Endpoint security worrisome during pandemic, says university CISO

Amid all the changes that the COVID-19 pandemic has introduced to higher education institutions, managing endpoint security is foremost in the mind of the chief information security officer of Arizona State University, she told Scoop News Group in a recent video interview.

“What it changed in terms of the security landscape I think boils down to endpoints, devices being outside the standard framework for the ASU network. We were sure super glad to have CrowdStrike in place on the endpoint so that we didn’t need to be on campus to get those security protections, so that’s the short of it for us,” ASU CISO Tina Thorstenson told StateScoop’s Jake Williams, referencing the California-based cybersecurity technology company.

As the fall semester approaches and many universities remain unclear on exactly how their class structures will proceed, ASU prepares for a hybrid model in which some students will continue studying online while a limited number of students will take some classes on campus. But Thorstenson said she’s still concerned about the security implications of so many people continuing to work and study from home. 

In the university’s previous cybersecurity model, it was generally assumed that more connections and devices would originate from on campus, she said. Although the new remote-work paradigm, she added, is in many ways an extension of existing capabilities, such as VPN and Zoom, that have simply been scaled up to serve many more users.

Beyond technical concerns, though, Thorstenson said she’s also worried of the cultural aspect of working from home and the risk of burnout for university staff.

“Many of us are busier than we’ve ever been. … In the security space, we have to be really careful that we don’t move so fast as to make mistakes,” she said. “We don’t need people working around the clock, we need them to take a break and think before they act.”

This video was recorded as part of CrowdStrike’s 2020 Fal.Con for Public Sector Virtual Cybersecurity Conference, produced by FedScoop & CyberScoop.