Cloud technology enhances higher ed data security
Q&A with Josh Sosnin, Chief Information Security Officer, Ellucian
How does higher ed benefit by moving to the cloud?
Moving to the cloud can provide security benefits that many schools could not otherwise afford. As an example, when you move email to the cloud, you might get a base level of anti-virus, anti-malware and email hygiene (e.g., anti-spam, anti-phishing, etc.) software included, whereas when you run email on-premise, you have to bolt that on and have somebody run it. Also, your cloud vendor is almost certainly going to have a robust disaster-recovery process, so if one server fails, the information automatically rolls over to another one.
Why is multifactor authentication (MFA) particularly important in maintaining secure cloud environments?
Passwords aren’t enough anymore. Even the most security-conscious person can fall for sophisticated phishing attacks. Once you’ve got the basics—anti-virus, anti-malware, patching, email hygiene and all of your awareness training—the biggest bang for your security buck is often multifactor authentication. It’s a huge value and should be prioritized.
What are some solutions to common challenges schools face when implementing MFA?
The challenges we’ve seen most often are cost and prioritization. And sometimes there is pushback from faculty and staff who are resistant to change. But attacks are only getting more frequent and more sophisticated. You’ve got to assess the risk and prioritize, and sometimes you’re going to have to find the funds or find open-source solutions that fit your institution. But it’s usually less costly and easier to implement MFA for your cloud-based solutions and systems than it might be for on-premise solutions.
What’s next for information security in higher ed?
A popular scam right now is fake submissions for enrollment to acquire a dot-edu email account, which gets you some great discounts and goes for about $5 on the black market. These unauthorized email accounts are sometimes used for phishing attacks because a person is more likely to believe an email appearing to come from within the school. Schools can avoid this scam by not providing an email account until a student has been accepted, has gone through more of the enrollment process, or has shown up on campus. By selecting cloud-based solutions, institutions also benefit from access to a team of security professionals who provide their dedicated expertise and insights to higher education institutions around the world.
Originally published in University Business.