Standing guard

The American University of Dubai makes a clear statement for managed security services as it chooses to work with Google’s email filtering facility

Tags: Google IncorporatedManaged servicesNortel Networks CorporationPolycom IncorporationUnited Arab Emirates
  • E-Mail
Standing guard It is largely a hardware-based security infrastructure, but we do have procedures in place to ensure high efficiency. - Frank Seifaee, AUD’s IT services manager.
By  Sathya Mithra Ashok Published  September 8, 2009 Network Middle East Logo

If using outsourced third-party providers for any IT service remains a relative rarity among most Middle East enterprises, then opting to make use of outsourced security services is worthy of note.

And if a reputed organisation of higher learning, such as the American University of Dubai (AUD) decides to take that path for a critical security service, then it becomes worth a closer look.

“We have a data centre located on campus with servers, switches and routers. We have about 25 computing lab facilities that consist of PCs and Macs. In terms of hardware we have a number of different flavours – HP and Dell for end-users and Nortel for the backend, network switching equipment. We are mostly on a Microsoft platform for applications,” said Frank Seifaee, AUD’s IT services manager.

Security has remained a top concern for the twelve-member IT team at AUD, and a largely-hardware based approach has been implemented to handle the integrity of the network.

Seifaee said: “For security we do work with a number of vendors in terms of making sure that the equipment we have in place performs according to our standards of security. It is largely a hardware based security infrastructure, but we do have procedures in place to ensure high efficiency.

“We have only one facility – no remote locations – and since everything is contained in the single campus it is a lot easier to secure,” he added.

To aid this approach and to remain effective, a security policy has been implemented to standardise usage of systems and IT resources across the universities’ campus.

“We have had a security policy for around two years now. When I started here we didn’t have fairly comprehensive policies and procedures. There were some existing procedures on paper but nothing really implemented. About three years ago, we decided to have definite policies implemented across our systems. For this we drew from best practices. We also looked at other organisations and academic institutions to understand the practices they were using internally,” explained Seifaee.

Spam me not

Highly conscious of security as AUD’s IT team is, they were keenly aware of the need to control spam in their email environment.

“If you look at email these days, it is one of the most important applications in any organisation. If anything goes wrong with email, your helpdesk will be flooded with calls. Any other app and people are not that concerned. So imagine if you have a number of users and they are receiving a whole lot of unwanted emails. You come to the office and you get 100 emails per day, and out of that 100, 80 are unwanted. As an individual then you have to spend many hours at your office to clear the emails that you don’t need.”

To combat the problem, AUD installed a scanning and filtering solution to go through incoming emails around two years back. While the application worked initially for the university, Seifaee and his team noticed that with time the number of unwanted emails entering end-user inboxes increased and, from time-to-time, the application would malfunction and block outgoing emails as well. As problems with the application multiplied, AUD decided to look for a new spam solution, and in the early part of 2009 called in three vendors to present their solutions for evaluation. The vendors were IronPort, Barracuda and Google with its Google Message Security (GMS) email service.

“I already had knowledge of Google and GMS. This goes back to my experience in the US, where I had read about this service of filtering junk and unwanted email being offered to organisations in the private sector. I also learned that some of my colleagues were already using the service with favourable results. So when we needed a similar solution here at AUD I contacted Google, who put me in touch with their local agency here, FVC,” said Seifaee.

All three vendor offerings were put through an extensive evaluation process at AUD, following which the Google service, which is powered by Postini, was chosen.

“We considered several factors during the evaluation phase - who the vendor is, how large they are, who is using the solution especially in the region, how reputable they were and what kind of support was on offer. Pricing was also very important in comparing one solution to the other. In the long run we had to choose a solution that would cost us less but also meet our security and standards, and this requirement was fulfilled by the service. We also evaluated FVC. It helped that we already knew them and that we had dealt with them in the past.”

Around three months back, the selected Google service was run through a detailed proof-of-concept at AUD. The test, which lasted for ten days, was a success, and following this AUD went live with the service roughly two months ago.

“There was not a lot of work involved at our end. The good thing about this service is that we didn’t really have to purchase any equipment and bring it here into our network and spend time reconfiguring everything to work with this device. It was easier for us to re-route our traffic to the service provider and simply change the configuration of a few things internally. There was just one day’s training for my staff and the people who were doing the administrative work for this solution,” said Seifaee.

Before going live, the IT team presented the case of the Google service to its higher management. According to Seifaee, when it was explained that the other solutions did not really offer what they were looking for, the university management was quite happy to go with Google. It also helped that the team had worked out a binding agreement with the service providers.

“The integrity of our data was a great concern for us. I asked the vendor to sign a confidentiality agreement, setting forth that they had sufficient security measures in place to protect our data. We do have a legal agreement in place between Google, FVC and AUD.”

With the new service, AUD’s emails are re-routed to Google servers, where they are scanned in real time for spam detection. Daily notifications of the quarantined emails are sent to users. AUD’s IT department maintains administrative capability over the service via a control panel at their end. FVC acts as the first line of support for AUD, and when they are unable to solve a problem it is referred on to Google proper
for rectification.

“The service has definitely given us RoI already. With this service we are stopping junk emails before they reach an user’s inbox. Then all the end-users have to deal with are emails that are really related to them and their work. That ensures a lot of increased productivity for our staff. In terms of my team at IT services, it saves our time in managing these emails, and aids us in stopping viruses that could cause other problems in our network. So yes, RoI is already there and in the long term we will get a lot more.”

The university has purchased a 275-user licence currently, though Seifaee believes that the number is likely to increase in the near future, even as the university looks at expanding the scope of the service to cover web content management.

Services and the future

With over 3,000 students and 200-plus faculty and staff, the IT team has been kept busy over the previous 15 months in providing efficient services. Nevertheless, they also found time to upgrade their network from a single to a double-core one, as well as implement IP telephony. For both solutions, AUD chose Nortel.

While Google remains the only official outsourced service used by the university today, Seifaee states that they will be exploring IT services more in the near future.

“There is a possibility that we will look at other solutions that are web-based or outsourced to give us managed services. When it comes to IT it is easier to pick other elements, apart from security, for going with managed services,” he explained.

The first of these might include the remote hosting of AUD academic content for the benefit of its students.

“We are looking at evaluating and implementing this in 2009 and there are a couple of apps that we are looking at. This includes provisions for students in our computer classes as well as at least one other programme, where they can log into a website and conduct exercises, practice tests etc. The content is provided by us and the application is hosted on the web from the United States. Students can go in there and complete exercises that are assigned to them by their instructors, including projects, and potentially exams,” said Seifaee.

The IT team is able to implement these projects and others relevant to the various academic departments by way of an annual budget.

“Basically every department has a budget. When I say department it would be the academic units. My department is also responsible for the overall IT budget, which means all the systems that are shared by the entire university across both academic and administrative units. This includes things like the network or the computer labs or software licensing for all the users. When there are common projects, I include this in my budget and then present the case for them during a hearing with the senior management. Once the budget is approved, we start the process for any project,” stated Seifaee.

Backed strongly by its management and led by a far-thinking IT team there is little doubt that AUD will continue to do a lot more with its set budget than most other organisations.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code