In February, EDUCAUSE released the first information security edition of its “2021 EDUCAUSE Horizon Report.” Informed by interviews with higher education leaders across the globe, the report explores key trends, technologies and practices shaping the future of higher education information security.
EDUCAUSE’s decision to add an InfoSec edition of its annual report on educational technologies and practices signals that information security is becoming more critical than ever to higher education business continuity.
“With this inaugural issue of the Information Security edition of the Horizon Report, we acknowledge that security and data privacy have an extraordinary and increasing significance on the horizon of higher education institutions,” EDUCAUSE CEO John O’Brien writes in the report. “Ask any leaders at a college or university that has been the victim of a major security breach or that has succumbed to a ransomware attack, and they will make it very clear just how high the stakes have become.”
MORE ON EDTECH: John O’Brien discusses the shifting roles of higher ed IT.
What are the most important higher education technology trends to consider in a rapidly changing threat landscape? EDUCAUSE outlines some key areas of focus.
Best Practices for Cloud Vendor Management
Considering that the most cost-effective way to secure solutions at scale is through the cloud, higher education will likely be working with more cloud vendors in the years to come. To ensure effective cloud vendor management, EDUCAUSE recommends focusing on these best practices:
- Spend more time vetting vendors. Do the vendor and your institution have shared goals? Is the vendor willing to take a collaborative approach when it comes to modifying services to meet your institution’s unique needs and standards?
- Negotiate contracts and procurement. You have the right to negotiate not only the price but also ongoing support and maintenance.
MORE ON EDTECH: Understand the basics of smart contracts with cloud vendors.
- Continue to assess the relationship and services. Is your institution paying for services you don’t need? To ensure your institution is getting the most it can out of the relationship, EDUCAUSE recommends maintaining “frequent and clear communication between key stakeholders.”
- Address user experience. Across the board, higher education institutions reported most vendors have not been prioritizing end-user receptiveness or equity and inclusion. This is an important area that will require more discussion and resources moving forward.
DOWNLOAD THE WHITEPAPER: Learn how to manage cloud consumption for optimal results.
Tips for Securing and Authenticating Research Data
Cyberattacks, server crashes, electromagnetic pulses and natural and man-made disasters all highlight the importance of maintaining data backups. But what about accidental data altering? Accidentally erasing even just one byte of data can have devastating consequences, especially when it comes to lifesaving COVID-19 research.
Data authentication traditionally refers to the ability to prove that data has not been corrupted or altered. However, the reality is often more complicated than that. After all, raw data has to be cleaned up before it can be processed and used for research.
The key is to make sure only those who are authorized to do so can alter data, and only in small amounts. To achieve this, EDUCAUSE researchers recommended maintaining file permissions, access controls and version controls. This will allow universities to create rules for what data can be altered or deleted, and by whom.
Moving forward, higher ed IT teams will need to pay more attention to data authenticity. Tips for verification include the following:
- Embrace risk-based data validation
- Prioritize verifying system inputs
- Be extra careful when selecting systems and service providers
- Archive data frequently
- Stop overlooking data integration
As always, enhancing endpoint security and multifactor authentication is vital. Research data is a primary target for cyberattacks, and that isn’t likely to change anytime soon. When it comes to research security, don’t forget to consider end-user receptiveness. More training is often required since academic researchers may not be accustomed to the latest security practices.
The Future of Student Data Privacy and Governance
Students have increasingly higher expectations when it comes to how colleges and universities use their data. To meet these demands, higher education institutions will need more robust data governance plans and clearer privacy protections.
To achieve this, universities and colleges need adequate privacy management tools. Without a good privacy management solution, it is difficult for institutions to conduct institutional audits of their current compliance with privacy regulations. Universities and colleges should be regularly reviewing contracts with vendors to verify they are in compliance with the Family Educational Rights and Privacy Act and HIPAA regulations.
MORE ON EDTECH: Protect data privacy in a remote learning landscape.
In its report, EDUCAUSE recommends that institutions invest in more advanced privacy management tools — for example, dashboards that allow students to easily view and update their data settings.
The University of Michigan’s ViziBLUE program is a good example of how a university can bring its data transparency policy to a higher level that students now expect. The program not only explains to students how their data is used but also advises students on how to change their data settings if they are uncomfortable.
Another notable example is The Ohio State University’s privacy team, which establishes a strong foundation for trust and communication by hosting privacy workshops for first-year students.
If an institution really wants to go above and beyond, complying with the European Union’s General Data Protection Regulation standards — before U.S. laws require schools to do so — can signal to prospective students that your institution is managing data responsibly and proactively.