Cloud

What Is SASE, and How Can It Protect Higher Ed from Ransomware?

Ransomware is on the rise across higher education. How can tools such as secure access service edge offer protection for schools?

Doug Bonderud

Doug Bonderud is an award-winning writer capable of bridging the gap between complex and conversational across technology, innovation and the human condition.

With higher ed approaching its second year of balancing virtual and in-person instruction, many have achieved a certain level of comfort with hybrid operations. While students may be eager to return to some semblance of normal, they’re in no hurry to completely eliminate this flexible learning model.

However, one challenge with hybrid environments is that they provide attractive opportunities for attackers. According to a March 2021 FBI warning, ransomware is on the rise in higher education. A recent survey found more than 1,600 colleges and universities were compromised by ransomware in 2020 alone.

With schools storing more data online as they use digital connections to drive student success, ransomware attacks pose significant risks. Here’s a look at how secure access service edge (SASE) solutions offer a way for universities and colleges to address ransomware on hybrid campuses.

GET THE WHITE PAPER: CDW explains how SASE strengthens security.

What Is SASE, and What Does It Stand For?

SASE — pronounced “sassy” — stands for secure access service edge, and it combines software-defined WAN (SD-WAN) solutions with network security tools such as next-generation firewalls , zero-trust access frameworks and artificial intelligence-driven threat detection via a cloud-based platform.

This creates a service-driven architecture for security, offering benefits such as better cost containment, flexibility and less complexity.

Instead of purchasing individual security products that may or may not work well together, schools can quickly implement services such as threat identification, filtering, sandboxing or identity and access management (IAM) and retain complete visibility into their security architecture.

SD-WAN is the foundation of SASE solutions, making it possible for schools to provide unified defense by quickly deploying and implementing services across geographically disparate locations.

Click the banner to learn about Westminster College's new approach to cloud security.

How SASE Architecture Offers Ransomware Protection

For ransomware attacks to succeed, cybercriminals must infiltrate networks with malicious code, deploy encryption tools and establish connections to exfiltrate (or destroy) data if their demands aren’t met.

The distributed nature of hybrid environments creates an ideal situation for attackers. When universities and colleges lack direct control over exactly how users are connecting, which devices they’re using and what type of security controls they have on personal networks, hackers can find vulnerabilities that allow them to slip in undetected and move laterally into more secure environments. From there, they can deploy malicious code and force institutions to make difficult choices between paying up or losing important data.

SASE solutions help protect universities and colleges from ransomware by providing a unified defense environment. This starts with full visibility into network traffic, no matter where it originates or where it’s going. Instead of having firewalls act as a single line of defense, relaying attacker information to other solutions on the network, SASE allows disparate security solutions to act in concert.

In simple terms, the SASE security model can help prevent ransomware by simultaneously defending multiple attack avenues.

MORE ON EDTECH: Understand the zero-trust model to prevent ransomware attacks.

SASE, VPNs and CASBs: What’s the Difference?

SASE is often seen alongside other security acronyms such as VPN and CASB. While there are similarities between these solutions, each has distinct defense features.

VPNs. Virtual private networks create encrypted tunnels that obfuscate a user’s data, location and online activities. VPN adoption has been substantial over the last year, as it helps institutions reduce the risk of malicious eavesdropping during remote learning and work. VPNs can struggle, however, during traffic routing. Even if VPN servers are located close to campus, there’s no guarantee that students or staff live nearby. This means their encrypted traffic may take a circuitous route. And when they use more services, there’s more potential for latency.
CASBs. Cloud security access brokers can be hardware tools or software solutions that sit between cloud services and end users. CASBs are designed to enforce cloud security policies and processes and identify unusual traffic or activity on networks. For post-secondary schools shifting to a cloud model, CASBs can simplify security and increase overall protection.
SASE. Secure access service edge solutions combine the key functionalities of VPN and CASB tools into a single, unified, cloud-based platform. Rather than taking the long way around, granular traffic management features allow schools to route encrypted traffic to local access points, also known as the “service edge.” Having complete visibility into security solutions and traffic movement across the network makes it possible to enforce current cloud policies and create new ones as needed.

As hybrid learning becomes a core component of 21st-century education, the volume and variety of attacks will only increase. SASE solutions offer a way to unify protection under a streamlined cloud model that keeps critical data safe — no matter where it comes from, where it’s going or how it’s being used.

KanawatTH/ iStock / Getty Images Plus