Using a Zero Trust approach to network security for higher education
Date published: 14 Jun 2022
Higher education establishments, such as universities, have a unique set of challenges when protecting their data and ensuring that networks are kept secure. As teaching and research organizations, they need to make it easy for authorized people to access the information they are entitled to, often on personal devices or from any location. Especially with the impact of covid and the increase in home studying and home working, a trend which is not likely to go away anytime soon.
Conversely, for security purposes, university IT networks need to be secure and only authorized users can access them. There are also a range of compliance requirements, from PCI DSS for handling card payments, to NIST 800-171 and CMMC which can be required for federal and defense contracts, as well as the requirements from the Office of Federal Student Aid which have made NIST 800-171 a foundational part of their cybersecurity plans.
These two aims – accessibility and security – can be seen to be in conflict at times, providing unique challenges to CISOs and their teams, who need to ensure that both needs are met. Failure to do so could have a range of impacts from financial and reputational damage, as well as damage to the ability to carry out day to day operations.
With large attack surfaces to defend this can be a challenging task. A fundamental part of this is assessing and assuring the state of the critical devices within a network as well as improving the resilience of the network, and assuming that it’s a case of if, and not when, a breech will occur. So how do you minimize the impact of this?
Move towards a zero trust network.
It’s a way of thinking about networks and security, rather than just a single software or hardware solution. Zero trust deems that nothing, not your network, its applications, or your employees/users can be trusted to be secure, and it assumes that you have been or will be compromised.
The goal of adopting this approach is to prevent unauthorized individuals from accessing data and services. Access control enforcement needs to be made as granular as possible and this requires several different tools.
The fundamentals remain the same – you need to get the basics right and ensure your cyber hygiene is maintained, from keeping on top of patching, to identifying misconfigurations within your network, to minimize the critical vulnerabilities as part of a baseline zero trust protection. Segment the network to ensure that when an attacker breeches it, this ensures that the damage is minimal and only affects a small part of the overall operation. Configuration auditing for network devices is also essential for maintaining a resilient network. Making use of assessment tools like Titania Nipper will enable you to identify vulnerabilities in firewalls, switches and routers.
You can start your audit by requesting a free trial of the Nipper software, which provides remediation advice and technical fixes for any vulnerabilities found.