Information security is a challenging field for organizations made more difficult because it is prone to the constant change in information technology. Higher education institutions thrive with open access to information and collaboration. Yet, higher education institutions also store and process sensitive data such as student records, student health records, credit card data, and State and Federal government data. An essential aspect of information security professionals' roles is to know what types of data they have and where data is located. However, a technological trend identified by the 2021 EDUCAUSE Horizon Report: Information Security Edition identified expanding and borderless network boundaries (EDUCAUSE, 2021). Networks without well-defined borders are complicated for information security teams to protect. As organizations migrate data to cloud-hosted solutions and data is accessed by organizational users, devices not managed by the organization could access that data. For example, personal and mobile devices may access cloud-hosted and controlled data stored or processed across devices subject to different laws, regulations, and endpoint security access controls. Information security teams will need to identify and monitor a device accessing their data and ensure that it is free from malicious software and can safely access sensitive data. The societal and cultural trends amplified by the remote work lifestyles to accommodate COVID-19 safety protocols have compounded information security challenges. Information security teams can detect and respond to security incidents on endpoint devices such as computers, tablets, and other mobile devices as long as end-users comply with security requirements on personal devices. For example, end-users will need to install endpoint protection software and maintain their devices with security updates. However, users today want the convenience of access to data and, though aware, may not be as vigilant about information security practices. The Horizon Report identified the deployment of cloud-based endpoint protection platforms (EPPs) as an important technological trend to manage the security of organizational data. EPP will be required to provide information security as users continue to access data from personal and public networks due to COVID safety protocols and the convenience of remote work. COVID and cultural trends pushed network boundaries out of organizational-controlled network infrastructure and into a wider borderless networked world. An example of the increased number of remote students based on a survey performed by the National Center for Education Statistics identified 7,313,623 students enrolled in distance education courses from post-secondary institutions in 2019 (Institute of Education Sciences, 2015).
To maintain the visibility of mobile and remote devices, information security teams must have a window into the network security and device security posture to identify potential abuse and breaches. Higher education information security teams can use EPP provided to end-users to monitor these remote systems accessing organizational data. The organizations will have to work through legal and licensing challenges with vendors that may complicate software deployment of organizational purchased software to personally owned devices. In addition, software must remain easy to deploy, maintain, and use to ensure that convenient access to data is not subject to technological barriers and thus decrease the chances of user adoption and use. In my past role on a higher education information security team, the organization was able to work with vendors to provide EPP to students, faculty, staff, and affiliates without a significant increase in product cost. In addition, open and transparent participation and communication with faculty, staff, students, and affiliates to develop policy that specified how organizational software on personal devices could and would be used improved willingness to install and comply with information security requirements. Even though the network boundaries are shifting and appear borderless, higher education organizations will find that they can benefit by using EPP that is widely deployed to continue providing information security benefits across the spectrum of devices accessing organizational data. References EDUCAUSE. (2021). Information Security Edition (p. 10). EDUCAUSE 2021. https://library.educause.edu/-/media/files/library/2021/2/2021_horizon_report_infosec.pdf?la=en&hash=6F5254070245E2F4234C3FDE6AA1AA00ED7960FB Institute of Education Sciences. (2015). The NCES Fast Facts Tool provides quick answers to many education questions (National Center for Education Statistics). Ed.gov; National Center for Education Statistics. https://nces.ed.gov/fastfacts/display.asp?id=80
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|