Nov 29 2021

Strategies for Reducing Complexity During Digital Transformation

When universities and colleges have disparate technologies, it can increase risk for higher education.

In today’s education landscape, most universities and colleges have already embarked on their journeys to digital transformation. According to an EDUCAUSE study, only 17 percent of higher education institutions are not exploring DX. That’s no surprise, considering that DX is crucial to increasing higher education’s value proposition.

But without a holistic approach to security, DX can create new risks as the number of connected devices grows amid a vanishing network perimeter. “There is an exponential growth in attack surface,” CDW Technology Vice President and CISO Ruben Chacon said at a recent CDW Tech Talk on demystifying security to meet changing needs. “Every connected piece of hardware and software is a potential attack vector.”

At this event, security experts from CDW•G and Palo Alto Networks discussed how to form an integrated security strategy to reduce complexity during digital transformation.

Click the banner below to see how Westminster College is securing the cloud.

Rebuild Systems with a Holistic Approach to Security

Whenever a new security risk emerges, the initial response is often to search for a new tool. But Paul Kaspian, a principal product marketing manager at Palo Alto Networks, recommended against this approach.

“That puts you in a situation where you have a disparate set of technologies and tools that may or may not integrate,” Kaspian said at the talk.

As higher education institutions rebuild infrastructure and migrate to the cloud, taking an integrated approach to security is critical. “It gives us an opportunity, as an industry, to go off and retool some of our approaches to security as we’re rebuilding these various facets of our organization across the network, across the data center and across security operations,” he said.

MORE ON EDTECH: Five questions to ask when evaluating cybersecurity assessments. 

One way to take a holistic approach to cybersecurity is zero trust, a security framework that assumes no user on the network can be trusted.

Although a zero-trust security model may feel daunting to implement, this approach can simplify cybersecurity. “Zero trust actually eliminates a lot of the complexity that we’ve built up over the years as an industry,” Kaspian said.

When done right, zero trust should apply to users as well as applications in cloud infrastructure and unmanaged infrastructure such as Internet of Things technologies.

Keep in mind, a zero-trust approach doesn’t necessarily require universities and colleges to purchase more technologies that would increase complexity. In many cases, third parties can help identify tools that institutions already have in place. “Utilize what you have today. It isn’t necessarily about procuring a new tool or a technology,” Kaspian said.

Click the banner below for access to exclusive EdTech content and a customized experience.

Take a Structured Approach to Assess Security Gaps

To take a holistic approach to detecting vulnerabilities, it’s also worth finding a partner that can help provide an objective perspective on strategy — especially in this environment, when institutions must assume a security breach will occur sooner or later.

“Assume bad things will happen soon and that they will be very disruptive,” Chacon said. “With that in mind, we have to invest more in assessing our unique security posture and understanding the gaps so you can close them.”

According to Chacon, the first step is to plan for all possible scenarios. Then, force your team to become organized and practice that plan. Next, invest in improving your techniques and detection capabilities. “You have to be able to detect issues in your environment in a matter of seconds to minutes — not hours, weeks or months, as it often happens,” Chacon said. “Changing the mindset is important.”

It is not enough to only follow security frameworks such as the ISO/IEC 27001, the National Institute of Standards and Technology’s cybersecurity framework or the 18 CIS Critical Security Controls. Universities and colleges must also demystify security and break potential vulnerabilities down into smaller, actionable steps.

CDW•G has developed a methodology called SPEAR that can help institutions achieve this. It involves several steps: scanning for risk, preparing for the worst, exposing the threat, assessing the response, and recovering and remediating.

Although SPEAR is not a framework or a standard, it is an approach that facilitates gap assessments while prioritizing the frameworks or standards that institutions are implementing. “SPEAR can help our customers to break down security into smaller pieces and focus on the parts that matter most in very particular cases,” Chacon said.

metamorworks/ iStock / Getty Images Plus

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.