Cybersecurity: From A to Z on campus

Greg Kovich
mayo 25, 2023

Institutions need to adopt a ‘trust no one’ cybersecurity strategy that addresses all users, devices and applications.

a group of people working on a project

It’s clear that cybersecurity is a huge concern in the education sector. As one of the most targeted segments for cyberattacks, academic institutions are on high-alert when it comes to mitigating risks and staving off bad actors.

To provide the security that campuses require takes an A-to-Z strategy. A layered approach to network security can take advantage of key cybersecurity mechanisms. It’s essential for academic institutions to develop and maintain a balanced approach to cybersecurity. If the security mechanisms are too rigid, people will look for ways to work around the procedures intended to protect their devices, data and applications. They’ll just add their own unauthorised devices and applications to avoid lengthy cybersecurity checks and software updates so they can get things done faster. It’s what’s known as “shadow IT,” and it can create vulnerabilities and open networks up to cybersecurity threats.

Assess your risks

Before you start developing a cybersecurity strategy, you should understand and assess the risks your institution faces today. As you go through the risk assessment process, keep an eye out for the following common pitfalls:

• IoT devices that are not managed by IT. These “rogue” devices often don’t comply with security policies, run outdated firmware and have no antivirus protection, increasing their opportunity to be used as an entry point for attack.

• Unauthorised equipment and personal devices that access the network. As mentioned previously, these “shadow IT” devices could be running any software and could already be infected with viruses and malware ready to attack the network. 

• Inconsistent security policies. Inconsistencies introduce weaknesses in network protection that can be targeted by untrusted parties.

• Networks with static security segmentation and implicit trust. These traditional approaches to cybersecurity allow users, devices and applications that were initially trusted, to attack the network with no checks to verify they should still be trusted. They also assume cyberattacks cannot come from within, which is not the case.

Know your regulations

In addition to understanding the risks at hand, institutions need to identify and review the privacy regulations that must be met for data that travels over their network, as well as the access control lists (ACLs) and firewall policies for data that is stored in the cloud.

When reviewing regulatory requirements, it’s important to consider national and international privacy regulations. For example, in the U.S., academic institutions must comply with the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). And they must also remember that the European Union (EU) General Data Protection Regulation (GDPR) applies to all institutions whose enrolment includes students from the EU, no matter where it is located.

Get to zero

Academic institutions must move beyond traditional ‘moat-and-castle’ network security strategies to ‘zero trust’, which means trusting no one, no device and no application. However, evolving to a Zero Trust Network Access (ZTNA) strategy is a journey. There isn’t a single solution that can simply be purchased and implemented. It takes time to implement a full zero trust environment across all technologies.

Following the five-step approach to ZTNA cybersecurity, outlined in my previous blog — including monitoring, assessing, planning, simulating and enforcing — allows academic institutions to realise important benefits across all aspects of their operations. While the most obvious benefits are related to preventing and detecting unauthorised network access, there are numerous educational and business benefits as well, including protecting students’ personal information and welfare, and circumventing financial hardships — the list could go on and on.

Granular protection

From a technology perspective, comprehensive network access control lists, and role-based access control, provide the ability to authenticate every connection and assign permissions to each user and device that accesses the network. As a result, institutions get a granular level of protection that makes it far more difficult for rogue users and devices to access network resources and data.

Using micro-segmentation to further segment user traffic within a macro- segment also enables more granular control of user and device access to reduce the risk of an attack running rampant throughout the network. With micro-segmentation, user traffic within a macro-segment, such as a VLAN, can be separated based on factors such as time of day, access location, user profile such as a student, faculty or administrative staff and other access controls. The same security policy follows the person no matter where they are, allowing the institution to cast a more unified approach to cybersecurity.

Underpinned by experience

Working with a partner who can provide expert insight and guidance as well as proven cybersecurity networking solutions goes a long way to getting things right. At ALE, we’ve helped educational institutions around the world develop their cybersecurity strategies. We understand the steps that must be taken, and we work to provide the secure networking solutions that meet your goals.

We’re a trusted partner with academic institutions around the world. A few examples include, California State University in the U.S., Centro Paula Souza in Brazil, and Linköping University in Sweden, where our smart, resilient networking solutions provide the security, high speeds and performance users need to work safer, better and faster.

Learn more about ALE secure networking solutions for educational institutions.

Greg Kovich

Greg Kovich

Global Sales Lead, sector Educación

Greg Kovich dirige las ventas globales para el sector de Educación de ALE. Greg ha supervisado o creado varias soluciones educativas que incluyen "Los fundamentos de las comunicaciones", un curso sin influencia de proveedores sobre comunicaciones de red digital; "Campus seguro": una solución que une las alertas de emergencia con la colaboración del primer servicio de emergencia y la notificación masiva; "Campus seguro": una solución que permite a los instructores limitar el acceso de la red de estudiantes a determinados sitios; y “Continuidad de la educación en pandemias”: una solución que permite la instrucción en el aula en caso de que la institución cierre debido a una crisis de salud o ambiental.

Se graduó en 1992 por la Universidad de Indiana,y tiene más de 20 años de experiencia en tecnología de la información.

Acerca del autor

Últimos blogs

Security in Comms/Cloud main blog image
Digital Dividends

Seguridad de los datos: proteja sus activos empresariales m…

Una seguridad de los datos robusta, que incluye las mejores prácticas, reduce los riesgos de ciberataques y protege a los clientes, los empleados y los grupos de interés.

Energy and utilities OT and IT convergence blog image
Energía y servicios públicos

Observación de tendencias: convergencia TO-TI en energía y …

La convergencia de las tecnologías operativas y de la información está cambiando la forma en que la energía y los servicios públicos gestionan sus negocios en el futuro.

TAA compliant logo
USA Federal

ALE OmniSwitch es probablemente el conmutador más seguro de…

OmniSwitch es el conmutador de preferencia para ofrecer la seguridad de red de confianza cero que exigen los gobiernos

A woman working from home.
Hybrid Workplace

Las empresas recogen los frutos del trabajo híbrido con UCa…

El puesto de trabajo híbrido con UCaaS le permite beneficiarse de una mejor productividad de los empleados y satisfacción del cliente, un modelo operativo reducido y una gran rentabilidad de la inversión.