Security solutions companies have found their next sweet spot: universities.
Verizon is tapping into its vast resources to help colleges and other higher education institutions figure out how to secure their data and avoid breaches, company officials said Wednesday.
“There’s got to be a plan, and Verizon can help to derive that plan,” said Maggie Hallbach, vice president of government and education for Verizon Enterprise Solutions. “It’s important that the [university] come together from a top-down level to commit to a security program. Those are the ones best positioned to address [security issues].”
But, Hallbach added, many universities talk about effective security solutions, but they often have to learn from something going wrong first.
“Unfortunately, we have seen several universities really learn from some inaction,” she said. “These bad guys will poke at these networks, and they will find the soft underbelly. And unless you’re looking for this type of behavior, you will never know that a major event is about to hit.”
Cybersecurity issues in higher education have flummoxed top technology leaders and university officials as hackers get more adept at breaching large systems and carrying out denial of service and ransomware attacks across sectors. College campuses often act as “mini-cities,” Hallbach said, making it even more crucial to have a strong network and protect both student and faculty data.
The top-three incident patterns for confirmed data breaches in higher education are through web apps (30 percent), errors (27 percent), and stolen assets (17 percent). The rest fell under a miscellaneous category.
“We are seeing learners, faculty members and researchers demand ubiquitous connectivity,” she said. “There is this expectation of being able to get access to data on-demand, that their devices are accessible, and the applications they need to access are fully accessible through those devices, and that they are intrinsically safe within this microcosm of the university.”
But there are challenges, mostly around funding. According to IDC Government Insights, higher education institutions in the U.S. are expected to spend $6.6 billion on IT in 2015 — primarily propelled by investments in enterprise networks and higher end computers.
But Hallbach said there has been a precipitous drop in federal and state funding for colleges, which is “putting a significant strain on the operating model for the traditional U.S. brick-and-mortar higher education institution.”
She said that means more commercial models need to be incorporated into universities’ enterprise architecture.
Bhavesh Chauhan, principal client partner — cybersecurity at Verizon Enterprise Solutions, said there are ways to manage the risk faced by colleges across the country. He said Verizon has developed a Cyber Intelligence Center to detect questionable activity on campus networks.
“We provide a number of hosting cloud services where security is part of capability,” said Chauhan. “Second, you can make sure that a risk and compliance program is in place so you’re doing continuous vulnerability and penetration assessments.”
Hallbach said top-tier security can still be preserved in an traditionally open environment like a college campus.
“A lot of the time people believe security is in direct conflict with the open environments that a university embraces, and that is just not correct,” she said.
“You can actually have very secure environments, but maintain that open, accessible and distributed structure, but it takes some discipline,” she continued. “It starts with knowing where your network is, knowing where your data is. There are some very basic steps you can take in order to maintain the kind of openness that makes a university community so great.”