The University of Cambridge is one of the world’s oldest universities, with a strong reputation for outstanding academic achievement and world-class research. It has over 11,000 undergraduates and 5,500 postgraduate students across its 31 autonomous colleges.
The need for a central solution
As a leading research and education facility, Cambridge University requires its IT network to reflect its strong-standing reputation. This means providing staff and students with easy access to a host of highly available and secure technology services, including email, the Intranet and the backbone network. The university’s IT provisioning structure is unique, operating on what it calls a ‘federated’ model.
Ashley Culver, the university’s Network Services Manager, explained: “While my team works within the central IT department, the responsibility for much of the university’s IT is devolved to 180 different local departments and colleges. So, in a way, we almost sell IT services back to the university which is why it’s important for any solution we propose to be capable and cost-effective.”
Culver explains that the devolved system has its pros and cons. Granting each institution its own local IT responsibility allows for specialist needs to be better met, while also providing the space for innovation. However, it also means that some work is duplicated across departments and security standards can vary. For Culver, any centralised and integrated solution his central team could offer to individual IT groups would bring about essential productivity gains.
Cyberattacks, such as the denial-of-service (DDoS) attack which had brought down the nationwide Janet network in 2015 and 2016, had already prompted the university to enhance its security network. Against the backdrop of a number of high-profile breaches affecting organisations across the UK, the University made the strategic decision to invest in cybersecurity solutions as a business priority. It was up to Culver’s central IT team to look at adding firewalls and writing security policies to match each department’s individual needs. These measures had to balance the collaborative nature of the university’s IT architecture and the need to keep student data, intellectual property and research data safe.
“Cambridge University ran an extensive market and competition evaluation before choosing Fortinet as its chosen security provider for the future. This involved an initial purchase of a Redundant Solution for both firewalling and DDOS protection at the main 80Gb JANET University link,” said Graeme Stewart, Head of Public Sector, at Fortinet. “In addition, the central IT team will also offer a managed service to all colleges and departments with the FortiGate firewall as the perimeter security.”
After a brief search of the market, the team decided to implement Fortinet’s solutions. This included the FortiGate Enterprise Firewall, FortiDDoS, FortiManager centralised security management and FortiAnalyzer centralised network security logging and reporting. The decision was an easy one to make, according to Culver.
He cited Fortinet’s existing usage at Cambridge University as a big bonus, as well as its good reputation within the university community. FortiGate enterprise firewalls would provide high-performance, multi-layered security across the entire network, while FortiDDos would provide industry-leading DDos detection and help mitigate against attacks. At the same time, FortiAnalyzer would give his team a consolidated view across all Fortinet solutions with real-time alerts.
But it was the presence of the FortiManager centralised security management solution that sealed the deal. “It’s incredibly helpful to have everything linked-up. We can manage the devices and monitor the firewalls all in one place,” Culver said. The centralised security management solution would allow for an end-to-end consolidated network and save IT resources both time and money.
A centralised solution was especially important for long-term planning. “I don’t know how many firewalls we expect to have in the coming years. I expect it to be around 30 to 40. But knowing that we can manage and deploy policy from one central location definitely helps,” said Culver. Further still, the ability to configure VDOM within the FortiGate enterprise firewalls meant that his team could easily grant individual departments and colleges’ permission to access parts of the firewall, while keeping the more important elements private. Local IT teams could view and manage their own firewalls, granting them flexibility and control.
Culver and his team started implementing Fortinet solutions at Cambridge University in March 2017. It’s a slow process, he said, but one that is steadily moving along: “Each time we go out and meet a department or college, we talk about its network, discuss its infrastructure and find out what security rules it’d like. From there, we start planning and deploying. It’s a service that takes a couple of months to arrange. Especially if there’s an existing network or firewall, as we need to transfer the security over.”
The main gateway firewalls are now in situ, these were installed by the partner in conjunction with the Cambridge University ITS team and are now protecting the main server environment. The FortiDDOS appliances are also operational and have already stopped a number of DDOS attacks. The future will involve additional services being run on the FortiGates with a view to consolidate and utilise the FortiGuard functionality.
At the moment, Culver’s IT team have deployed Fortinet solutions to 10 out of 180 institutions. While it may be early days, Culver thinks the solutions are doing their jobs well and he plans to continue deployment. “Fortinet solutions are reliable. The IT staff find the management interface to be clear and with good functionality. What more can you ask for?” said Culver.