Higher Education Cybersecurity
Supporting a Secure Smart Campus with Support for Free Expression
College and university campuses are centers of innovation in many areas, and IT is no exception. Advanced research and smart campus initiatives provide educational opportunities and enhance student life, but they also bring new network security risks to the institution. Cyberattacks on higher education are on the rise. A recent study finds that attacks resulting in compromised data occurred 101 times in the past year, up from just 15 incidents five years ago. And at the beginning of the current academic year, two institutions were hit with devastating ransomware attacks that completely shut down their networks for a week or longer.
Colleges and universities are attractive targets for cyber criminals. Their networks house advanced research data—including for defense-related and commercial research, of interest to nation-state attackers and those conducting industrial espionage. According to the 2019 Verizon Data Breach Investigations Report, 11% of attacks on higher education institutions in the past year were espionage-related.
Higher education networks also contain a plethora of personal, financial, and medical information for students, alumni, faculty, and staff—a relatively affluent population. Adversaries aiming to create chaotic operational disruptions see opportunities in higher education institutions, which often act as a single source of most of life’s necessities for their on-campus students. And colleges and universities often host thousands of privately owned devices on their networks, complicating endpoint security and increasing the risk of intrusions.
The Smart Campus
A college or university campus is, in many ways, a city unto itself. This means that the various concepts that are collectively referred to as a “smart city” can also apply to higher education institutions. For example, today’s students access myriad services all over campus with a single ID card—or even a mobile app. On-campus students may use these cards to access most of their daily needs, from food to housing to entertainment. This consolidated approach makes for a seamless experience for the student, but it presents multiple opportunities for attackers to infiltrate campus networks.
At the same time, colleges and universities are hotbeds of digital innovation—among students, faculty, and researchers. Campus research networks often host extremely sensitive data and require robust security, high processing speeds, and low latency. Student and faculty networks now utilize myriad cloud-based services, and often host thousands of mobile and Internet-of-Things (IoT) devices. Encrypted traffic is now the rule rather than the exception, but security solutions that inspect this traffic often slow network performance.
To provide protection in this challenging environment, colleges and universities must deploy a variety of defenses that together provide layers of protection against the wide range of advanced threats. However, this protection cannot operate in different, unconnected silos. Rather, the security architecture must be integrated from end to end—from the data center to multiple clouds and to the wide array of devices at the network edge. Full integration not only supports optimal operational efficiency but also enables automation of security processes including threat detection and response—the only way to counter threats that now move at machine speed.
The Fortinet Security Fabric delivers a broad, integrated, and automated security solution with end-to-end integration that brings centralized visibility and control spanning the entire institution. A wide array of Fortinet cybersecurity tools integrates seamlessly into the Fabric, along with dozens of third-party solutions delivered by Fabric Partners. And an open ecosystem and extensive application programming interface (API) tools make the integration of other third-party tools possible.
The Security Fabric is built on the foundation of FortiGate next-generation firewalls (NGFWs) and artificial intelligence (AI)-powered threat intelligence from FortiGuard Labs. Integrated tools for security orchestration, automation, and response (SOAR) and security analytics tools enable a strategic and coordinated response to advanced threats. Advanced endpoint protection and network access control (NAC) tools protect endpoint and IoT devices. And network-based video security can also be integrated into the Security Fabric.
For the hybrid cloud infrastructure, Fortinet Adaptive Cloud Security solutions break down silos between clouds and enable consistent policy management and a single-pane-of-glass view of the entire infrastructure. They feature native integration with all major public cloud providers, broad protection to cover all elements of the attack surface, and management and automation capabilities that enable consistent, timely threat detection and response.
The Fortinet Security Fabric enables technology companies to protect the entire infrastructure through centralized visibility and control, unlocking automation, and simplify reporting and analysis. The result is enhanced security for critical assets like intellectual property and student information.
The Decentralized Campus
Most colleges and universities now provide services at multiple locations—branch campuses, learning centers, study-abroad locations, and remote research sites—in addition to the main campus. Operating in different countries adds to cybersecurity complexity, and international threat actors reside in some countries hosting remote campuses for U.S. schools. At the same time, large universities are now often structured so that individual schools, colleges, and even departments under the university umbrella purchase services from the central IT department on a chargeback basis. This results in a decentralized model even when different entities exist on the same campus.
Just as higher education institutions must build cybersecurity into the main campus infrastructure, security-driven networking is vital at other locations controlled by the university. Connections between locations must be secure, cost effective, and high performing. And institutions need the ability to scale their network traffic according to spikes and lulls tied to the school calendar.
FortiGate next-generation firewalls (NGFWs) include highly secure and cost-effective software-defined wide-area network (SD-WAN) technology, allowing network traffic to travel between campus locations on the public internet—or even over a virtual WAN (vWAN) within select public clouds. This eliminates the need for expensive multiprotocol label switching (MPLS) bandwidth to connect locations.
At the remote location itself, Fortinet SD-Branch solutions extend the SD-WAN solution to the access layer. This enables secure networking at branches and consistent security coverage from the internet, to the wireless network, to the switching infrastructure.
Fortinet solutions for secure branch campuses and remote facilities enable institutions to provide secure, high-performance networking with branches, eliminating the need for MPLS circuits to connect campus locations.
Protecting Higher Education with the Fortinet Security Fabric Create Safer Schools and Campuses with Physical and Cyber Security Solutions from Fortinet Securing Smart Campuses: Do You Know the Risks? Understanding the Obstacles to WAN Transformation To Support Digital Innovation, Branch Networks Need Greater Simplicity and Visibility Three Use Cases for Transforming Branches with Fortinet Secure SD-WAN
IT in Higher Education: Balancing Service, Learning, and Accountability Securing the Campus with Fortinet Security Solutions for Higher Education Securing Higher Education Securing and Simplifying Network Access for Higher Education How Open Access to Education Creates Security Concerns Simplifying SD-WAN for Operational Technology Environments for Reliable Connectivity FortiGate 60F NGFW Delivers Optimal TCO for Secure SD-WAN Deployments at Smaller Branch Offices
University Networks Face Growing Threats as Attack Surface Expands How the Right Solutions Can Secure a University Network Consolidating Networking and Security Functions Can Reduce Branch Vulnerability Required Capabilities for Effective and Secure SD-WAN: The Network Leader's Guide How Service Providers Can Optimize Managed SD-WAN and SD-Branch Delivery and Management
Integrative CIO and Cybersecurity Education
Higher education institutions often offer academic courses and degrees on cybersecurity. At the same time, cybersecurity specialists on staff require ongoing training to keep their skills current. Unfortunately, what is covered in an academic setting may be more theoretical and less specific to the current threat landscape than what a staff member needs. As a result, cybersecurity staff members might need to look outside the university setting for their continuing education, and students may graduate with inadequate preparation for jobs in the field.
College and university CIOs can help bridge the gap between academics and the real-world threat landscape by establishing a partnership with industry that ensures up-to-date threat information while conveying the latest recommendations for best practices.
To support them in these efforts, the Fortinet Network Security Academy offers a comprehensive, eight-level Network Security Expert (NSE) certification program that independently validates cybersecurity professionals’ skills. It includes a wide range of self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.
The Fortinet Network Security Academy enables higher education CIOs to bridge the gap between academics and current cybersecurity best practices and help both students and staff members to keep up to date with industry-recognized cybersecurity certifications.
The safety of students is a college or university’s biggest responsibility. Criminal activity on campus is often well publicized. Unfortunately, other crimes, including some sexual assaults, are not highly visible because victims are too intimidated to go public with accusations. Higher education institutions have the moral obligation to do everything they can to prevent such crimes—and protect other potential victims when they do. This is the motivation behind the Jeanne Clery Act, which requires colleges and universities to provide timely warning of crimes on campus.
Physical security is a complex undertaking for a college or university. Multiple buildings are interspersed with large expanses of landscaping and sidewalks moving in every direction. Institutions should ensure that security cameras cover all parts of the campus with foot traffic, as well as building interiors. And the video security infrastructure should be network connected and protected by the university’s cybersecurity infrastructure. Integrating voice communications into the whole simplifies operations and helps smooth emergency response by campus police and other campus officials.
The Fortinet Security Fabric integrates voice, cyber, and physical security so that the entire safety and security infrastructure can be viewed on a single pane of glass. This enables voice systems, security cameras, recorders, emerging facial recognition and weapons detection technologies, and recordings of footage to be a part of the campus’s overall security architecture.
Fortinet campus safety solutions enable a comprehensive approach to cyber and physical security with single-pane-of-glass monitoring.
Key Higher Education Cybersecurity Challenges
American Rescue Plan for Education: A Reference Guide Powering Advanced Research with Scalable, High-Performance Security in Hyperscale Data Centers Free Network and Endpoint Assessment and Report IT in Higher Education: Balancing Service, Learning, and Accountability Securing the Campus with Fortinet Security Solutions for Higher Education Securing Higher Education Securing and Simplifying Network Access for Higher Education