The Lippis Report

By Cisco and Virginia Commonwealth University

Securing a network for any large organization is fraught with challenges. In a university environment, however, where the need for security must be balanced with the need for academic freedom, those challenges can be even more complex. "œOur security environment is very dynamic," says Mark Willis, chief information officer for Virginia Commonwealth University (VCU), a Richmond, Virginia-based university with 32,000 students and 10,000 faculty and staff. "œAt a regulatory level, we have increasing requirements to secure our networks and data. That is almost an anathema to an academic environment, which, by its nature, needs to be very open. We struggle to balance these needs and protect our assets from security risks."

The VCU network is far-flung and complex. The university stretches across two campuses, encompassing more than 140 buildings, 1800 network switches, more than 500 servers, and more than 42,000 users. Portions of the network connect with a large regional medical campus, meaning that many network segments must comply with strict data security regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and industry requirements such as protection of copyrighted materials. In addition, several areas of the university deal with credit card transactions and must meet Payment Card Industry (PCI) requirements. Although the university had long employed strong perimeter security, mitigating the risk from internal threats was a constant challenge.