Trustwave for Education
Help colleges and universities handle continually emerging threats
Despite their mission to provide education, colleges and universities are not immune to data breaches. In fact, they face unique challenges that make them especially vulnerable to hacker attacks and data exfiltration. But these institutions of higher learning must work diligently to strike a balance between openness and security.
Overview:
Colleges and universities present fertile ground for cybercriminals. Because they promote the spirit of academic openness and operate in a decentralized manner, IT and security professionals face a daunting task in ensuring that systems stay locked down.
Sensitive information such as credit card and Social Security numbers, in addition to intellectual property created through research – and often done in concert with government agencies – is plentiful within institutions of higher learning. Attackers also are drawn to the network speed of colleges and universities, and use their vulnerable systems as launching pads for attacks against other organizations.
The Privacy Rights Clearinghouse reported a significant rise in educational breaches from 2011 to 2012, from 63 incidents affecting 573,000 records in 2011 to 85 affecting 1.7 million the following year. These institutions face unique challenges compared to corporations, government agencies and other organizations.
Included among them:
Open AccessBy their very nature, colleges and universities encourage the freedom of academic expression. Strict policies regarding use of the network would stymie that culture and result in student and faculty backlash.
Transient end usersEach fall, students return to campus and reconnect to the network. That means that there perpetually are first-time devices connecting to the network, in addition to devices that previously have connected, but may have contracted malware since they last were online.
Limited budgetBuy-in from the board for security projects traditionally is difficult at colleges and universities due to a lack of engagement and understanding of the problem. In many cases, security projects don’t get funded until there is a major incident.
Lack of governance and risk managementColleges and universities typically operate as a decentralized model, with individual academic units acting autonomously from one another from an IT perspective. Faculty is reluctant to submit to security policies and often leave web servers vulnerable by failing to patch and properly configure them.
Solutions:
Trustwave is well positioned to help colleges and universities handle continually emerging threats like mobile and to move from a network-focused security strategy to one that is more data centric. Here are some of the ways we can help:
Risk Assessment ServicesHelps you find, identify and prioritize threats to your organization so you can correct any deficiencies, and obtain and maintain compliance.
Data Loss PreventionAllows you to discover and classify electronic sensitive information and prevent it from leaving the network.
Secure Web GatewayEnables safe and productive access to Web 2.0, while ensuring compliance, minimizing data loss and eliminating malware risks.
Network Access ControlEnsures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.
SIEMHelps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.
Web Application FirewallProtects against external attackers using web vulnerabilities, such as SQL injection, to steal sensitive information.
Security Awareness EducationInstructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.
Two Factor AuthenticationControls access to applications that contain sensitive or private student information, or intellectual property that exists on individual department networks.
SSL CertificatesEncrypts sensitive data that you collect through your website and assures visitors, including students, faculty, alumni and benefactors, that they are accessing a trustworthy site.
Benefits
Locate and Protect Sensitive Data
Many colleges and universities are overrun by data, some of which is sensitive, and they are unsure exactly where all of it is contained. We help you discover and classify those data sets that present the highest risk and then offer technology to safeguard and prevent them from leaving from the network in the wrong hands.
Enable BYOD
Among the largest threats facing colleges and universities is the fast-growing trend of bring-your-own-device. Students are connecting new devices to the network at startling rates. We provide you with the ability to identify, vet and manage these devices to ensure productivity and mitigate threats.
Meet ISO & Compliance Standards
Pressures such as FERPA and PCI DSS, and standards like ISO 27002, require organizations to have a thorough understanding of their risks and then be able to implement policies and technology to rectify any deficiencies. Trustwave solutions are created with compliance in mind, and directly can map back to all of your requirements, no matter how prescriptive they are.
Achieve Simplicity
Through our cloud-based TrustKeeper platform, you get a single view into your technologies and services, so you can more effectively manage your security program. In addition, you can centrally automate and manage controls, policies and procedures across multiple compliance frameworks. Whether your business is large or small or something in between, TrustKeeper is built to scale with you.
Documentation:
Download the Trustwave Data Security Program for Higher Education Data Sheet (PDF).