Educators Are Key Cyber-Targets. How are you protecting your students?

For IT professionals in the education sector, security concerns are felt particularly keenly. Like their counterparts in other industry sectors, they worry about the cost and damaged reputation associated with data breaches, but they also must keep students safe online – and recent data breach statistics show that education was the fourth most commonly breached type of organisation in Australia.1

Protecting students online is among the greatest responsibilities for schools, and it is one that IT teams and school leadership take tremendously seriously. But how do you protect students from the perils, without limiting their access to a technology rich education experience?

Australia’s New Notifiable Data Breach Scheme (NDBS)

In 2018, Australia joined many countries in launching its own legislation covering reporting of data breaches. It is important that every school is aware of its obligations to report data breaches, whether caused by cyber-attacks, human error or any other lapse. In fact, of the 262 data breaches reported in the last quarter of 2018, a third were caused by human error. In the education sector, this rose to more than half.2

In a school, where staff in many roles handle data, it is especially important to include staff training in any security plan. An increased focus on automating mundane, manual tasks can also reduce such errors, and can make sensitive data far safer.

Technology in the Classroom

In any classroom, from prep to university, the impact of technology is clear. Apps ranging from maths games to science experiments are giving teachers a massive variety of resources to help them to differentiate content for each child’s needs. Kid today are likely to learn coding and robotics even before they memorise their times tables.

Collaboration, too, is changing education, with students joining lessons and tutorials with peers both locally and worldwide. Assignments are submitted online. And the proliferation of devices students use for schoolwork has grown, stretching the school IT environment far beyond the limits of the Wi-Fi signal. The IT team faces a security challenge unlike any that has gone before.

Securing Many Student Devices

It is hard enough to secure devices within your control against the fast-increasing threat landscape, so how do you protect what is far beyond the school gate? Are those varied endpoints, from visitor laptops to 3D printers, student smartphones to connected whiteboards, vulnerable to intruders? Each presents a possible point of entry, and most are accessed by several people. There is no perfect answer, but every IT professional in an education organisation faces a single truth: visibility is key.

Security Starts with Your Network

You could take many approaches, but since on-campus users are generally mobile, the network is the best starting point. Modern solutions mean that Wi-Fi no longer needs to be a point of raised vulnerability, and it can in fact can aid security. The leaders in this space are Aruba, who have built in features that both address online security and also improve physical safety for students.

This modern Wi-Fi network technology means that when a student’s device arrives on-campus, and moves securely between access points, their attendance can be recorded. This transition, as the student moves from science lab to English class to the sports field, can be done seamlessly, without the first section of each lesson being taken up by the teacher handling login problems. Rather than being a hindrance, strong security increases available teaching time, and ensures that in an emergency, students can be located at any time.

Machine Learning and Security

School environments are typically highly complex, with many different types of users, such as teachers, administrators, students and visitors, moving around a large area. Automation offers important gains. When every user is identified, profiled, secured and monitored automatically upon connection to the network, life becomes easier for helpdesk and IT staff. This type of automation ensures different types of users are defined clearly, so that access to data and systems is carefully controlled.

Put simply, almost every cyber-crime depends on network connection, so this is key to your defence. Investment in security features has made this a competitive battleground, with customers coming out as the winner. Aruba’s resulting ClearPass technology is of particular interest to  school IT teams; using artificial intelligence (AI) to interpret information from all devices on the network, the network devices gains insights into behaviour patterns. The devices continually refine this knowledge to help identify irregularities, identifying and segregating risky users or devices. Threats are locked down before they can spread. This is just one example of how AI-enabled network devices offer security gains, while cutting administration time.

As every school knows, though, machine learning and smart networks can only do so much, and education is key. The students themselves, along with administrators, teaching staff and parents, must play a role in protection. Instilling good habits and modelling safe online behaviour, teaching students the importance and value of data, and supporting skills to make sound decisions is a vital element of preparing students for the outside world. Wherever life takes them, your IT security guidance now will have a lasting impact.

Time to review security foundations and compliance at your  school, or need to know about safer Wi-Fi networks with easier administration?

Be Proactive, Not Reactive – Contact Somerville to discuss your security strategy.

1 https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-october-31-december-2018
2 https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-october-31-december-2018

 

The Changing Role of IT Leadership

Few companies are immune to the forces of market disruptions. In the US, in 2016 the average tenure on the S&P 500 was 24 years, and it is forecast to shrink to 12 years by 2027. Innosight, a strategy and innovation consulting firm, states that market turbulence points to the need for companies to embrace a dual transformation – making the core business more resilient, while at the same time pursuing a strategy to create tomorrow’s growth engine. 1

The rapid rise of digital technologies allows companies that use technologies such as social, mobile, cloud and analytics to offer more choice, lower prices, faster service, or even new offerings that were unimaginable years ago. To avoid becoming the prey of the next digital predator, companies must increase the pace at which they develop, deploy and enhance new products and services. At the same time, they must continue to execute the legacy systems which generate today’s revenues at peak performance, all while improving security and reducing costs to meet competitive pressures.

As the exploitation of digital technologies becomes more strategic, the CIO has to move beyond the traditional role of IT as a support organisation and shift towards an enabler role. As a broker of IT services, the CIO can help business units choose and manage a mix of internal and external hardware, software and resources to best achieve the organisation’s strategic objectives.

IDC defines digital transformation as “the continuous process by which enterprises adapt to or drive disruptive changes in their customers and markets (external ecosystem) by leveraging digital competencies to create new business models, products, and services. Digital transformation enables enterprises to seamlessly blend digital and physical business and customer experiences while improving operational efficiencies and organizational performance.” 2

Cloud as a technology enabler

The cloud plays a special role by both enabling new digital solutions, but also by freeing up CIOs from day-to-day technology management so that they can spend more time on strategic business issues. The common metric used for where IT spends its budget and resources is that 80% of IT spending is on maintenance (“keeping the lights on”) and 20% on innovation. Cloud has a major role to play in potentially reversing this imbalance.

Cost savings coming from cloud derive from the vast economies of scale that cloud providers can achieve. Purchased, on-premise infrastructure costs include:

  • Real estate for a data room
  • Large up-front capital expenditures
  • High energy costs
  • Security and access management costs
  • Support and maintenance including upgrades and patching
  • Human resources

These can be replaced with a single, monthly subscription charge from a cloud provider. But there are additional, strategic advantages to be gained from embracing hosted private cloud services.

Using the cloud can free up CIOs from managing a complex IT environment which, increasingly, delivers little to no competitive advantage. Now the CIO can focus on how to leverage infrastructure for greater competitive advantage through digital transformation. Now the CIO has greater agility to respond to opportunities by being able to spin up virtual hosted server, storage and network resources to take immediate advantage of market opportunities as they arise – without large capital expenditures. Now organisations can adopt development methodologies such as Agile and DevOps to bring new products and services to market more quickly.

Note that we are talking not about a single instance of a private cloud. We are potentially and more likely talking about an environment that includes legacy on-premise infrastructure, hosted private clouds (plural) and niche public cloud applications. These can include moving applications to the cloud, such as Office 365 and salesforce.com and so on. The key objective here is the transformation of the IT organisation and the CIO into agents of digital transformation and business transformation.

Conclusion

Engaging with a hosted private cloud provider is an excellent first step. Somerville has positioned itself to be a leader in the Australian cloud market. Somerville’s private cloud offering, underpinned by HPE’s technologies with its known and trusted brand, provide a powerful combination to deliver private cloud to the Australian market. Data centres in Sydney, Melbourne, Brisbane, Perth and New Zealand provide private cloud infrastructure with enterprise-class uptime, reliability and security. Customers get an Infrastructure-as-a-Service (IaaS) platform, with the cost-benefits of shared resources, access to expertise, and with SLAs around redundancy and uptime.

Somerville will manage the service including migration and loading of workloads, operational monitoring, day-to-day management and maintenance. All for a monthly subscription charge. Please contact us here at Somerville to begin your cloud conversation.

1
https://www.innosight.com/insight/creative-destruction/
2
https://www.idc.com/prodserv/decisionscapes/RESOURCES/ATTACHMENTS/IDC_254721_ExecBrief_Digital_Transformation.pdf

Where to Start with IT Security

Where to Start with IT Security

When a new technology involves a significant culture shift, there will always be some unease. The cloud is no exception. Is it secure? How can we control it? The arrival of cloud technology has resulted in such enormous, mystifying change that it has even been immortalised in film1, with actor Jason Segal proclaiming, ‘Nobody understands the cloud – it’s a mystery!’ And it remained a confusing topic for many years.

The Myths About Cloud and Security

Despite the mystery, such an important business opportunity could not be ignored for long. Opex (vs capex) has been increasingly embraced by organisations keen to innovate without risking big up-front investments. Off-premise offers too many cost and efficiency gains to ignore. Yet, the vague uneasiness continued, and a myth was born. Cloud was deemed somehow less secure than on-premise.

Physical Data Centre Security

Let’s think about this for a moment. In any on-premise environment, you are responsible for physical security, even if it isn’t within the IT budget. Most workplaces are surprisingly easy to infiltrate in broad daylight by someone with reasonable social skills and a bit of chutzpah. Unless you’re working in ASIO, physical security probably isn’t insurmountable for any determined raid.

Have you ever visited the data centre of a cloud-hosting organisation? To be fair, we can’t speak for all of them, only our own. We encourage customers to see for themselves the physical security measures we take to keep customer environments safe. This isn’t, after all, just our data centre; it acts as the data centre for large corporations and niche businesses, for financial firms and schools, for all sorts of organisations with every reason to care about security. Every data link to the outside world, every door, every air-conditioning vent is secured.

The Cyber-Crime Era

The big one, though, is cyber-security. 2017 was the worst year ever for cyber-crime, with attack figures more than doubling2. The widely reported attacks on the British NHS and German Deutsche Bank were just the tip of the ransomware iceberg. On average, 62% of organisations are being attacked at least weekly3. That’s health care providers and bicycle shops, kindergartens and transport departments. More than 70% of attacks target small and mid-sized companies4, so no business can assume they fly beneath the radar.

The impact on organisations, and on those they serve, is immense. In one UK hospital, a surgeon found himself without access to critical systems mid-way through an operation. Thanks to his skills, the patient survived. Cancer patients had blood tests unavailable, emergency departments had to work without patient history, and some were closed altogether. Businesses were unable to process transactions, continue production, or provide a service. Many never reopened.

A Higher Point of Secure

Cloud, with the right provider, starts from a higher point of security. Even the smallest business gets to benefit from the sort of top-tier infrastructure aimed at the banks, government departments and major corporations. In our own data centre, we look after all the layers, from links, desktop management and enterprise-grade HPE infrastructure through to managing perimeter firewalls. Whether you’re a flower shop or a bank, you’ll get some of the best security brains in the business focused on keeping your environment safe. Cloud offers skilled staff and quality equipment that may not be a possibility in-house.

That isn’t to say there aren’t other good reasons for businesses to keep some infrastructure in-house. The majority of businesses work with a blend of on- and off-premise, prompting the likes of HPE to invest heavily in hybrid infrastructure to make the mix work. Given the security advantages that as-a-service options can now boast, isn’t it time that we reframed the story and cast cloud if not as a redeemed hero, at least as a very trusty sidekick to the heroes of the IT department?

Time to access top-tier security with pay-as-you-go flexibility? Talk to our friendly cloud specialists.

 

1. Segal, Jason 2014, Sex Tape, Columbia Pictures
2. Cyber Incident & Breach Trends Report, Online Trust Alliance 2018
3. IDC Custom Survey, March 2017
4. US National Cyber Security Alliance

Notifiable Data Breaches: What is Private Information and Why Should You Care?

When new legislation is introduced that relates to IT security, it is always worth paying attention. Such is the case with Australia’s new Notifiable Data Breaches (NDB) scheme, introduced recently. Few Australian businesses are untouched by the new scheme, but despite media hype, there is no need to panic. A little time spent now can prevent a bigger headache and loss of reputation later, so it is worth understanding what the legislation means to you.

Continue reading