Seamless, Secure, and Smart: SASE Revolution in Higher Education

As the number of cyberthreats and attacks on colleges and universities increases every year, so does the need to secure college and university IT environments as the wealth of personal data of students, parents, faculty and staff represents an attractive target. Additionally, many colleges and universities conduct important research that has significant technological or national security implications. The threats come from everywhere; Ransomware gangs, Nation-State attacks, disgruntled insiders, and even careless faculty, staff or students all represent potential ingress vectors.

Traditional security approaches – especially for legacy access technologies like Virtual Private Networks (VPN) – were not made for modern usage models where the entire campus community can access the network from a variety of locations with a myriad of devices. Modernizing the network involves innovative approaches and technology frameworks such as Secure Access Services Edge (SASE).

The network perimeter dissolves

Colleges and universities have always been complex IT environments to secure. Most campuses have dozens or even hundreds of buildings, spread over large physical plants and often involving branch campuses across the city, state or nation or around the world. Adding to those pre-existing conditions, the post-pandemic reality is that the rapid response to our changed world has created a new set of challenges and delivery opportunities. Students are no longer 100% in classrooms, even as they return to a more “On Campus” experience. Faculty are using the emerging toolkit – Zoom or Teams Classes, Tik Tok videos, Augmented and Virtual Reality – to deliver exciting and innovative new courses and support students regardless of their physical location.

Many staff and administrative roles that didn’t require a physical presence have proven to be “work from home (WFH) ready” and are likely to remain WFH or hybrid – on-campus some days, home at others and mobile in between. Faculty, including research staff, are often connecting from remote locations whether that’s home, research labs or conferences on another continent.

The trends and the changing security needs are not going unnoticed in the higher ed community. Global Higher Ed IT and Security organization, EDUCAUSE, notes that “Increased need for Data Security…” and “Continued adoption and normalization of hybrid and remote work arrangements” ranked at #1 and 2 in the EDUCAUSE 2023 Higher Ed Trend Watch. All these changes in access mean the campus network perimeter is wherever the users are. That means an increase in expectation of high-speed, low-latency connection, and a resulting increase in risk.

SASE scales security, access and speed into the future

Traditional VPN access can create bottlenecks or data choke points resulting in increased latency, slower traffic, and increased costs. Those traditional VPNs also create a potential security risk via the unlimited access they provide to users once verified.

The term “SASE” was first coined by Gartner and has gained rapid acceptance among both vendors and customers. It is not a single product or technology, though some might refer to it that way. Most agree that SASE is a multi-component solution or framework, incorporating technologies such as:

• Software Defined Wide Area Network (SD-WAN) – using the ease of implementation and management provided by software to replace legacy technologies and hardware
• Next Generation Firewall (NGFW) – expanding on capabilities of traditional firewalls to increase their ability to identify and block potential threats
• Secure Web Gateway (SWG) – to protect users and institutions from inappropriate or hazardous content, enforce policies, and prevent unauthorized data transfer or theft
• Cloud Access Security Broker (CASB) – to protect the increasing number of cloud or Software as a Service (SaaS) applications used by most colleges and universities today
• Zero Trust Network Architecture (ZTNA) – an integrated framework providing for Least Privilege access to specific resources as opposed to admission to the entire environment provided by traditional VPNs

SASE is designed to simplify and secure network access across a user community that is remote, mobile, on campus or all the above. The goal of a SASE migration is to provide a unified set of cloud-based services replacing multiple technologies – frequently from disparate vendors – that can be easily managed and controlled.

“Per Gartner, SASE implementations are expected to grow from 35% in 2020 to 60% by 2024”, said Hemen Mehta, Vice President of North America Service Provider Sales for Versa Networks, a SASE provider and Lumen partner. “Colleges and universities will require a secure and connected approach that will protect students, employees, and their devices at the edge of the cloud, as well as secure access to apps and key data; all the while enforcing consistent cyber policies and rules across the diverse range of connections.”

Gartner’s SASE framework is an initial step towards improving both the security profile and the users’ access and experience in higher ed. A well-planned SASE implementation can help address both the “Access Anywhere” and cybersecurity risk challenges.

From planning to implementation

Because there are several components to the SASE framework, it could be tempting to choose each piece separately. One emerging lesson from many who’ve dug in is that choosing a single vendor, building a structured plan, and staying methodical in implementation can help lead to both project success and budget savings.

SASE can be a natural next step in any networking equipment change, be it a firewall, WAN or VPN refresh or a move to SDWAN. Integration among the components is key, so collaborating with a provider who has access to best of breed in all components – AND the engineering skills to do the integration for your entire environment is key to a smooth implementation.

Lumen partners with some of the best networking technology partners to deliver the components of a world-class SASE implementation while our fiber backbone gives users access to the most peered network in the world.¹

SASE can help universities reduce the cost and complexity of managing their networks and security infrastructure by consolidating multiple functions into a single cloud-based service. This can help universities better manage their budgets and focus on their core missions of teaching, learning, service and research.

Are you ready to modernize your campus IT security? Let’s build a plan and implement it together.

¹CAIDA, AS Rank, March 2024.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.