3 Cloud Security Trends to Watch for in Higher Ed in 2022

1. Cloud Configuration Automation and Consistent Enforcement

The biggest threat to cloud deployments is an attack on the infrastructure itself. Cloud services have two attributes that can encourage weak security. First, everything is new to IT teams. Every aspect of running a virtual data center is being managed through a huge, new and complicated web-based Graphical User Interface (GUI) provided by the IaaS or SaaS service provider. Make one mistake and you create security risks for applications, databases or even the entire deployment. That’s a tremendous amount of pressure to be immaculate each and every time. 

The second factor that complicates human errors is higher education’s existing security environment. Over the past two decades, higher ed IT teams have been busy installing firewalls and isolated environments, protecting their data centers and user communities from the worst excesses of the open internet. This isolation, however, has acted as a fail-safe for IT teams: If someone installs a new server in an on-campus data center with the wrong security, it’s not necessarily a catastrophe, because the data center is itself isolated and protected.

FIND OUT: What other tech trends will influence higher ed in 2022?

This multilayer security has let IT teams take a more relaxed approach to system and configuration management, since the firewall and perimeter create a backstop. But with cloud deployments, the perimeter and firewalls are less sophisticated. This environmental change means bad habits and human errors create a much higher risk of data breach and data loss.

The good news is that cloud management tools are coming on the market and through open-source channels to help with configuration management and posture auditing.  These tools help IT teams focus on following standards, being more consistent and applying all changes at the same time. Adding tools and bolstering cloud maturity is a clear trend that increases overall security.

Click the banner below for access to exclusive EdTech content and a customized experience.

2. Zero-Trust Network Access for Cloud and Noncloud Applications

The “walled garden” approach to application and network security has been under attack for more than a decade. Hackers take advantage of its loopholes as security architects try to come up with better ideas. The consensus in most corporate and higher education IT is to shift to a zero-trust design that assumes everyone, everywhere is always out to get you. Cloud deployments are encouraging the implementation of zero trust because maintaining that walled garden is much more difficult when pieces of your infrastructure are spread across data centers around the world. The 2020 pivot to remote work and learning has shifted zero-trust implementations into high gear.

Zero trust includes tearing down old components, such as VPNs, and adding new components, such as SSL accelerators. It involves changing network architectures to create greater segmentation and device posture checking. Most important, it includes deploying a secure multifactor authentication system and Identity and Access Management into enterprise applications.  

GET THE WHITE PAPER: As cloud adoption accelerates, security must keep pace.

Many of these changes are easy in IaaS, since changing the network topology and stack of devices in front of an application is usually just a few clicks in the graphical user interface. Still, higher education is finding zero trust, even in a cloud environment, more challenging because of the relatively broad application portfolio, a large number of application owners, and constrained developer and budget resources. 

For higher ed IT teams, navigating organizational and application complexity as they roll out zero trust is a difficult task. Success usually requires a lot of hand-holding with distributed development teams. IT teams will need a toolkit with elements such as reverse proxies and single-sign-on APIs that can be layered on top of applications to reduce the number of intrusive changes needed.

3. Embracing Multicloud and Gaining Visibility

Early experiences with cloud computing and commercial IaaS providers led most IT teams to recommend a single cloud environment. That recommendation went nowhere, and most organizations — public and private — are now making use of multiple IaaS and SaaS service providers. This approach doesn’t only consist of adding together substitutable products, it also creates lock-in as developers in search of best-of-breed technology head to service providers to take advantage of specific APIs, services or even charging models.

IT teams are going to have to get used to multicloud. Adding a management layer, as mentioned above, will help  However, for cloud security, visibility across all components is equally important. IT teams will need to export information from the full stack of service providers, network services and middleboxes, and application servers to a unified security information system. 

Some product vendors are pushing their machine learning and artificial intelligence capabilities, while others are using extended detection and response to go beyond traditional Security information and event management tool capabilities. No matter what technology a team chooses for security visibility, the key starting point is getting unified. Once security information is brought together from multiple components and clouds (likely in yet another cloud-resident application) IT teams can select security visibility tools based on their needs and budgets — and buzzword tolerance.