How secure is your network IT? How easy is it to keep up with rapidly evolving demands?
GUEST COLUMN | by Tom Rixom
Network security within higher education has significantly transformed as institutions reevaluate their security frameworks to repel increasingly sophisticated cybersecurity threats. Recent research found that 79% of higher education providers reported being hit by ransomware in 2023, up from 64% in 2022. The average data breach cost in the higher education and training sector was $3.65 million between March 2022 and March 2023, an increase of 2.3% over the year before and a 15.3% surge since 2020.
The problem isn’t going away. With hackers targeting younger and younger students, today’s colleges and universities are part of a larger ecosystem that must meet increasingly demanding security realities to protect the network and the individuals within their community.
‘…today’s colleges and universities are part of a larger ecosystem that must meet increasingly demanding security realities to protect the network and the individuals within their community.’
Modern Challenges for Campus IT
Traditional, credential-based security measures have proven inadequate to secure campus networks. They’re frustrating for IT staff and users alike, who must frequently authenticate via credentials on multiple devices to networks (such as the university’s WiFi) or be forced to change passwords on arbitrary timelines.
IT teams are racing to adopt security methods to withstand today’s threats without adding headaches for faculty, staff, or students. They know that introducing unnecessary friction, such as burdensome security measures, means that users often find workarounds; nearly seven in ten admins worry that adding additional security measures negatively impacts the user experience. It’s not enough to educate and train users: if a process is complicated or labor-intensive, you’ll annoy users and weaken your security posture.
Campus IT management is also complicated by the need to support a complex device environment. Students, faculty, and staff rely on a mix of desktops, laptops, tablets, phones, and IoT devices running on various operating systems like Windows, macOS, Linux, iOS, Android and more. Such device diversity makes uniform security measures complicated—if not impossible. It can be difficult to manually onboard users under bring your own device (BYOD) policies due to the different operating systems, wireless utilities, drivers, and more. Trying to manually configure a device to attain the WPA2-Enterprise standard isn’t easy; incorrectly configured devices can leave users and the network vulnerable to over-the-air attacks.
Higher Education institutions face another challenge in the cost and limitations of on-premise infrastructure. Many depend on on-premise public key infrastructure (PKI) and RADIUS servers, which limit scalability and burden IT admins with getting and keeping everything running smoothly. Maintaining these systems requires significant IT resources for ongoing management, updates, and security, which can divert IT time from other strategic priorities.
Network Security for the Long-Term
As institutions tackle these challenges, they’re looking to build an IT environment with robust network security that’s simple for users and agile enough to adapt to evolving needs and threats. Cloud computing and digital transformation have rendered many legacy processes and hardware obsolete and help Higher Ed institutions demonstrate their commitment to an innovative—and inherently secure—environment.
Implement a few best practices that will help your campus transition to more effective network security:
Create a plan that provides ongoing monitoring: Continuous monitoring and access management automatically checks the security status and compliance of all connected devices in real time. With it, IT teams can quickly identify and respond to potential threats, adjusting access permissions based on a device’s health or a user’s identity. For example, if a device is found to be infected with malware, the system could automatically restrict its access to sensitive resources until the issue is resolved.
Consider cloud-based managed PKI solutions: Transitioning to a cloud-based PKI solution enables institutions to efficiently manage certificates and authorities, alleviating the burdens associated with on-premise infrastructure. By eliminating the need for extensive physical infrastructure, institutions can scale security measures up or down without major investments in hardware or a dedicated IT team for maintenance. It also allows for quicker deployment of certificates, enhances security with up-to-date technology, and reduces overall operational costs and complexities associated with managing an on-premise PKI system.
Move toward passwordless authentication: Implementing digital certificates for authentication, managed through cloud services, provides a more secure and user-friendly alternative to traditional password-based systems. Tied to a user’s device, certificate authentication can be set for just a semester or for years. This eliminates the need for students, faculty, and staff to reset their passwords every few months or whenever they log into a device or an application or reconnect to the university’s Wi-Fi. It also eliminates the threats introduced by users’ sloppy password management (reusing or sharing passwords, etc.).
Smart cards: Smart cards serve as physical tokens that store certificates for secure authentication, and offer a robust multi-layered authentication mechanism that significantly reduces the risk of unauthorized access for personnel who access more sensitive systems and require greater security. This process can be introduced gradually by initially equipping IT teams with certificate-backed smart cards and then rolled out to the broader staff and faculty user base. Campuses leveraging smart cards and extended certificate-based authentication can offer multi-OS support to simplify login processes and enhance security across a broad range of devices.
Securing the School, Securing its Community
Institutions can create a more secure, efficient, and user-friendly network environment by incorporating digital certificates and employing cloud-based solutions for PKI management and RADIUS authentication. This approach offers seamless access while significantly reducing the potential for security breaches.
Today’s threats to network security require Higher Ed to respond with a more adaptable, efficient, and secure security approach. A cloud-forward and flexible approach eliminates the burdens of aging, credential-heavy systems, and on-premise hardware. Instead, it positions institutions with the agility to meet today’s needs while preparing for tomorrow’s challenges.
—
Tom Rixom is the CTO of SecureW2 and a US-Eduroam committee subject matter expert. Connect with Tom on LinkedIn.
Share this:
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on LinkedIn (Opens in new window)
Like this:
Like Loading…
Related
Original Article Published at Edtech Digest
________________________________________________________________________________________________________________________________
