficient control over what software is installed on those platforms by end users, either intentionally or otherwise. Similarly, data is often copied to, or cached on, desktop platforms where it might not be safeguarded to the level required by an organization's security policies.

Finally, thick clients have an intrinsic value, making them valuable targets for theft and illicit resale of hardware and software. Once stolen, the information stored locally on the thick client can be accessed, used, or sold, with the potential for causing damages far beyond the intrinsic value of the stolen machine.

Sun Ray thin clients address many of these security issues through the effective creation of desktop utility environments in which small, stateless networked devices replace traditional thick clients as the desktop. These devices have no local configuration, storage, or state, and they must be used in conjunction with a server environment (a desktop utility).

With secure desktops, there is no longer a need to deploy security controls on each and every desktop, and there are fewer audit logs to collect and analyze, because configuration and policy enforcement are centrally managed. Consequently, the use of thin-client devices can help reduce the overall administrative burden and budget, allowing people and resources to be directed toward more strategic and proactive initiatives.

Thin-client devices used in support of a Secure Desktop Services strategy have a much lower intrinsic value and are therefore a less interesting target for thieves for the following reasons:

• They cannot be used in a standalone capacity outside of an existing thin-client environment.
• They do not retain any state, configuration, or data that can be copied, ransomed, or deleted if a unit is stolen.
• Because thin clients are effectively networked display terminals, they can leverage older, slower processors, smaller memory packages, and even operate without hard drives — all without adversely impacting the end-user experience. This means that even the parts that make up the thin client would not command high resale value.

Sun Java System Identity Manager
With hundreds or thousands of instructors, administrators, and students accessing institutional networks and the applications and data they contain, managing who has access to what systems is not just a costly, time-consuming ordeal. It also represents a significant security risk that can lead to unauthorized access to sensitive information.

Sun's newly released Identity Manager 7.0 is the industry's first identity management product to combine both user provisioning and identity auditing in a single solution. It enables IT organizations to streamline governance of which users have access to which applications through centralized, automated user provisioning. Importantly, it also covers deprovisioning of users to help IT administrators zero in on the serious problem of former employees, contractors, or students retaining access to vital systems after they have left the institution.

In addition, policy-driven auditing provides administrators with exception-driven reporting to highlight violations, and a powerful auditing facility for preventive and detective compliance. With it, educational institutions can eliminate costly manual approaches, reduce help desk and operations workloads, lower total cost of ownership, and reduce the number of user accounts that need to be reviewed.

Few organizations have the luxury of starting fresh with their IT landscape and building in systemic security at the start. Most organizations need to adapt their existing, legacy deployments and transform them to support security and compliance more systemically.

For some organizations, this might be as simple as a few minor adjustments to their overall IT security plan. For others, it might be more of an evolutionary process that will require a sustained commitment of time, money, resources, and organizational focus. Wherever your institution is along the continuum, Sun has the resources to improve campus IT security.

Questions or comments? Please email education_news@sun.com