Cybersecurity: From A to Z on campus

格雷格Kovich

2023年5月25日

Institutions need to adopt a ‘trust no one’ cybersecurity strategy that addresses all users, 设备和应用.

It’s clear that cybersecurity is a huge concern in the education sector. As one of the most targeted segments for cyberattacks, academic institutions are on high-alert when it comes to mitigating risks and staving off bad actors.

To provide the security that campuses require takes an A-to-Z strategy. A layered approach to network security can take advantage of key cybersecurity mechanisms. It’s essential for academic institutions to develop and maintain a balanced approach to cybersecurity. If the security mechanisms are too rigid, people will look for ways to work around the procedures intended to protect their devices, 数据和应用. They’ll just add their own unauthorised 设备和应用 to avoid lengthy cybersecurity checks and software updates so they can get things done faster. It’s what’s known as “shadow IT,” and it can create vulnerabilities and open networks up to cybersecurity threats.

评估你的风险

Before you start developing a cybersecurity strategy, you should understand and assess the risks your institution faces today. As you go through the risk assessment process, keep an eye out for the following common pitfalls:

• 物联网 devices that are not managed by IT. These “rogue” devices often don’t comply with security policies, run outdated firmware and have no antivirus protection, increasing their opportunity to be used as an entry point for attack.

• Unauthorised equipment and personal devices that access the network. 如前所述, these “shadow IT” devices could be running any software and could already be infected with viruses and malware ready to attack the network. 

• Inconsistent security policies. Inconsistencies introduce weaknesses in network protection that can be targeted by untrusted parties.

• Networks with static security segmentation and implicit trust. These traditional approaches to cybersecurity allow users, 设备和应用 that were initially trusted, to attack the network with no checks to verify they should still be trusted. They also assume cyberattacks cannot come from within, which is not the case.

了解你的规章制度

In addition to understanding the risks at hand, institutions need to identify and review the privacy regulations that must be met for data that travels over their network, as well as the access control lists (ACLs) and firewall policies for data that is stored in the cloud.

When reviewing regulatory requirements, it’s important to consider national and international privacy regulations. 例如，在美国.S., academic institutions must comply with the Family 教育al Rights and 隐私 Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). And they must also remember that the European Union (EU) General Data Protection Regulation (GDPR) applies to all institutions whose enrolment includes students from the EU, no matter w在这里 it is located.

趋于零

Academic institutions must move beyond traditional ‘moat-and-castle’ network security strategies to ‘zero trust’, which means trusting no one, no device and no application. However, evolving to a Zero Trust Network Access (ZTNA) strategy is a journey. T在这里 isn’t a single solution that can simply be purchased and implemented. It takes time to implement a full zero trust environment across all technologies.

Following the five-step approach to ZTNA cybersecurity, outlined in my 以前的博客 -包括监控, 评估, 规划, simulating and enforcing — allows academic institutions to realise important benefits across all aspects of their operations. While the most obvious benefits are related to preventing and detecting unauthorised network access, t在这里 are numerous educational and business benefits as well, including protecting students’ personal information and welfare, and circumventing financial hardships — the list could go on and on.

细粒度的保护

From a technology perspective, comprehensive network access control lists, and role-based access control, provide the ability to authenticate every connection and assign permissions to each user and device that accesses the network. 结果是, institutions get a granular level of protection that makes it far more difficult for rogue users and devices to access network resources and data.

Using micro-segmentation to further segment user traffic within a macro- segment also enables more granular control of user and device access to reduce the risk of an attack running rampant throughout the network. 与微营销, user traffic within a macro-segment, 例如VLAN, can be separated based on factors such as time of day, 访问位置, user profile such as a student, faculty or administrative staff and other access controls. The same security policy follows the person no matter w在这里 they are, allowing the institution to cast a more unified approach to cybersecurity.

经验为基础

Working with a partner who can provide expert insight and guidance as well as proven cybersecurity networking solutions goes a long way to getting things right. 在啤酒, we’ve helped educational institutions around the world develop their cybersecurity strategies. We understand the steps that must be taken, and we work to provide the secure networking solutions that meet your goals.

We’re a trusted partner with academic institutions around the world. 一些例子包括， California State University 在美国.S., 保拉·索萨中心 在巴西， 林雪平大学 在瑞典, 我们的智慧在哪里, resilient networking solutions provide the security, high speeds and performance users need to work safer, 更好更快.

了解更多关于ALE的信息 secure networking solutions for educational institutions.