By their very nature, IT network of educational/ academic institutions are used by a large number of transient users. One of the examples of a transient user is an aspiring student who fills up an application and use parent’s credit card to make the payment. Such details are stored in the institution’s system. Academic institutions keep enormous information, which includes but is not limited to research papers, student’s data, transaction details, etc. What’s more – It is not just about money, this game is also about truckloads of sensitive information that is possession of universities.
Top rated universities are at the forefront of academic, government and even defense research. For cyber criminals, educational institutions are easier to break into because the controls for access are not very rigid, the traffic is not watched out for, access is not monitored and many a time the systems are not abreast with updated technology.
Not even the best of universities are spared from this impending threat.
- On June 19, 2015 – US Ivy League University Harvard announced that it has, for the second time in four months, been the victim of a cyber-breach.
- In 2015, Pennsylvania State University and the University of Virginia found out that Chinese hackers managed to breach their systems.
- University of Connecticut leaked out student Social Security numbers and credit card data to hackers. Similar attacks were also targeted for Washington State University and Johns Hopkins University.
- Approximately 18,000 students and faculty, plus around 500 research partners are thought to have been affected by the Penn State #hack that possibly occurred two years ago.
- Rutgers University in New Brunswick announced to spend up to $3 million on cyber security in order to prevent hackers crippling the university’s computer networks.
To a CIO or an IT Director of a university, these numbers are scary!
Increasing instances of cyber-attacks are pointing at protecting students’ and researchers’ personal information – because data in possession of an enterprise (include education/academic institutions) becomes the property of that institution. Therefore the responsibility of safeguarding the data becomes an important cyber security function.
Regulations including FERPA (Family Educational Rights and Privacy Act of 1974) call for a focus on Access Rights to governs access to educational records maintained by educational institution and ensures students’ rights to privacy. Since this regulation is applicable to all elementary, secondary, and post-secondary institutions receiving federal funds, university breaches indicate need for more safeguards.
Identity and Access Management helps in achieving close knit, agile IT system that is next to impossible to break. It brings in role and identity management policies to define access (and the limit of access rights) for authenticated users. It allows for risk assessments, identify and monitor appropriate access. Any suspected access (be it from a mistrusted location or device) is flagged. This is addition to various features including Mobile based access, App integration, Federation. With the help of cloud based Identity Management model also known as IDaaS (or IDaaSG), the integration of IAM technology is simple, fast and value for money. A specialists in the field of IAM technology can make such a cloud based platform super secure.
