Provisioning: Q&A with Ben Ruset, Princeton University

Ben Ruset is systems administrator at Princeton University. He speaks to VPN Haus about pressing provisioning issues all organizations – academic or corporate – should consider.  VPN Haus: When dealing with employee terminations, who should own network provisioning – HR or IT? Ben Ruset: Typically HR should notify IT and request that an account needs to be disabled/deleted. Neither department should make a unilateral decision that an account be modified without clearing it with the other. It’s all a matter of having well defined processes for business functions like this. Unfortunately many organizations forget to create or enforce them until it’s too late. VPN Haus: Is this a process that you recommend automating? Ruset: Well, this really is more of a human issue than a technological one. If there’s a policy in place, HR should notify IT to kill the account. Since they will manage to tell finance or the payroll company that the employee is terminated, as well as the health insurance company, they should be able to notify IT. Alternately if there’s a system like Peopleworks, or some such, there could be an automatic notice sent to IT as part of the termination workflow. VPN Haus: Do the provisioning issues you raised also relate to student email address / account, especially with graduation and new school seasons? Ruset: So, let me preface by saying that I’m not directly involved with provisioning accounts for students, faculty, and staff. IT at Princeton tends to be pretty compartmentalized. The most that I do is, request accounts for things like the occasional contractor or temp worker who’s setting up an application...

Provisioning: Q&A with Ben Ruset, Princeton University

Ben Ruset is systems administrator at Princeton University. He speaks to VPN Haus about pressing provisioning issues all organizations – academic or corporate – should consider.  VPN Haus: When dealing with employee terminations, who should own network provisioning – HR or IT? Ben Ruset: Typically HR should notify IT and request that an account needs to be disabled/deleted. Neither department should make a unilateral decision that an account be modified without clearing it with the other. It’s all a matter of having well defined processes for business functions like this. Unfortunately many organizations forget to create or enforce them until it’s too late. VPN Haus: Is this a process that you recommend automating? Ruset: Well, this really is more of a human issue than a technological one. If there’s a policy in place, HR should notify IT to kill the account. Since they will manage to tell finance or the payroll company that the employee is terminated, as well as the health insurance company, they should be able to notify IT. Alternately if there’s a system like Peopleworks, or some such, there could be an automatic notice sent to IT as part of the termination workflow. VPN Haus: Do the provisioning issues you raised also relate to student email address / account, especially with graduation and new school seasons? Ruset: So, let me preface by saying that I’m not directly involved with provisioning accounts for students, faculty, and staff. IT at Princeton tends to be pretty compartmentalized. The most that I do is, request accounts for things like the occasional contractor or temp worker who’s setting up an application...

Google adds to ongoing connectivity struggles at colleges

As we recently noted, as colleges move quickly to adopt new technology, IT administrators are struggling to map existing information security policy with the new solutions. In the most recent example, the University of California has stopped its 30,000 member staff-and-faculty from using a hosted version of Google’s e-mail service, Gmail. This ban comes after the university scrapped plans to roll-out a Gmail service to the entire campus. The reason? Members of the faculty were worried that Gmail, and its social arm Buzz, aren’t secure enough to protect university content. The core issue is how to secure information once out of university networks. According to InformationWeek, UC Davis officials have also noted that “outsourcing e-mail may not be in compliance with the University of California Electronic Communications Policy.” UC-Davis’ move follows Yale University, which put plans to switch its email provider to Google Apps for Education on hold earlier this year, pending IT review. While the biggest problem for Yale and UC Davis is mostly around data stored on the cloud and security, both incidents illustrate the pressures on IT administrators at universities to keep up with changing tech preferences. A topic near and dear to VPN Haus ties in quite well to this last point: how to rethink remote network access. Students are just short of demanding WiFi support for devices such the iPad and other mobile tech. Campuses are rolling out hotspots with increasing frequency to accommodate. However, policy stands in the way of progress. For the recent UC-Davis and Yale news, it seems campus policy conflicts with provider policy, which also seems to put Google on...

Tis the Season: Tax Day

Tax day is Thursday, and the nation is scrambling to complete their taxes, companies as well as individuals.  Many organizations are considering filing online to benefit from faster return times through direct deposit and wire transfers—in fact, the Federal government and many states incentivize online filing. Last year, nearly 95 million returns were e-filed.  However, before you file with the IRS online, make sure the information is secure.  Tax documents contain sensitive financial information, and it’s important to make sure no one can gain access to it.  This time, hacks, man in the middle attacks (MITM) and other scams are widespread.  Here are some tips to keep get rid of one tax season headache: Check your connection—is it secure and encrypted? Use a VPN with a built-in firewall—especially if you are using public Wi-Fi. Make sure your wireless connection is password protected—hackers can identity keystrokes and learn your information. Add more authentication measures, such as PKI certificates, to avoid MITM attacks. Make sure all of your software, including your AntiVirus, Internet browsers and other applications, are up-to-date. For additional security measures, visit the IRS’ Web site at...

Combating Data Breaches with Provisioning

According to a recent Gartner survey, enterprise security end-users stated that remote access and user provisioning are two of the top 10 security technology priorities for 2010.  With 2010 well under its way, businesses have been gearing up and rethinking their remote access policies with provisioning in mind.  This is a key (and simple) strategy to deploy to prevent commonly overlooked data leakage issues. All too many times do we see disgruntled employees and other internal mishaps occur within the workplace, so we thought it would be helpful to put together some best practices for you to follow: Protect your data— implement proper security policies, such as the use of VPNs and two factor authentications. Employee education—make sure all employees understand and follow all security procedures that are set in place. Know your data and manage it—keep tabs on who is accessing what and when. Rethinking your remote access and following these best practices are easy ways to reduce and prevent data leakage occurring within your...

Will you be at RSA next week?

Can’t believe the RSA Conference is just a week away!  As you may already know, NCP will be exhibiting at the show again this year, and we’ve been quite busy preparing for it.  This year we are holding a panel session on network access technology and doing technical demonstrations of our enterprise VPN management solution.  Below is some information on what we’ll be doing at the show. Our panel session on is taking place on Wednesday, March 3 @ 10:40 a.m. in the green room 130.  It will be moderated by Dr. Bruno Quint, founder and managing director CORISECIO GmbH, and sitting on the panel will be NCPs Jörg Hirschmann, CTO, Rainer Enders, senior systems engineer and Rene Poot, senior solution specialist.  They will be discussing hot topics such as, IPsec vs. SSL VPN—which one is the right one?, mobile users and remote access and the do’s and don’ts of network architecture. If you can’t make the panel session, swing by NCPs booth (#1541)—our technical guys will be around giving demonstrations of the NCP Secure Enterprise Management System and showing how companies are rethinking remote access. If you’re at the show, be sure to stop and say...