Boosting Internet Security at Cambridge University

The University of Cambridge is one of the world’s oldest universities, with a strong reputation for outstanding academic achievement and world-class research. It has over 11,000 undergraduates and 5,500 postgraduate students across its 31 autonomous colleges.

The Need for a Central Solution

As a leading research and education facility, Cambridge University requires its IT network to reflect its strong standing. This means providing staff and students with easy access to a host of highly available and secure technology services, including email, the intranet and the backbone network.
The university’s IT provisioning structure is unique, operating on what it calls a ‘federated’ model. Ashley Culver, the university’s network services manager, explains: “While my team works within the central IT department, the responsibility for much of the university’s IT is devolved to 180 different local departments and colleges. So, in a way, we almost sell IT services back to the university. Which is why it’s important for any solution we propose to be capable and cost effective.”

Culver explains that the devolved system has its pros and cons. Granting each institution its own local IT responsibility allows for specialist needs to be better met, while also providing the space for innovation. However, it also means that some work is duplicated across departments and security standards can vary.

For Culver, any centralised and integrated solution his central team could offer to individual IT groups would bring about essential productivity gains.

Top Mark Security

Cyber attacks, such as the denial of service (DDoS) attack which had brought down the nationwide Janet network in 2015 and 2016, had already prompted the university to enhance its security network.

Against the backdrop of a number of high-profile breaches affecting organisations across the UK, the University made the strategic decision to invest in cybersecurity solutions as a business priority.

It was up to Culver’s central IT team to look at adding firewalls and writing security policies to match each department’s individual needs. These measures had to balance the collaborative nature of the university’s IT architecture, and the need to keep student data, intellectual property and research data safe.

After a brief search of the market, the team decided to implement Fortinet’s solutions. This included the FortiGate Enterprise Firewall, FortiDDoS, FortiManager centralised security management and FortiAnalyzer centralised network security logging and reporting.

The decision was an easy one to make, according to Culver.

He cited Fortinet’s existing usage at Cambridge University as a big bonus, as well as its good reputation within the university community. FortiGate enterprise firewalls would provide high performance, multi-layered security across the entire network, while FortiDDos would provide industry-leading DDos detection and help mitigate against attacks. At the same time, FortiAnalyzer would give his team a consolidated view across all Fortinet solutions with real-time alerts.

But it was the presence of the FortiManager centralised security management solution that sealed the deal. “It’s incredibly helpful to have everything linked-up. We can manage the devices and monitor the firewalls all in one place,” Culver explains. The centralised security management solution would allow for an endto-end consolidated network, and save IT resources both time and money.

A centralised solution was especially important for long-term planning. “I don’t know how many firewalls we expect to have in the coming years. I expect it to be around 30 to 40. But knowing that we can manage and deploy policy from one central location definitely helps,” says Culver. Further still, the ability to configure VDOM within the FortiGate enterprise firewalls meant that his team could easily grant individual departments and colleges permission to access parts of the firewall, while keeping the more important elements private. Local IT teams could view and manage their own firewalls, granting them flexibility and control.

Culver and his team started implementing Fortinet solutions at Cambridge University in March 2017. It’s a slow process, he admits, but one that is steadily moving along: “Each time we go out and meet a department or college we talk about their network, discuss their infrastructure, and find out what security rules they’d like. From there, we start planning and deploying. It’s a service that takes a couple of months to arrange. Especially if there’s an existing network or firewall, as we need to transfer the security over.”

At the moment, Culver’s IT team have deployed Fortinet solutions to 10 out of 180 institutions. While it may be early days, Culver thinks the solutions are doing their jobs well and he plans to continue deployment. “Fortinet solutions are reliable. The IT staff find the management interface to be clear and with good functionality. What more can you ask for?” muses Culver, positively.