Finding balance between openness and security in higher education IT.
GUEST COLUMN | by Reuven Harrison
Researchers and consumers alike have noticed a massive spike in cybercrime across a variety of industries in the United States recently. From the financial services industry to retail, and everything in between, we have seen hackers try and try again to break through the barriers these organizations have set up. Compared to corporations and government agencies, the environment surrounding higher education embodies collaboration and openness amongst university staff, professors and students – putting the industry at a significant disadvantage.
Colleges and universities must gain a comprehensive understanding of their networks – the reach, the incredible amount of data, and, of course, the thousands of people with access.
According to recent research, 85 percent of university and college students own a laptop. Though some parents may not like to admit it, it’s no surprise that a majority of laptop-owning college students use their computer for non-academic purposes – such as downloading and watching television, movies and music. The laptop, however, is just one device of many that students are bringing to school, and according to the same research, 81 percent of respondents could not even imagine completing their academic work without the aid of electronic devices.
All of these devices – laptops, tablets, smartphones, etc. – are accessible through public networks, releasing data into the open for the world to see and potentially steal. That’s enough to keep any IT professional up at night. The higher education environment is built around collaboration and sharing, but with thousands of students and staff members accessing a single, public network with their own devices, the network – and all the information inside of it – is in a very vulnerable position.
Adapting to the Change Environment
Higher education institutions are no strangers to change and are certainly not blind to the rapid advancements of technology – these things are at the core of a learning environment in this day and age. The ability to adapt to this change is crucial when the private information of your customers, ahem, students – is put at risk of theft. In fact, just this past January, EDUCAUSE – the foremost community of IT leaders and professionals committed to advancing higher education – released what it believes to be the top 10 IT challenges in the industry which includes “developing an enterprise IT architecture that can respond to changing conditions and new opportunities.”
As virtualization and cloud technologies evolve and expand, the network becomes more and more complex. There is a need for automated technologies to ensure an institution is adapting at the appropriate pace, and staying in-line with the existing and evolving security policies in place. With a network security change automation solution, a college or university can make the necessary configuration changes in a fraction of the time while also reducing human error that can ultimately lead to network exposure and outages.
Focusing on the Big Picture – Network Segmentation
As new technologies gain traction within the industry, the challenges faced by these higher education institutions are continuing to grow. Network segmentation, or micro-segmentation – splitting the network into subnetworks to reduce congestion, improve security and contain problems internally – is the best methodology to share as much as possible, while securing sensitive data and reducing the exposed attack surface. As change is accelerating throughout the organization, it can be very difficult to achieve and maintain the desired network segmentation. With such public and open networks, and thousands of people accessing the network at any given time, colleges and universities must take the necessary steps to ensure their networks are properly segmented.
Still considered a cornerstone security best practice, network segmentation can help these institutions limit the lateral movement of an attacker within the network, and in turn can potentially reduce the impact of a security incident or breach. Colleges and universities must gain a comprehensive understanding of their networks – the reach, the incredible amount of data, and, of course, the thousands of people with access. All of these play a key role in a cybercriminals plot to hack higher education institutions, which is why it’s so important for the IT professionals within these education organizations to be one step ahead.
By identifying the key assets of an organization, you can segment them and define how each segment interacts with each other, and subsequently prioritize the segments by the risks associated. It’s also crucial to understand, or at least have an idea for what an attacker is most likely going to try to steal. Once you have a solid understanding, you can leverage network segmentation to then block the path the attacker is likely to take. With this level of visibility into their networks, higher education institutions can more effectively prevent and address the security concerns and incidents within this industry, and ultimately ensure student and faculty data is kept safe from hackers.
Reuven Harrison is CTO and co-founder of Tufin, a network security company specializing in the automation and acceleration of network infrastructure changes while maintaining security and compliance.