Universities face a dangerous combination when it comes to security. First, they can’t manage the majority of their endpoints — it’s simply too cumbersome for faculty and students. Second, they have to deal with remote learning and people connecting from all over the world, making it extremely hard to manage remote surveillance.
This duo puts these organizations on their heels because they aren’t able to gather the endpoint data needed for most security tools.
That’s where Zero Trust comes into play, the mentality to never trust and always validate. A Zero Trust mindset requires collaboration between IT and security teams alongside an acknowledgement that the network is likely already breached by bad actors and malicious software. These steps provide a solid roadmap for organizations to shore up defenses and incident response measures.
The Zero Trust conversation also moves the conversation from basic authentication/access to a more holistic approach to cybersecurity that tracks not only north/south movement but also east/west movement within a network. We’ve seen the impact of lateral movement from recent high profile ransomware attacks like Darkside where they landed, pivoted to exfiltrate data, and then pulled double extortion tactics on the victim.