Three Steps to Create a Campus Cloud Cybersecurity Culture

min read

Celebrated every October, National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure everyone has the resources they need to stay safer and more secure online. Research and education rely on trusted, community-developed security and identity solutions to safely connect and collaborate. To this end, Internet2 is championing NCSAM along with EDUCAUSE and hundreds of other nonprofit organizations, companies, and schools and school districts, colleges, and universities.

Week two of NCSAM focuses specifically on "creating a culture of cybersecurity at work." The higher education information security community, which fosters security through activities on their campuses, has shared many resources on best practices for achieving this. Creating this culture of cybersecurity on campus has a unique aspect in that it involves a large number of people involved in diverse activities, including students and faculty. Using the following three steps, you can create a cloud cybersecurity culture on your campus.

Step 1: Consider Community-Vetted Cloud Services

Across the research and education community, a key to creating a culture of cybersecurity is collaborating with your peers on shared problems and solutions to most effectively use community resources. One aspect of cybersecurity that many universities are considering is how to use cloud services while maintaining or improving their security profile. A campus creating a culture of cybersecurity needs to ensure that cloud services are appropriately vetted. This could be done by completely performing vetting on an institution-by-institution basis, or it could be a community-based and trusted process — by using an Internet2 NET+ recommended service provider. Peers participating in NET+ collaborate with each other to solve key cloud implementation issues and proactively address security concerns.

Step 2: Develop Capability to Assess Security for Cloud Services

Many more cloud services a campus could use exist than are in the NET+ portfolio, so a campus will need to develop the internal capability to assess the security for different cloud services. The NET+ initiative or other shared assessments can be adopted to reduce the resources needed to perform due diligence, also decreasing the time necessary to perform the assessment. Creating a culture of cybersecurity on campus requires evaluating cloud services to identify security concerns and implementing solutions as a team to ensure that security is woven into every aspect of life on campus. A campus needs to employ qualified staff, train them, create the processes for cloud security evaluations, and create security awareness across campus by using a repeatable and reliable process to develop the cultural norm across faculty, staff, researchers, and students.

Step 3: Lean on and Learn from Your Community

Powered by a community-driven service validation process, many universities are already assessing and integrating a broad portfolio of NET+ cloud solutions into their IT infrastructure using cloud solutions evaluated for rigorous security, privacy, identity management, legal, accessibility, and compliance standards.

Campuses have better assurance for cloud service implementation when their peers have vetted cloud services and set clear expectations for cloud service providers in higher education. They also save time with a consistent and reliable method for cloud service vetting, rather than devoting scarce resources to developing individual methodologies. Best of all, community vetting of cloud services helps campuses meet security requirements and limits ways that security issues can slip through the cracks.

For More Information

Don't miss regular updates on strategies and resources to swiftly deploy user mobility in the cloud. Sign up [] to receive the latest cloud strategies and Internet2 NET+ news today.

Nick Lewis (CISSP) is a program manager for Security and Identity at Internet2, where he manages the NET+ security and identity services portfolio, while also contributing to the development of new NET+ offerings in cloud security. He rejoined Internet2 in 2015, after previously working there from 2002–2007. Lewis has held positions in information security at the University of Michigan and most recently was director of IT Security and Compliance and information security officer at Saint Louis University. He has also worked for Children’s Hospital Boston as an information security manager and at Michigan State University as an information technologist. Lewis holds master's degrees in information assurance from Norwich University and telecommunications from Michigan State University.

© 2015 Nick Lewis. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.