Fiji National University faced some unique challenges securing the delivery of online learning, teaching and services during the COVID-19 pandemic.
To harden its network endpoints and overall security posture in the COVID era, the university opted for a blended security model to do the job.
Following a competitive tender, cyber security distributor Chillisoft, Palmerston North-based security services provider Advantage and Fiji-based systems integrator VT Solutions created an international virtual team to tackle the project and secure the university’s 10,000-plus end user IT network.
With students and staff relying on home computers and mobile devices to access online learning, Advantage provided security operations centre (SOC) services, including 24/7 monitoring, alerting and support, while on-the-ground ICT partner VT Solutions installed the physical components required.
The development was a significant departure from the university’s more traditional perimeter firewalls and "trust but verify" security model. It effectively established a zero trust IT environment off the back of a SOC-as-a-service model that put a single window on security threats, incidents, and how they are triaged.
Tiko Domonakibau, director of ICT at Fiji National University, said the industry arms race that organisations were forced to enter was a competition they were unlikely to win using a traditional approach to security.
“Traditional perimeter security is no longer adequate," Domonakibau said.
"We had to step up our game, though without the complex chore of wrestling security systems and monitoring ourselves."
The technology solution rides on some of the big names in Chillisoft’s stack, including vendors LogRhythm, ESET, Radware, Cofense, Tripwire, and Forcepoint.
Chillisoft CEO Alex Teh said the manual updates and patches required by the previous security model presented risks to the university’s cyber defences. The aim, therefore, was to establish a more cohesive approach to security management.
“The idea behind cohesion is for security systems to provide deeper insight into looming threats and compromises,” Teh said.
“Armed with a deeper understanding, security analysts are better able to connect the dots between different layers of security and gauge the impact of individual attacks on the broader IT network. SOC-aaS was the only viable alternative.”
The security services also placed tracking, detection, and diagnosis "behind the curtain”, leaving the university's small team free to act on vetted information and to make the correct fixes.
“Advantage simply finds the issues the Fiji National University should focus on and does that 24/7/365," Teh said.
"It’s less noise for the university and plays into the hands of a specialist provider with the horsepower to provide this type of vigilance at scale.”
The key theme for the university was visibility, Domonakibau said.
“Now we can see alerts, identify vulnerabilities, and act before damage is done. Not knowing is a grave risk – so to operate with the insight we have now is a major step forward.”