The Value of Higher Ed SaaS Security in Action

Cybersecurity risks to institutions are widespread and growing. Schools that fall victim to these digital attacks put student and institutional data at risk. That's not to mention possible downtime and increased strain on staff.

This past spring, one of Ellucian's partners notified us of a new vulnerability within their product. This vulnerability, rated critical, impacted EIS/EID/Ellucian Ethos Identity. While this vulnerability wasn't caused by Ellucian, our team took immediate action to notify every impacted institution with timely communications and next steps, rooted in best practice.

Faster Fixes, Fewer Worries

The Ellucian team was able to pivot seamlessly and support customers using the Ellucian SaaS Platform. With the help of an automated communications tool, all customers' security teams were notified by noon the same day.

For customers leveraging our on-prem solutions, immediate action by the institution was required. By contrast, Ellucian Cloud customers faced no interruption or system impact, and no manual action was required since the Ellucian Cloud team could quickly push out a fix for every SaaS customer.

The major takeaway is clear: SaaS helps customers mitigate risk and stay proactive, even amid changing circumstances and complex situations. And in the current climate, that agility is vital as security vulnerabilities, downtime, and malware plague organizations across industries. In a survey conducted on the state of ransomware in education, ransomware attacks were up by 64% in 2021 across higher ed, with a three- to six-month recovery period. What's more, 97% of higher education respondents said that an attack impacted their ability to operate. (We've written about this more extensively here if you'd like to dive down the technology rabbit hole...)

A Direct Line to Risk Mitigation

An important step that customers can take to mitigate the risks caused by security vulnerabilities is to make sure their lines of communication are open and effective. If you don't have a security email inbox that forwards important information directly to your security team, now is a good time to create one. It is an industry standard, per RFC 2142. The email address should look like security@school_domain.edu. The good news? You'll be on the inside track for any and all major communications you need to keep your operations running smoothly, no matter what.

It's no secret that the industry is changing. Institutions, learners, and staff face more challenges than ever before. Like the customers we serve, Ellucian is committed to lifelong learning. We're steadfast in our own innovation to support higher education. And that's why Ellucian is here: We power higher education so institutions can empower student success.