Professionals at higher education institutions make context-aware security decisions every day. A security guard decides which visitors to allow on campus based on a quick assessment of vehicles and their drivers. Cybersecurity teams decide to allow or deny exceptions to endpoint security policies based on the nature of a device and the types of information it handles. The world of context-aware security seeks to automate these decision-making processes, bringing the world of analytics to bear on the problems of cybersecurity.
Context-aware security — the use of supplemental information to improve security decisions — holds great promise for the future of higher education cybersecurity. Institutions that start with the fundamentals and focus on high-value targets will reap the greatest rewards from this investment. Analysts will be able to dig deeper into security data with less time and effort, uncovering the relevant needles in the security data haystacks.
Context-aware security requires context. That’s not a startling conclusion, but it’s an area where many institutions fall short. Security decisions that are both contextual and wise require deep information about users and data. Before embarking on a context-aware security initiative, make sure you have a robust identity and access management infrastructure capable of providing useful attributes about individuals. For example, security products must be able to identify a person’s status — faculty member, student or administrator — and, preferably, his or her department.
In addition to user attributes, security analytics requires knowledge about data. If you don’t already have a strong data classification program, it’s helpful to clearly identify the key elements of sensitive information handled on your campus. For example, you might label Social Security numbers, credit card numbers, health records and financial aid records as highly sensitive information. Then, context-aware security products will be able to distinguish the systems and users handling those records from the general campus population.
Deploying context-aware security products requires an investment of human and financial resources. Once you’ve set up these products properly, they can add tremendous value to institutional cybersecurity efforts, but the initial configuration takes time. If you’ve clearly identified your highly sensitive information, the next logical step is to follow the data and deploy context-aware security controls around that information. Focus on users and systems in high-value departments — finance, accounting, human resources and health services — to get the most bang for your buck.
One of the greatest rewards promised by context-aware security is reduced workload for your cybersecurity team. These individuals are often deluged with data and can easily spend an entire day sorting through critical information, trying to prioritize security work. In addition to deploying context-aware security around high-value information, consider also deploying it in situations that create the most work for your security team. For example, if you’re constantly battling false positive reports from a campus intrusion detection system, consider adding contextual information in that space that can both reduce false positives and prioritize other analysis efforts.