This article was produced in partnership with Thales’s Cloud Protection & Licensing division, a global leader in digital identities and data protection.
Thales Cloud Protection & Licensing is part of the Thales Group and has been securing the world’s most sensitive data for over 40 years. Today’s organisations depend on the cloud, data and software in order to make decisive decisions. That’s why the most respected brands and largest organisations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created, shared or stored.
Remote and hybrid learning models, as well as digital operations, are now the new norm across all levels of the education system.
While this means more resilience for education institutions and students as they navigate the uncertainty of the next phase of the pandemic, it also means added cyber risks.
Indeed, Australia is among the top five most attacked countries in the world when it comes to its education sector. Last year alone saw cyberattacks increase 17% and 2022 shows no signs of slowing down.
The rapidly growing number of digital identities entering and exiting educational systems and applications every day means education institutions now operate in a perimeter-less environment, and security perimeters have been pushed beyond physical walls.
In this environment, it is critical that education providers invest in the right tools to verify and authenticate all those digital identities before they are given access to the organisation’s systems and data.
What should the education industry prepare for in 2022?
- Addressing security risks of various user profiles
The education sector is confronted with a unique challenge because it must secure digital identities and provide different access permissions for a very disparate range of users.
Only providing students with secure access to resources they need to study is not the same as authorising system access to admin staff, teachers and third-party providers.
- ‘Business as usual’ mentality could be the biggest risk of all
While digitisation has helped education institutions work toward a “business as usual” reality, there is no such thing in a cyber criminal’s world.
Hackers will exploit any weakness they can find and know that when things go “back to normal” cybersecurity guards are often let down.
- Ransomware attacks will continue to grow, including on personal networks
As thousands of students, teachers and staff work from personal devices, the digital realm that educational institutions need to keep secure is expanding.
As a result, we’ll see more opportunistic attacks where criminals take advantage of unpatched systems and security gaps left wide open by unverified and unauthenticated digital identities.
3 ways to design a successful Identity & Access Management strategy
- Implement a Zero Trust mindset
Implementing a ‘trust no one, verify everyone’ mindset is a strategic, initiative-based security measure that requires strict and continuous identity verification and control of access to data, systems, and applications.
It relies on the principle that any user or device looking to access confidential data cannot and should not be trusted by default.
But the strategies implemented to verify users and identities may also fail. Therefore, a truly comprehensive and effective Zero Trust approach need to include a multi-layered security framework.
- A collaborative approach involving business leaders
Education leaders have a responsibility to make Zero Trust an organisation-wide mindset - IT staff shouldn’t be the only ones responsible for protecting data and digital identities.
Cross-collaboration with tech teams is key to identify who should get access to certain data, which applications are the most critical, and who requires different levels of access and authentication controls. This is how education leaders can ensure their overall Identity & Access Management (IAM) strategy keeps evolving as the organisation and its users change.
Finally, institutions hold a collective responsibility to educate their disparate digital users about the importance of securing digital identities - everyone from teachers and admin staff to students.
- Adopt a platform approach that allows for multiple authentication journeys
With an increasingly mobile and remote workforce and student base, education providers now have hundreds, oftentimes thousands of users accessing the organisation’s systems and applications every day, all needing their digital identities verified and authenticated.
A modern, effective IAM architecture is one that makes it easy to manage and implement all digital identities, processes, and technologies, and caters to the variety of users transiting through the organisation, each with a different level of security awareness and tech savviness.
Rather than implementing multiple solutions and vendors (which adds complexity and costs), consider opting for a platform approach that includes a wide range of security and access management controls (two-factor authentication, encryption, key management, etc).
Several education providers are already leading the way. For example, Horizon Youth Care and Education used Thales SafeNet Trusted Access to implement a flexible, easy-to-use platform that offers strong access controls - efficiently supporting the authentication demands of more than 1,000 mobile users.
Educational institutions must place the protection of digital identities at the heart of their cybersecurity priorities in 2022. Embedding a Zero Trust mindset and implementing a strong IAM strategy can prevent the Australian education sector from becoming the next preventable cybercrime casualty.
About Rana Gupta
Rana Gupta is APAC Regional VP, Authentication & Encryption at Thales. He is a recognised APAC business leader, an Identity & Data Protection advocate, as well as an Information Security enthusiast sharing his technology expertise at various forums across the APAC region. Rana holds an Engineering Master’s in Electronics and Communications from IIT, Roorkee and a Bachelor of Electrical Engineering degree from Punjab Engineering College, Chandigarh.