For college students, there is the inescapable expectation that their higher education experience should leverage the same digital interactions that embellish other facets of their lives. “This means that we have to make sure that all of our touchpoints — including our public-facing online presence and systems and services restricted to current students and faculty members — deliver the very best possible experience and security,” commented Brockman. “We’re constantly striving to create an optimal and secure IT environment.”
Technology as the Enabler
Xavier IT projects serve to improve the support of students. As such, one important initiative involved the planned transition of key functions to a managed cloud solution.
Having made the decision to implement this solution, Brockman faced the realities of financing it: “We had always been an Oracle shop, but fulfilling our highly expensive contractual license and support obligations while simultaneously funding this cloud move made us take a hard look at our approach.”
Staying Supported and Secure
Facilitating the move, Xavier looked for a partner that could reduce the Oracle support financial burden without creating any operational disruptions or compromising the university’s overall security.
“Security has always been of paramount importance to us. We are entrusted with large volumes of sensitive, confidential information,” stated Brockman. “Xavier has always strongly adhered to FERPA and the multiple federal, financial, and other education-related regulatory mandates. We needed to make sure that we resolutely maintained this compliance.
“With ERP at the center of many of the university’s critical functions, keeping the Oracle systems secure was a high priority … and a challenge. “We wanted to apply patches each quarter to over 60 WebLogic servers, but with modest resources, we were only able to do so twice a year, and even then, it was a struggle to maintain patching.”
Further complicating matters, with so many servers, Xavier found some Oracle applications that were no longer fully supported by Oracle, so it could not receive security patches for those applications, leaving the university at risk.
Solving the Equation
The big breakthrough came when Brockman’s research revealed a solution that delivered dramatic returns. “Talking with Rimini Street, we realized it was viable to extract ourselves from our Oracle contracts. We saw we could achieve significant cost savings, as well as elevated levels of support and security – exactly what we were looking for.”
Xavier also implemented two Rimini Street Advanced Security solutions that use virtual patching to overcome limitations of traditional patching models, such as the need for extensive regression testing and system downtime. The Advanced Security solutions also provide alerts to the Xavier team when attacks are attempted.
The university’s WebLogic Fusion Middleware leverages real-time zero-day vulnerability protection from Rimini Street Advanced Application and Middleware Security, protecting against known and unknown vulnerabilities using Java run-time detection and remediation before attacks reach their intended target. Because Xavier uses some older, popular releases (no longer fully supported by Oracle), it no longer needs to upgrade in order to stay secure. The Rimini Street solution, unlike traditional vendor security patching, protects immediately with minimal operations disruption and system performance impact.
Xavier’s Oracle Database is protected from known and unknown vulnerabilities by continuous monitoring and analysis of database shared memory. The Rimini Street Advanced Database Security solution is enhanced with technology by McAfee and is a next-generation database security solution. Importantly, Advanced Database Security protects releases that are no longer fully supported by the vendor.
“We still have some older WebLogic releases that are no longer fully supported by the vendor. However, with Rimini Street, there is no need to perform unnecessary upgrades just to continue receiving support or security patches,” commented Brockman. Both solutions were easy to install, requiring virtually no routine attention in contrast to prior services.
Brockman concluded, “I feel very secure with Rimini Street. Virtual patching is proactive and immediate. We don’t have to sit around and wait for something to happen before we get sent a vendor patch months later.
“We’re saving time and resources as well as being more secure. My team is now able to work on strategic projects that make a tangible difference to Xavier. I would not hesitate to tell anyone in a similar position to take the leap and just do it!”