Updates on Cybersecurity Events, Working Groups, and Programs
- The Educause Security Professionals Conference is next week in Baltimore. I’ve got a full workshop on Cloud 101 for the Security Team. My colleague Paul Howell and I, along with Joanna Grama and Valerie Vogel from EDUCAUSE, and Todd Herring and Kim Milford from the REN-ISAC, will also be presenting on All for One and One for All: EDUCAUSE, Internet2, and REN-ISAC's Swashbuckling Adventures in Cybersecurity. We’d love to see you there and have you engage with us!
- The Shared Cloud Security Assessments working group had another very productive year in 2017! Many thanks to the great, hard-working volunteers on this phase. We recently published an update in the Educause Review on our HECVAT work and the cloud broker index. We’ve even had industry news coverage highlighting our work as a community! Our next phase is going to be engaging more with service providers on HECVAT and sharing the results with the community. If you have a service provider you’re working with on a HECVAT and they are willing to share the completed HECVAT with the community, we want to know. Please direct them to HECVAT at REN-ISAC dot NET If you’re a service provider and want to get listed in the Cloud Broker Index (CBI). Please contact us to get added to the CBI. More updates will be coming from our presentation at the Educause Security Professionals Conference on Thursday, April 12 at 2:20 pm ET.
- Why InCommon Federation Baseline Expectations for R&E matters to the higher education information security community – much has been happening in the InCommon Federation around Baseline Expectations. For those in the security community who are not aware, the InCommon Baseline Expectations include security requirements for campuses and service providers participating in the Federation. These baselines are important to the security community because we need to continue to partner with the IDM community on shared interests and ensure we’re working together.
The baseline is the first starting point and has an expected level of security the community wants everyone to be able to meet. Even though it’s a low baseline, not all campuses are meeting it and the federation is working with campuses and participants on meeting the community established baseline. Some campuses probably just need to submit the required data as I am certain every campus has a security contact. I know campus security teams are focused on incident response and the rapidly rising security requirements from the federal government, but still keeping track of community effort on how we work together in the identity and security community can benefit everyone!
- Now, a quick update from the Internet2 Cisco Cloud Security program. For campuses with research computing or environments that require using a FedRAMP approved cloud access security broker to secure their cloud resources, Cisco CloudLock has achieved a FedRAMP Authority to Operate (ATO) with Agency Authorization sponsorship from the GSA.
Cisco Cloudlock can:
- Automate the discovery and protection of sensitive information within cloud environments.
- Defend against account compromise with User and Entity Behavior Analytics.
- Discover and control malicious and risky "connected" cloud apps.
- Enforce cross-platform security policies with automated response workflows.
If you’d like to learn more about Cloudlock, its FedRAMP ATO authorization, and how your campus can benefit via the Cloudlock program, please contact me and we can get a discussion going to see if it fits the needs of your campus.
- We also just posted major announcements for an updated NET+ Duo and an updated NET+ Splunk programs. Feel free to reach out to me if you have any questions or track me down at SPC to ask questions!
It’s been a busy couple of months all-around as I am sure you have been busy, too. More to come after the Educause Security Professionals Conference and before the 2018 Internet2 Global Summit. Also, the 2018 TechEx call for proposals has been posted!
In the meantime, feel free to reach out to me if you have any questions, comments, and/or suggestions.
Thanks for reading,