Higher education institutions expend a lot of resources to prevent cybersecurity breaches. Keeping attackers away from valuable student data and learning management systems by implementing effective security measures and training users on proper cyber hygiene is a good approach. But eventually, someone will make a mistake (a click on the wrong link is all it takes) that allows attackers to breach an organization’s defenses. This is when cyber resilience — the ability to prepare for, respond to and recover from cyberthreats and incidents — becomes critical.
Zero trust helps to limit the potential impact of a cyber incident on an organization through constant verification of trust, making it a fundamental strategy for cyber resilience. However, the investment and effort to implement zero trust widely can be overwhelming. By understanding the concept of minimum viability for an organization, IT and organizational leaders can focus their investments in zero-trust strategies where they will have the most positive impact.
Click the banner for insights on how other higher ed institutions are approaching zero trust.
Understanding Minimum Viability
In considering how to improve their cyber resilience, IT and organizational leaders should conduct careful business continuity and disaster recovery planning that identifies and prioritizes key processes that must be maintained for the organization’s continuing operation. The result of this assessment is the minimum viable organization, a concept that accounts for how long the organization can operate without specific processes and any options that may be available for fulfilling these needs.
In higher education, minimum viability must focus on the institution’s ability to achieve its mission of educating students, whether they’re on campus or remote. Systems that enable educators to reach their students — such as remote learning tools — should factor heavily into cyber resilience plans, as should systems that promote campus safety. Colleges and universities with effective cyber resilience capabilities should be able to quickly return these systems to operation.
Organizations must focus their investments in cyber resilience on the steps that enable them to maintain minimum viability. Getting these critical functions back on track is essential to enabling rapid recovery from a cybersecurity incident.
3 Ways That Zero Trust Supports Cyber Resilience
The progress that organizations make toward zero trust also improves their cyber resilience. Zero trust supports resilience in three important ways:
- Limiting the blast radius: Zero trust makes it more difficult for an attacker to gain a foothold in an organization’s IT environment. When an attack succeeds, zero trust limits the damage the cyber attacker can do before the attack is discovered, which helps to speed up recovery.
- Promoting visibility: Zero trust requires organizations to have mature capabilities for identity and access management, by using tools such as multifactor authentication. This improves the visibility that IT teams have into the environment, making clear who is accessing specific data and systems. These visibility improvements help IT teams to detect issues earlier, diagnose problems more quickly and provide a clearer picture of how to solve them.
- Improving trust: During a cybersecurity incident, organizations lose trust in the integrity of their data and systems, and getting that trust back is necessary for a full recovery. Zero trust enables IT professionals to be very granular about trust so that they can quickly confirm which parts of the environment are still trustworthy.
Zero trust and cyber resilience are becoming important priorities for colleges and universities. IT leaders should consider the relationship between these concepts to optimize the impact of their investments in both.
UP NEXT: This survey reveals the top cybersecurity issues in education today.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.