Future-Proofing Higher Education’s Infrastructure Security Strategy

Can Zero Trust Apply to Azure?

How does the zero-trust model translate to an Azure environment? According to O’Keefe, it’s not as different as you might think. “Zero trust for Azure is pretty similar to zero trust for any infrastructure,” he said. “The biggest difference is the responsibility is shared between you and Microsoft.”

For example, when universities and colleges leverage Infrastructure as a Service, Platform as a Service or Software as a Service, Microsoft has a greater responsibility for protecting the virtual infrastructure and application. “And you have greater responsibility for protecting the data,” O’Keefe said.

RELATED INSIGHTS FROM CDW: Follow these 6 steps to Platform as a Service.

Regardless of the deployment model, O’Keefe emphasized the importance of having strong identity protection and segmenting resources.

“You need to focus on configuration governance,” he said. “Follow that least-privilege access to data and infrastructure. Many organizations tackle these challenges through automation. It’s a great solution to rely on surface accounts to ensure that you have consistent and audited deployments, and then ensure that individuals only have access to the resources they need.”

How Azure Sentinel Can Provide Secure Automation

O’Keefe went on to explain how Azure Sentinel, a cloud-native security information and event management platform, uses built-in artificial intelligence to aggregate and analyze large volumes of data from both on-premises devices and devices that run in the cloud. “It lets you correlate those events across those multiple sources over the millions of records and in just a few seconds,” he said.

By leveraging predefined playbooks, the technology also allows IT staff to automatically remediate security events. This means that Sentinel has logs from several different systems. “It collects logs for activities like authentication or access,” O’Keefe explained. “It allows you to use those logs to reconstruct a complete picture of activities.”

When suspicious activities or patterns are identified, Sentinel automatically starts scripts that can, for example, disable a user’s account or block an IP address associated with malicious traffic. “But it’s important to remember that Sentinel and all SIEM products are really only as good as what you collect and what you do with that data,” he warned.

For instance, if a university or college only collects data on user authentication but not file access information, the institution will be unable to reconstruct a complete picture of how a breach occurred. With that said, striking a balance is key. “On the other end of the spectrum, it’s important not to collect so much that you’re overwhelmed and never look at those logs,” O’Keefe said.

Higher education institutions should, instead, define the scenarios they want to address.

“This is a great area where you can leverage the expertise and leadership of a partner like CDW•G to help guide you through the best decisions,” he said.

A Predictable and Consistent Security Strategy

In fact, CDW•G believes so much in the power of secure automation that the company is automating its internal systems.

“CDW is using automation to build out our new hybrid infrastructure,” Ruben Chacon, vice president of technology and CISO at CDW, said in the same talk. “The catalog requests to fulfillment is all going to be automated.”

Chacon sees widespread adoption of hybrid infrastructure as inevitable. “Private cloud automation and public cloud automation techniques will converge, and portability of workloads will become more seamless,” he said.

MORE ON EDTECH: Manage and optimize your multicloud environment.