The University of Pittsburgh is one of the oldest institutions in the country, dating to 1787 when it was founded as the Pittsburgh Academy. The University has produced the pioneers of the MRI and the television, winners of Nobel and Pulitzer prizes, Super Bowl and NBA champions, and best-selling authors.
As with many businesses today, the University continues to digitize its organization to keep up with the demands of over 35,000 students, 5,000 faculty, and 7,000 staff across four campuses. While the first thing that comes to mind may be core facilities such as classrooms, this also includes keeping up with the evolving technology on the business side of things, such as point-of-sale (POS) systems. When a student buys a coffee before studying or a branded sweatshirt for mom using their student ID, those transactions must be facilitated and secured by the University.
What does it mean to secure financial transactions? For one, just as with a retail store operation, the University must achieve PCI compliance to facilitate financial transactions for its customers. What does this mean? Among other tasks, PCI demands that the data used by these systems is completely isolated from other IT operations. However, locking everything down is only half the challenge. As businesses and organizations face the need to digitize and transform their operations for the digital economy, they are striving to keep up with the rapid rate of change and how their customer expectations are evolving. One option for achieving PCI compliance involves loads of static and physical infrastructure, but in this case, how can the organization be agile enough to keep up with changing demands such as introducing mobile POS systems (via tablets), or the continuous changes in PCI compliance requirements?
These are the challenges that the University of Pittsburgh Financial Information Systems (FIS) department was facing. Having already realized dramatic cost and time savings by virtualizing their workloads several years ago – 20-to-30-hour deployment times reduced to 20 minutes with just a few clicks – together with Trend Micro, FIS was quick to pick up on the added benefits of virtualizing its network using VMware NSX. Given the situation, one of the key issues for FIS was achieving PCI compliance. By using the micro-segmentation capabilities of NSX where each workload (virtual machine) gets its own isolation and customized embedded firewall, the FIS department could achieve the security required to resolve its internal concerns, while also achieving PCI compliance. This allowed FIS the ability to quarantine a workload whenever it observed issues.
“It’s seamless,” explained Daniel Mahaven from the FIS department. “It’s easier to manage because NSX is basically built into VMware so the firewall is agile and agentless.” FIS also uses vRealize Operations in conjunction as a “performance tool … to see where there are issues with VMs.”
“We can monitor critical services on our servers so we get alerted on that, if let’s say [a database] goes down we can get alerted,” Steve Koch elaborated. “And it basically brings you then those performance statistics on your VDI environment as well. It just gives you the ability to drill down in the machines and see which machines are maybe low on resources or even overprovisioned … a more proactive approach instead of a reactive approach.”
Moving forward, the FIS department expects to continue to leverage the potential of NSX as part of many upcoming projects. Once the POS systems have been secured, FIS is looking to use the NSX and Horizon integration to bring the same levels of security and agility into their Virtual Desktop Infrastructure (VDI) environment. From there, FIS hopes to do the same with AirWatch, bringing agility and security to its Enterprise Mobility Management (EMM). For the University of Pittsburgh FIS, achieving PCI compliance with VMware NSX is just the first step in a new wave of more agile and secure possibilities.
To learn more about using Micro-Segmentation from VMware NSX for PCI Compliance, see:
- Micro-Segmentation Cybersecurity Benchmark Report by Coalfire
- VMware NSX: Micro-Segmentation Hands-on Lab
- Stephen Koch of University of Pittsburgh discusses Trusted Security in the Software-Defined Data Center, moderated by ESG