Higher education students bring their own devices onto campus, causing universities and colleges to re-evaluate their security and access structure.
Students are “bringing their own computers and applications and they want us to secure it,” said Mehran Basiratmand, chief technology officer at Florida Atlantic University. “One solution fitting all higher ed is no longer the case.”
As the sales of desktops continue to drop, the sales of tablets and mobile devices have increased drastically. While this is great for students, it is creating a more complex environment for campuses.
Campuses now oversee identity and security life cycle management. Basiratmand refers to it as a “whole paradigm shift.” And limiting students’ access to resources would affect their educational experience, leaving higher ed institutions to adjust their security postures.
“Students like to use their phone and tablet to not only register for courses, [but] get their transcript, make a payment, and for the most part doing their overall learning management system,” Basiratmand said. “The need to build better security both at the local level and at the perimeter is becoming more challenging.”
It’s no longer placing a firewall around the campus, as students have brought their access outside the campus perimeter.
Some students have multiple roles where they need to have additional levels of access, if they are employees of the university/college or researchers. Institutions need to build a comprehensive security role access plan through Identity Access Management (IAM) products in order to address the varying levels of access.
This has caused the role of higher performance computing to evolve. Basiratmand pointed to two separate sets of high-performance computing on campus. There is “general purpose computing of researchers that have non-health related data” and “[the] second one is entirely devoted to HIPAA- compliant data and we need to make a decision as to which researcher needs to have access to what environment,” Basiratmand said. HIPAA is the Health Insurance Portability and Accountability Act, which protects the confidentiality and security of health care information.
Campuses also face challenges with cloud-based services such as Box, Dropbox, AWS, and more, with faculty using these cloud environments and potentially saving Personally Identifiable Information to these services.
“[Institutions] need to develop strong policy to control the level of access and educate [faculty] on what they can and cannot store on these environments,” Basiratmand said.
Higher ed institutions are encouraged to view security as a holistic approach.
“Determine what it is you’re trying to protect, and who you’re trying to protect it from,” said Ken Dang, product security manager of Dell Security. “Tailor your security.”
Dang suggested a threat-centric security model for higher ed that includes the following steps:
- Defend: Before an attack, fortify your position to give yourself the best chance of preventing a breach.
- Detect: During an attack ensure your tools see the threat and act quickly to prevent it.
- Discover: After penetration ensure visibility to unmask the threat quickly to minimize loss.
Develop a comprehensive policy and build technologies out. Focus on the areas that can be improved on, or any gaps in technology.