Strategies for Reducing Complexity During Digital Transformation

Rebuild Systems with a Holistic Approach to Security

Whenever a new security risk emerges, the initial response is often to search for a new tool. But Paul Kaspian, a principal product marketing manager at Palo Alto Networks, recommended against this approach.

“That puts you in a situation where you have a disparate set of technologies and tools that may or may not integrate,” Kaspian said at the talk.

As higher education institutions rebuild infrastructure and migrate to the cloud, taking an integrated approach to security is critical. “It gives us an opportunity, as an industry, to go off and retool some of our approaches to security as we’re rebuilding these various facets of our organization across the network, across the data center and across security operations,” he said.

MORE ON EDTECH: Five questions to ask when evaluating cybersecurity assessments. 

One way to take a holistic approach to cybersecurity is zero trust, a security framework that assumes no user on the network can be trusted.

Although a zero-trust security model may feel daunting to implement, this approach can simplify cybersecurity. “Zero trust actually eliminates a lot of the complexity that we’ve built up over the years as an industry,” Kaspian said.

When done right, zero trust should apply to users as well as applications in cloud infrastructure and unmanaged infrastructure such as Internet of Things technologies.

Keep in mind, a zero-trust approach doesn’t necessarily require universities and colleges to purchase more technologies that would increase complexity. In many cases, third parties can help identify tools that institutions already have in place. “Utilize what you have today. It isn’t necessarily about procuring a new tool or a technology,” Kaspian said.

Click the banner below for access to exclusive EdTech content and a customized experience.

Take a Structured Approach to Assess Security Gaps

To take a holistic approach to detecting vulnerabilities, it’s also worth finding a partner that can help provide an objective perspective on strategy — especially in this environment, when institutions must assume a security breach will occur sooner or later.

“Assume bad things will happen soon and that they will be very disruptive,” Chacon said. “With that in mind, we have to invest more in assessing our unique security posture and understanding the gaps so you can close them.”

According to Chacon, the first step is to plan for all possible scenarios. Then, force your team to become organized and practice that plan. Next, invest in improving your techniques and detection capabilities. “You have to be able to detect issues in your environment in a matter of seconds to minutes — not hours, weeks or months, as it often happens,” Chacon said. “Changing the mindset is important.”

It is not enough to only follow security frameworks such as the ISO/IEC 27001, the National Institute of Standards and Technology’s cybersecurity framework or the 18 CIS Critical Security Controls. Universities and colleges must also demystify security and break potential vulnerabilities down into smaller, actionable steps.

CDW•G has developed a methodology called SPEAR that can help institutions achieve this. It involves several steps: scanning for risk, preparing for the worst, exposing the threat, assessing the response, and recovering and remediating.

Although SPEAR is not a framework or a standard, it is an approach that facilitates gap assessments while prioritizing the frameworks or standards that institutions are implementing. “SPEAR can help our customers to break down security into smaller pieces and focus on the parts that matter most in very particular cases,” Chacon said.