| Executives April 23, 2019
April 23, 2019
By Bob Stevens
Thanks to today’s innovation advancements, the higher education arena is on the forefront of allowing for anytime, anywhere data access to help advance the learning mission.
Much like we have seen in the enterprise and government sectors, the network perimeter in higher ed has disappeared, and critical data needed for students to be productive has moved to the cloud, and is accessible from any mobile device, anywhere.
This evolution is a great thing. With students and staff leveraging multiple devices, today’s post-perimeter world enhances the educational mission through mobility and the ability to access data seamlessly.
As a result, though, this is creating a larger surface area with thousands of devices being distributed across any campus, and exposes considerable cyber vulnerabilities, especially when it comes to mobility.
One vulnerability is the sensitive data about students that schools collect, which include financial, health and academic information. In addition, many students often use popular social media apps, making the higher education sector a potential target for social engineering and phishing attacks.
It also causes a serious challenge to university security teams who rely on perimeter provisions such as firewalls and secure web gateways. There are also cultural challenges in higher education where network administrators are hesitant to require students and faculty to download cybersecurity solutions on their private mobile phones.
With data now being fluid and accessible, there is no “there” anymore when it comes to where educational data lives. This is causing two new security necessities to emerge: moving security functions to the endpoint and establishing a zero trust access model.
Rather than stashing endpoints behind traditional perimeter security, security itself must move to the endpoint. It doesn’t make sense to put guards in front of your castle when the castle walls don’t exist anymore. Security needs to be everywhere that the data lives and is accessed.
In addition, post-perimeter security revolves around the “Zero Trust” model created by Forrester research in 2010. Today this model, which is centered on the belief that organizations shouldn’t automatically trust anything, whether inside or outside its perimeter, has moved into the educational arena.
In order to meet these challenges, higher education institutions have the opportunity to fully embrace the new architecture behind post-perimeter security, which is comprised of endpoint protection, access to the cloud, and identity.
Assessing device risk using an endpoint protection solution is a crucial aspect of post-perimeter security architecture. This protection provides visibility into any threats or risks on the device. The solution then decides whether or not a student or faculty device is healthy enough to authenticate and access institutional resources. Through this protection, policies can be enforced based on a university’s specific risk tolerance.
Protecting access to the cloud, and the Internet as a whole, without relying on perimeter provisions is another crucial aspect of this architecture. Monitoring for malicious links and websites — and preventing students and faculty from accessing dangerous content — is a primary function that must move.
These two aspects work together with an identity solution that allows students to authenticate and access university resources or be denied the ability to authenticate. Once authenticated, the endpoint risk is continuously assessed, with access revoked any time a new risk is detected.
This all ties together under the continuous assessment of risk umbrella where these three pillars of post-perimeter security are always working in concert to ensure that university risk levels are never crossed.
Thankfully, there are solutions and platforms that are specifically designed to give universities a tangible way to bring post-perimeter security to their students and workforces.
For example, mobile endpoint security solutions allow universities to deploy continuous conditional access to their student and faculty endpoints before authentication to university resources, ensuring that policies are enforced at all times and device health checks are happening continuously. If a device exceeds the acceptable level of risk, as defined by the university, these platforms will send a remediation message to the student, flag the issue to the admin, and log the student out of any university resources.
These solutions also offer phishing and content protection, which addresses phishing attacks beyond email, such as SMS, and social media and messaging apps.
With more and more studies highlighting how the higher education arena is becoming increasingly vulnerable to cyber attacks – along with the expanded surface areas for threats – colleges and universities need to embrace a new way of thinking when it comes to cybersecurity.
The perimeter has fully disappeared, and thankfully there are solutions that allow higher education institutions to safely and securely leverage innovation in ways that advance both the operational and educational missions.
Read this whitepaper to learn how to implement a post-perimeter security architecture.
Bob Stevens Vice President, Americas