As one of the oldest institutions of higher learning in the U.S., the University of Pittsburgh has built a reputation for breeding and developing Nobel and Pulitzer Prize winners, Rhodes Scholars, NCAA champions, and countless other accomplished students, alumni and faculty.
Serving more than 700 of the university’s business support staff, the university’s Financial Information Systems Department sought to increase operational efficiency by moving to a virtualized data center in 2008. I recently spoke with Pitt’s own Stephen Koch, senior systems engineer, Financial Information Systems, to discuss his take on the issues facing higher learning institutions and about his experience in shifting from a traditional to a software-defined data center:
TM: What are the most significant issues facing your industry?
SK: Like so many universities in the U.S. that receive state appropriations, the University of Pittsburgh’s operating budget depends partly on state funding. One of the major issues we face is the threat of shrinking funds as governments work to balance state budgets. This lack of funding makes it difficult for university IT departments to invest funds on new technologies, as administrators who only have a relatively small, fixed budget, often operate under the “if it’s not broke, don’t fix it” mentality.
TM: What role/significance does security play in relation to those issues?
SK: Universities deal with a very broad scope of data, including student and employee records and financial information. Institutions must secure PoS systems and remain compliant with PCI and HIPAA standards. However, without the proper funding, it’s difficult to stay in front of ever-evolving security issues.
At the University of Pittsburgh’s Financial Information Systems Department, we’re very conscious of the importance of keeping our data secure and are constantly focused on investing in enhancing our security technology. Unfortunately, our prioritization of security projects over others usually leads to either diverting resources from other IT projects, or moving those projects to the back burner. Although not all IT projects receive the same level of investment, we feel that the current threat landscape demands that we make the security of our systems and data a priority.
TM: How do you think your industry is doing as a whole in addressing those issues?
SK: Generally, the field of higher education has gotten better at addressing our security issues. Following the most recent data breaches, including Target, Sony and Home Depot, security is being taken more seriously than ever before. There is more time and effort being taken at the University of Pittsburgh to protect the data of students, faculty and staff.
Certainly, no one wants to end up on the front page of a newspaper trying to explain how a data breach occurred, compromising the records and financial information of the university’s student and staff population. A data breach would be a giant blow to the reputation of any university trying to attract and retain students and top faculty.
TM: Based on your experience, what would be your advice for your counterparts in other organizations in your industry?
SK: I recommend that systems engineers stay ahead of security issues as best as they can. If they have funds to spend on new technology – they should do it. Over the past 20 years, there’s been a shift in networking architecture where everything fits nicely into silos where they are shielded from outside threats. If systems engineers could use virtual networking to even further segment these networks, I would definitely recommend that.
For example, if you have a PoS system that takes credit cards that needs to be PCI-compliant (as we do), you don’t want those machines to be sitting on the same network as your student labs. That co-habitation makes it easier for someone to gain access, through the student labs, to the credit card information. You can compartmentalize those servers and allow only the necessary amount of access across the network to segregate the credit card information and lower its vulnerability.
However, IT professionals should always keep in mind that new technologies need to fit into their specific environment. Simply because someone else is doing it, or has done it, or is using a certain product – it doesn’t mean it’s going to be the best fit for every environment.
TM: What have been the most significant opportunities and challenges you’ve faced in shifting from a traditional to a software-defined data center?
SK: The greatest opportunity we’ve found is the flexibility we have to do more with the funds that we have – especially when funds are limited. We’ve realized we can do much more with less. Now, instead of spending lots of money on a server that will run one application, we can invest those funds into our current infrastructure by upgrading our storage or buying a new host that will run not only that application server, but also an additional 25-30 more application servers.
Our greatest challenge is trying to convince users that moving to a virtualized environment is going to be better than what they’re currently used to. It’s been a challenge convincing users that they will still have access to the same resources without a big PC with lots of resources.
Learn more about how the University of Pittsburgh optimizes security
Webinar: March 24 with Stephen Koch – Optimizing Security in the Software Defined Data Center
Details: Working together, Trend Micro and VMware have partnered to deliver the first agentless security platform architected for VMware virtualized data centers (including NSX), virtual desktops, and cloud deployments. Founded in 1787, the University of Pittsburgh is one of the oldest institutions of higher education in the U.S., and they have trusted in VMware and Trend Micro to ensure their modern data center is secure. In this session, University of Pittsburgh will share their story, and you will learn how they:
- Optimize data center resources with virtualization aware security
- Deliver automated security across environments
- Manage and deploy security efficiently
- Achieve cost effective compliance
Follow Stephen on Twitter: @Stephen_C_Koch