Cybersecurity is a growing concern for higher education as it moves its services to the cloud, but good practices and collaboration with trusted vendors can mitigate the risks
Universities are moving more of their activities online, migrating to cloud-based solutions as they undertake the process of digital transformation. The benefits are clear. But digital transformation requires comprehensive and robust data security.
As more data is moved to the cloud, more data are exposed to the risk of a breach, with no shortage of bad actors willing to exploit vulnerabilities. Speaking at a Times Higher Education webinar held in partnership with Amazon Web Services, Steve Kennett, executive director of e-infrastructure and senior information risk owner at Jisc, said that digital transformation was inherently positive – and unavoidable considering how the Covid-19 pandemic radically upended campus activity – yet implementation posed a question of business risk.
“The bad guys are as intelligent as us and they know what they are after,” Kennett said. “With the massive migration in the past year to remote working, making better use of cloud – which is a good thing – it has exposed more data to more risk, and I am not sure that everybody is aware of that increased risk and some very simple steps that they can take to protect it.”
Jisc, the non-profit organisation that supports the UK’s education and research sector with digital solutions, sees about 5,000 cybersecurity incidents each year, ranging from small phishing scams to large-scale ransomware attacks. Universities are large, complex institutions that store all manner of sensitive data. Often, the risk arises where people are unaware of how much data they have moved to the cloud.
The prime concern is where this data is stored and the procedures safeguarding its access and use. The first step to establishing best practice is often a conversation with the university’s IT and cloud systems vendor.
Orlando Scott-Cowley, security and compliance lead (EMEA) at Amazon Web Services, said that data security is a shared responsibility between vendor and institution. Institutions must train their staff and students, while vendors can offer support by establishing systems that are user-friendly.
Procedures such as one-click encryption can make data protection quick and easy. “We are aiming to remove people from the data as much as possible,” said Scott-Cowley. “Remove the risk as much as possible by making services easier to use.”
Ultimately, data security should not be seen as an IT issue alone. From HR and payroll best practice to training students on how to securely access university systems, good data hygiene is everyone’s responsibility.
Find out more about Amazon Web Services’ work in the public sector.