5 Ways to Help Address the #1 IT Issue in 2018: Information Security
Internet2 Staff Contributors: David Gift, Associate Vice President for Community Engagement; Paul Howell, Chief Cyberinfrastructure Security Officer; George Loftus, Associate Vice President, Network Services; Nicholas Roy, Director of Technology & Strategy, InCommon
Information Security topped the list of the recently published EDUCAUSE Top 10 IT Issues of 2018 – with 69% of all U.S. institutions having conducted a risk assessment for planning and prioritizing institutional information security work.
It’s a good time to reflect on the work Internet2 member institutions have done in this space. Take a fresh look and see how your organization may benefit from being more involved with the solutions, knowledge, resources and best practices that can help secure your ecosystem of networks and applications—that are key to advancing scientific discovery and leading-edge scholarship.
- Identity and access management: research and education (R&E) institutions have developed a robust platform of secure, privacy-preserving identity and access management applications through Internet2. These applications protect and federate millions of online identities and provide single sign-on access for research environments, business applications, course management solutions, and many more collaboration tools used in daily scientific and scholarly collaboration. Learn more about the InCommon Federation, Trust and Identity in Education and Research (TIER) program, and the gamut of identity and access management solutions created by the R&E community through Internet2. The Internet2 community also continues to focus on security through Trust and Identity programs such as Security Incident Response Trust Framework for Federated Identity (SIRTFI)—an international standard to enable the coordination of incident response across federated organizations, and the InCommon Security Incident Handling Framework.
- Distributed Denial of Service (DDoS) Mitigation Service: Internet2 has worked closely with regional networks and campuses to develop an affordable cloud-based volumetric DDoS Mitigation Service. This service addresses the need to protect regional and campus networks from malicious attacks. It was procured on behalf of the community from a commercial service provider, and is available through our regional partners or by campuses (if your regional does not offer the service). Learn more about the DDoS Mitigation Service
- Cloud Security Services: R&E institutions have created and implemented peer-led cloud security services that leverage the collective strength of members to integrate security controls and scalability necessary for the higher education enterprise—minimizing the challenges, costs, and risks of cloud migration. Learn more about Internet2 Cloud Security Services including multi-factor authentication, web security certificates, digital transaction management, backup and file recovery, and more.
- Working groups, resources and collaborations: Through Internet2, institutions and practitioners regularly collaborate in day-to-day working groups, workshops, webinars and semi-annual events to share challenges, resources and efforts that help each other navigate the information security aspects of network, identity, research, cloud, and IoT. Learn more about these resources: