Proactive security testing is becoming a strategic advantage for educational institutions.
It’s funny how demand for individual products and services frequently manifests itself in a cyclical fashion – especially within the context of specific vertical markets – and how a particular type of organization will often begin gravitating toward one breed of solution or another en masse at a certain point in time.
Now, many times of course, specifically within the sphere of IT security, this type of herd mentality around technology adoption is driven by the emergence of a specific archetype of threat or touched off by the introduction of a new industry or government regulation that requires the use of some explicit solution.
But sometimes – fed through the relevance and timeliness of a particular technology and the sort of underground peer-to-peer viral marketing ripple that all of us in the product business dream of – a particular product or service will gain rapid adoption across a certain industry simply because it’s such a good fit for the common needs shared in that space.
That latter sort of synergy between applicability and necessity is currently occurring in the education sector related to those organizations’ rapid embracement of automated penetration testing, and even more broadly within the wider context of IT security testing and measurement.
How do we know this? The customers just keep on coming, whether on the trade show floor, at our webcasts or in Core Security’s current CORE IMPACT Pro user base. And when you listen to the reasons why they’re coming, it truly makes great sense.
Consider this: Organizations in the education sector face some of the most challenging factors you could cook up today in creating an IT security management footprint. Like many other types of organizations, they have to protect large volumes of IT assets and electronic data, but they must also do so while supporting networks that permit use by large numbers of individuals who bring their own (unmanaged) devices into these environments every day.
And then there’s compliance, that warm, fuzzy process that security practitioners have come to love so much. Many schools must not only comply with complex, sprawling mandates such as PCI (think college bookstore, tuition payment processing and alumni donors) and HIPAA (student medical records or teaching hospitals), but also with increasingly strict internal standards for securing their data in particular. For state schools there are also other local regulations to keep in mind.
How hard is all of this to pull off? A quick look at the chronological list of data breaches recorded by the nonprofit Privacy Rights Clearinghouse reveals a startling truth, as nearly half of all the organizations indexed on the infamous register operate in the educational sector.
Addressing all of these needs while providing the type of open computing environments dictated by the teaching and research environment is certainly no small challenge, and hey, guess what? Most educational institutions don’t have the same budgets as their peers in other more profit-driven industries.
These are the specific reasons why we’re hearing from so many organizations in the education sector about their interest and subsequent adoption of automated security testing technologies like CORE IMPACT Pro. The IT security professionals tasked with trying to meet all the needs laid out above are desperate for a way to identify their biggest points of risk (in direct relation to data breach attempts) and to understand that the investments they have already made are paying off.
They also need a better way to prove existing risks to other internal shareholders, both to force those constituencies to address their own security concerns (apps development) and to get the budget they need to keep pace with the ever-growing range of threats and compliance demands that they face.
Using IMPACT Pro to carry out comprehensive security testing allows educational institutions to gain extensive visibility into the cause, effect and prevention of sophisticated data breaches, as well as understand precisely what data they may already have exposed to potential attackers. By illustrating how multiple low-level vulnerabilities can be assailed by hackers to gradually advance their privileges and gain access to protected information, organizations can address their most urgent vulnerabilities and comply with complex industry regulations without being forced to restrict IT systems access.
Check out the recent customer success stories that we’ve published about the University of Southern Illinois, and UQAM in Montreal, and you can appreciate the value that proactive security assessment is providing to educational organizations today – in their own words.
It’s gratifying to us to hear that we’re truly helping IT security professionals at these customers appreciate significant benefits and feel better about their ability to cover their assets.