How educational institutions are securing their data before breaches happen
Jesus Trujillo Gomez
Strategic Business Executive, Google Cloud
Russell Goldenbroit
Security Practice Lead, SLED, Google Cloud
In the US alone, 24.5 million school records have been leaked across 1,327 data breaches since 2005. And when +1.3 billion students moved to remote learning, the pandemic became an accelerant for cyber attacks with the number of attacks in education spiking 30% YoY during July and August 2020. In our experience working with education customers, we’ve seen three areas impacted by cyber attacks:
- Financial: Institutions experience financial loss from operational disruption and demands from cyber criminals who stole data. For example, The University of California, San Francisco confirmed it paid a ransom of $1.14 million to the criminals behind a cyber attack on its School of Medicine. To protect sensitive student data, the federal government released a statement encouraging all postsecondary institutions to implement NIST 800-171 controls, a policy designed to protect sensitive student data.
- Operational: Cyber attacks can prevent students, faculty and staff from accessing systems that are necessary to continue teaching, learning, and research initiatives, bringing operations to a halt. Hartford Public Schools in Connecticut postponed its first day of classes following a ransomware attack that shut down the district's system.
- Reputational: Institutions who have financial or student data breaches can suffer from lower enrollment rates and a loss of grant funding. A study conducted by the Ponemon Institute pointed out that higher education institutions are judged largely on their reputation. A single data breach can significantly impact the reputation of the institution, in addition to substantial financial implications.
How is Google Cloud helping educational institutions put security in place before a data breach happens?
Google Cloud's security model model, global infrastructure, and unique capability to innovate is helping academic institutions keep their organizations secure and in compliance. For example, Brown University leverages Google Workspace for Education to protect information sharing among faculty, students, and staff, while reducing IT maintenance costs.
Google Workspace helps establish each user’s identity in Google Cloud and this feature has become a core component of Google’s Zero Trust security model, implemented through BeyondCorp. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.
Most academic institutions look to minimize their risk in a shared responsibility model when running infrastructure-as-a-service or platform-as-a-service workloads. Google Cloud has partnered with industry-leading security consortia like RHEDCloud to understand the specific needs of educational and academic research institutions, and follow applicable regulations and grant requirements. We have co-developed solutions with partners, like Burwood Group, to meet those needs and help our customers automate secure and compliant environments for their researchers, students and staff. Burwood Group has partnered with 27 top-tier research universities (R-1) to deploy security solutions. Here are a few of the products we’ve seen the most interest in:
- Blueprint scripts uses Google Cloud built-in services to automate the provisioning and management of enterprise applications and research environments to be in compliance with HIPAA, FedRAMP, CUI, NIST 800-53, NIST CSF, and GDPR regulations.
- Security Command Center manages assets in your organization, uncovers vulnerabilities and threats, and reviews your organization’s compliance. The solution generates security alerts and audit events from logs that integrate with existing enterprise systems like Security Information and Event Management (SIEMs), Endpoint Detection & Response (EDR’s) and Security, Orchestration, Automation, & Response (SOAR) tools.
- Chronicle, Google Cloud’s next generation SIEM platform, is changing the game. It is a cloud-native platform designed to ingest your organization’s logs for a flat rate, abandoning the tiered model most SIEM providers offer. It can sift through petabytes of data in seconds and is useful for organizations that are both cost and security conscious.
- VirusTotal Premium provides access to the world’s largest corpus of threat data to protect your organization proactively. The VT API can easily integrate into your commonly used SIEM, EDR and SOAR tools, alerting you to threats that would otherwise go unnoticed.
- reCAPTCHA, helps defend against common attack patterns such as scraping or credential stuffing in web applications.
- Cloud Armor defends against distributed denial-of-service (DDoS) attacks.
For research workloads, these tools provide controls for data ingestion, the export of research data, and, sharing permissions and auditability, allowing researchers to collaborate with other institutions. These tools also automate the provisioning of environments to provide secure execution of Jupyter notebooks and other applications commonly used in research, like Matlab, SAS and Python/R environments.
A customized approach that aligns with education-specific needs
Google Cloud has partnered with academic institutions and research groups to understand their specific needs, and co-develop solutions that help customers govern, control, and audit security and compliance for all types of workloads in a shared responsibility framework. These solutions integrate with most common enterprise and security systems and permit customization to accommodate specific needs around security or data sharing (e.g grant requirements).
To learn more, watch our latest on-demand webinar, Cloud Security Best Practices for Higher Education, hosted by Google Cloud and our partners, Burwood Group and Carahsoft.