Higher Education Cybersecurity
Supporting a Secure Smart Campus with Support for Free Expression
College and university campuses are centers of innovation in many areas, and IT is no exception. Advanced research and smart campus initiatives provide educational opportunities and enhance student life, but they also bring new network security risks to the institution. Cyberattacks on higher education are on the rise. A recent study finds that attacks resulting in compromised data occurred 101 times in the past year, up from just 15 incidents five years ago. And at the beginning of the current academic year, two institutions were hit with devastating ransomware attacks that completely shut down their networks for a week or longer.
Colleges and universities are attractive targets for cyber criminals. Their networks house advanced research data—including for defense-related and commercial research, of interest to nation-state attackers and those conducting industrial espionage. According to the 2019 Verizon Data Breach Investigations Report, 11% of attacks on higher education institutions in the past year were espionage-related.
Higher education networks also contain a plethora of personal, financial, and medical information for students, alumni, faculty, and staff—a relatively affluent population. Adversaries aiming to create chaotic operational disruptions see opportunities in higher education institutions, which often act as a single source of most of life’s necessities for their on-campus students. And colleges and universities often host thousands of privately owned devices on their networks, complicating endpoint security and increasing the risk of intrusions.
Key Higher Education Cybersecurity Challenges
A Reactive Risk Strategy
Historically, higher education institutions have had a more reactive stance to cybersecurity, responding to threats as they occur. There are several reasons for this: tight cybersecurity budgets, a deliberate approach to making changes to IT systems, and a desire not to diminish students’ ability to exercise free expression due to mandated security practices. Regardless of the reasons, institutions simply cannot keep pace with the volume, velocity, and sophistication of advanced threats today. Traditional security approaches are ineffective in detecting, responding to, and preventing threats. This exposes critical institutional data and systems to data loss and operational disruption and outages.
A Growing Attack Surface
The number of network-connected devices has increased exponentially in recent years, and many of those devices are not owned by the institution. One study finds that students bring an average of eight or nine devices to campus. Despite the best efforts at user education, some students are prone to risky online activity. At the same time, the number of cloud applications being used by institutions has mushroomed. All these trends contribute to a greatly expanded attack surface that requires a strategic, coordinated approach to security.
Thwarting Insider Threats
Academic institutions are devoted to the principles of free expression, transparency, and sharing of information. Threat actors are aware of this and take advantage of this culture of openness to launch attacks that can ultimately threaten free expression. In a world where trust is no longer a static concept, even internal traffic between departments, faculty, staff, and students can lead to intrusions—whether by trusted individuals or by hackers impersonating them. Institutions struggle to find new ways to intelligently segment the network and to verify the trust of each user and device that seeks access.
Rationalizing IT Operations
A rapidly expanding attack surface has prompted many institutions to purchase point products to cover specific needs. They also tend to rely on the built-in security tools for each public cloud they utilize. Regardless of the adequacy of the individual tools, their lack of integration with each other results in a heavily siloed security architecture. This creates immense operational inefficiencies as highly paid cybersecurity staff spend valuable time correlating log information and creating manual reports. These manual processes also hamper threat detection and response in today’s fast-moving threat environment.
Maintaining and Reporting on Compliance
Higher education institutions must stay compliant with a variety of regulations and standards. They must protect the personally identifiable information (PII) of students, electronic health records, grading systems, payment card and bank account information, and research data, to name a few. And the Jeanne Clery Act requires them to provide timely warning of crimes on campus to students and staff. Audits are frequent enough that redeploying staff from strategic initiatives to preparing compliance reports is not a workable solution.
Learn More Fortinet enables secure, high-performance networking between campus locations, decentralized schools and departments, and research sites.
Learn More Fortinet enables integration of cybersecurity, physical security, and voice communications for simplified operations, easy reporting, and enhanced campus safety.
Learn More The Fortinet Network Security Academy enables colleges and universities to integrate staff continuing education with academic training to keep students up to date.
Fortinet Differentiators for Higher Education Cybersecurity
Fortinet delivers a flexible platform for building an end-to-end, integrated security architecture for institutions of higher education—from the data center to the endpoint to multiple clouds. An open application programming interface (API) and Fabric Connectors help integrate third-party tools to accommodate prior investments and niche protection.
Secure Branch Campus
Fortinet offers a comprehensive software-defined wide-area network (SD-WAN) and secure networking for branch campuses and other remote locations. This eliminates the need for expensive multiprotocol label switching (MPLS) bandwidth, provides optimal security, and improves network performance.
Networking, Cybersecurity, and Physical Security
Fortinet delivers the ability to consolidate networking, cybersecurity, and surveillance functions into a single pane of glass—whether at the main campus, a branch campus, or another location.
Insider Threat Protection
Fortinet delivers a comprehensive and multilayered solution to guard against accidental and deliberate insider threats with identity and access management supplemented by network access control (NAC), intent-based segmentation, deception technology, and user and entity behavior analytics (UEBA)—all integrated for centralized visibility and control.
Robust Threat Intelligence
FortiGuard Labs delivers comprehensive intelligence from a large global network of firewalls and an artificial intelligence (AI)-powered self-evolving detection system (SEDS) that has refined its algorithms using machine learning (ML) for nearly eight years. This has resulted in extremely accurate, real-time identification of zero-day and unknown threats before they can cause problems on the broad, resource-intensive networks used by higher education.
The Smart Campus
A college or university campus is, in many ways, a city unto itself. This means that the various concepts that are collectively referred to as a “smart city” can also apply to higher education institutions. For example, today’s students access myriad services all over campus with a single ID card—or even a mobile app. On-campus students may use these cards to access most of their daily needs, from food to housing to entertainment. This consolidated approach makes for a seamless experience for the student, but it presents multiple opportunities for attackers to infiltrate campus networks.
At the same time, colleges and universities are hotbeds of digital innovation—among students, faculty, and researchers. Campus research networks often host extremely sensitive data and require robust security, high processing speeds, and low latency. Student and faculty networks now utilize myriad cloud-based services, and often host thousands of mobile and Internet-of-Things (IoT) devices. Encrypted traffic is now the rule rather than the exception, but security solutions that inspect this traffic often slow network performance.
To provide protection in this challenging environment, colleges and universities must deploy a variety of defenses that together provide layers of protection against the wide range of advanced threats. However, this protection cannot operate in different, unconnected silos. Rather, the security architecture must be integrated from end to end—from the data center to multiple clouds and to the wide array of devices at the network edge. Full integration not only supports optimal operational efficiency but also enables automation of security processes including threat detection and response—the only way to counter threats that now move at machine speed.
The Fortinet Security Fabric delivers a broad, integrated, and automated security solution with end-to-end integration that brings centralized visibility and control spanning the entire institution. A wide array of Fortinet cybersecurity tools integrates seamlessly into the Fabric, along with dozens of third-party solutions delivered by Fabric Partners. And an open ecosystem and extensive application programming interface (API) tools make the integration of other third-party tools possible.
The Security Fabric is built on the foundation of FortiGate next-generation firewalls (NGFWs) and artificial intelligence (AI)-powered threat intelligence from FortiGuard Labs. Integrated tools for security orchestration, automation, and response (SOAR) and security analytics tools enable a strategic and coordinated response to advanced threats. Advanced endpoint protection and network access control (NAC) tools protect endpoint and IoT devices. And network-based video security can also be integrated into the Security Fabric.
For the hybrid cloud infrastructure, Fortinet Dynamic Cloud Security solutions break down silos between clouds and enable consistent policy management and a single-pane-of-glass view of the entire infrastructure. They feature native integration with all major public cloud providers, broad protection to cover all elements of the attack surface, and management and automation capabilities that enable consistent, timely threat detection and response.
The Fortinet Security Fabric enables technology companies to protect the entire infrastructure through centralized visibility and control, unlocking automation, and simplify reporting and analysis. The result is enhanced security for critical assets like intellectual property and student information.
The Decentralized Campus
Most colleges and universities now provide services at multiple locations—branch campuses, learning centers, study-abroad locations, and remote research sites—in addition to the main campus. Operating in different countries adds to cybersecurity complexity, and international threat actors reside in some countries hosting remote campuses for U.S. schools. At the same time, large universities are now often structured so that individual schools, colleges, and even departments under the university umbrella purchase services from the central IT department on a chargeback basis. This results in a decentralized model even when different entities exist on the same campus.
Just as higher education institutions must build cybersecurity into the main campus infrastructure, security-driven networking is vital at other locations controlled by the university. Connections between locations must be secure, cost effective, and high performing. And institutions need the ability to scale their network traffic according to spikes and lulls tied to the school calendar.
FortGate next-generation firewalls (NGFWs) include highly secure and cost-effective software-defined wide-area network (SD-WAN) technology, allowing network traffic to travel between campus locations on the public internet—or even over a virtual WAN (vWAN) within select public clouds. This eliminates the need for expensive multiprotocol label switching (MPLS) bandwidth to connect locations.
At the remote location itself, Fortinet SD-Branch solutions extend the SD-WAN solution to the access layer. This enables secure networking at branches and consistent security coverage from the internet, to the wireless network, to the switching infrastructure.
Fortinet solutions for secure branch campuses and remote facilities enable institutions to provide secure, high-performance networking with branches, eliminating the need for MPLS circuits to connect campus locations.
Protecting Higher Education with the Fortinet Security Fabric Create Safer Schools and Campuses with Physical and Cyber Security Solutions from Fortinet Securing Smart Campuses: Do You Know the Risks? Understanding the Obstacles to WAN Transformation To Support Digital Innovation, Branch Networks Need Greater Simplicity and Visibility Three Use Cases for Transforming Branches with Fortinet Secure SD-WAN
IT in Higher Education: Balancing Service, Learning, and Accountability Securing the Campus with Fortinet Security Solutions for Higher Education Securing Higher Education Securing and Simplifying Network Access for Higher Education How Open Access to Education Creates Security Concerns Simplifying SD-WAN Operations with Single-pane Management FortiGate 60F NGFW Delivers Optimal TCO for Secure SD-WAN Deployments at Smaller Branch Offices
University Networks Face Growing Threats as Attack Surface Expands How the Right Solutions Can Secure a University Network Consolidating Networking and Security Functions Can Reduce Branch Vulnerability The Network Leader’s Guide to Secure SD-WAN How Service Providers Can Optimize Managed SD-WAN and SD-Branch Delivery and Management
Integrative CIO and Cybersecurity Education
Higher education institutions often offer academic courses and degrees on cybersecurity. At the same time, cybersecurity specialists on staff require ongoing training to keep their skills current. Unfortunately, what is covered in an academic setting may be more theoretical and less specific to the current threat landscape than what a staff member needs. As a result, cybersecurity staff members might need to look outside the university setting for their continuing education, and students may graduate with inadequate preparation for jobs in the field.
College and university CIOs can help bridge the gap between academics and the real-world threat landscape by establishing a partnership with industry that ensures up-to-date threat information while conveying the latest recommendations for best practices.
To support them in these efforts, the Fortinet Network Security Academy offers a comprehensive, eight-level Network Security Expert (NSE) certification program that independently validates cybersecurity professionals’ skills. It includes a wide range of self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.
The Fortinet Network Security Academy enables higher education CIOs to bridge the gap between academics and current cybersecurity best practices and help both students and staff members to keep up to date with industry-recognized cybersecurity certifications.
The safety of students is a college or university’s biggest responsibility. Criminal activity on campus is often well publicized. Unfortunately, other crimes, including some sexual assaults, are not highly visible because victims are too intimidated to go public with accusations. Higher education institutions have the moral obligation to do everything they can to prevent such crimes—and protect other potential victims when they do. This is the motivation behind the Jeanne Clery Act, which requires colleges and universities to provide timely warning of crimes on campus.
Physical security is a complex undertaking for a college or university. Multiple buildings are interspersed with large expanses of landscaping and sidewalks moving in every direction. Institutions should ensure that security cameras cover all parts of the campus with foot traffic, as well as building interiors. And the video security infrastructure should be network connected and protected by the university’s cybersecurity infrastructure. Integrating voice communications into the whole simplifies operations and helps smooth emergency response by campus police and other campus officials.
The Fortinet Security Fabric integrates voice, cyber, and physical security so that the entire safety and security infrastructure can be viewed on a single pane of glass. This enables voice systems, security cameras, recorders, emerging facial recognition and weapons detection technologies, and recordings of footage to be a part of the campus’s overall security architecture.
Fortinet campus safety solutions enable a comprehensive approach to cyber and physical security with single-pane-of-glass monitoring.