Data Storage Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Security of University Data

Data storage is a requirement for nearly every type of organisation. You might initially just think of a typical enterprise, but establishments like universities also have their own storage and security plans in place.

Educational institutes hold quite a lot of valuable data. It can range from the basic, to personal details like name or address, to the advanced, like bank details. It goes without saying that if this data fell into the wrong hands then the outcome could be catastrophic for that user.

According to the Baltimore Sun, last year alone saw the following breaches: a possible exposure of 2.5 million social security and bank numbers from an Arizona college; 74,000 social security numbers of University of Delaware students and staff; 145,000 applications to Virginia Tech. And that doesn’t even cover the rest of the country or the world.

Universities and colleges are attractive to hackers because the networks often have many access points. On top of the personal data of students and staff, universities hold a lot of intellectual property that could hold a lot of value.

Sometimes the data is so scattered that it can be tricky to discover where the data is and what the vulnerability points in the networks are. Unlike other companies that hold sensitive data, universities are unable to control what devices or software is used to access their data. This is because students and researchers across the world will all be trying to access the data in different ways.

Typically, a business might raise concern if they’re getting a high amount of traffic from an unusual country. However, the global nature of universities means that this wouldn’t raise any alarm bells.

“Really, everything is an anomaly. If I get a million connections from another country, a corporation might say that's not good. In our world, because we have students and faculty all over the world, that doesn't necessarily trigger any response from us,” said Darren Lacey, the chief information security officer at John Hopkins.

“It's been a long-standing concern that our culture of collaboration and trust kind of flies in the face of the need for security to be more closed, more alert and more sceptical and cynical,” said Rodney Petersen, senior policy adviser for SecuriCORE.

The University of Maryland is now considering whether the information they hold should be centralised to keep data in one place, rather than across colleges and departments. Similar discussions are taking place at John Hopkins, where the university is now prioritising the need to protect their data with the highest security.

Apparently the University of Maryland receives millions of emails per week, of which 90 percent or more are from websites blacklisted by anti-spam software. The emails are trying to trick people to hand over data and are blocked, but unauthorized access attempts to the network are growing exponentially.

Some universities may be reluctant to limit the openness of their networks for fear of disrupting research that requires access. There is a need to mix openness and security. One possible solution for this would be two-step verification.

That balance is currently being sought after across universities as they seek to protect their data and their networks.

Comments

No comments yet. Sign in to add the first!