Like it or not, college Cloud-users are at risk for a data breach, no matter how tight its security and access control is.
That’s why EDUCAUSE 2015 is featuring educational sessions like Cloud 101: Tools and Strategies for Evaluating Cloud Services to equip colleges with the tools they need to play it safe with the Cloud.
This session will reveal technical, legal, and risk management considerations colleges need to explore while evaluating and selecting cloud services for their campuses. Attendees will also learn the key aspects of the Cloud Controls Matrix for security assessments, and legal terms and conditions that result in successful cloud contracts.
“The Cloud provides services to multiple colleges and universities, which obviously have more data,” says Sadik Al-Abdulla, Director of Security Solutions for CDW. “They are bigger targets and they’re more attractive to an intruder…because it’s a bigger basket of treasure. If there is a breach of the provider, then multiple colleges’ data would be at a risk.”
Al-Abdulla also says colleges should accept that a data breach may knock at their doors. That way, they can move past the idea of a threat and prepare for it.
“The overall security industry is starting to move past the idea of breach or no breach,” Al-Abdulla says. “We’re starting to accept in some regards breaches are inevitable, and risk mitigation is important… if you accept in some degree that breaches are inevitable, the questions transition to how does adopting Cloud expose you to greater risk, or how can you manage the risk of adopting Cloud?”
Al-Abdulla says colleges should consider how they are putting their most sensitive data at risk, and what actual data they are entrusting to the Cloud in the first place.
“Some places will restrict what data is allowed up in the Cloud, so it’s very possible to derive value from a number of services without exposing things like students’ social security numbers or bank account numbers, or personal identifiable and monetary information,” he says. “In that regard, if they are able to separate where value can be derived from services without exposing high value, that’s a way to manage the overall risk regardless of whether a breach occurs or not.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply