Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Blogs

NET+ Program Including HECVAT, Presenting Sessions at EDUCAUSE Annual Conference 2018

Oct 24, 2018, by Nick Lewis
Tags: Cloud Services & Applications, Educause, Frontpage News, Google Cloud Platform, Higher Education, Internet2 NET+, Recent Posts, Security

Internet2 continues its commitment to the NET+ program in meeting our members’ needs as mentioned in the recent update on NET+ leadership and during the 2018 Internet2 Global Summit session.

One aspect of strengthening the program is improvements around information security. Specifically, the NET+ program has incorporated the Higher Education Cloud Vendor Assessment Tool (HECVAT) into the information security activities for our facilitated cloud services.  

Internet2 has been involved in the Higher Education Information Security Council (HEISC) Shared Cloud Security Assessments working group that produced the HECVAT since before its formal inception. As part of this, we have worked with the campuses involved in the working group, EDUCAUSE and REN-ISAC (Research & Education Networking Information Sharing & Analysis Center). 

For all new services in the NET+ program we are including the HECVAT as one of the core artifacts used during the information security aspects of service validation. A collection and review of the HECVAT was part of the NET+ Google Cloud Platform service validation—Indiana University presented on this effort during at the 2018 Internet2 Technology Exchange.

As part of the HECVAT working group to promote sharing and the Cloud Broker Index (CBI), we have also been reaching out to the service provider community interested in working with higher education. The working group did a service provider-focused webinar in July 2018 to get more service providers engaged in using the HECVAT and the CBI. 

Without the service providers’ participation, campuses will still benefit from HECVAT, but the most benefit for the community can be achieved by having service providers prepared to support a campus request for information security documents as part of assessing the risk around a cloud service. We will continue this outreach during the next phase of the working group.

We are pleased to announce that we are developing plans to work with existing NET+ service providers on completing a HECVAT as part of our ongoing commitment to advance higher education information security and support collaborative work. We are already using the HECVAT as a starting point for new services.

EDUCAUSE is a great opportunity to learn about the HECVAT. The working group has two sessions at the EDUCAUSE Annual Conference 2018 in Denver, CO, from October 30 to November 2. Several of the NET+ team members will be in attendance at the EDUCAUSE conference. 

The NET+ team will be reaching out to services providers in attendance to improve awareness and answer questions regarding HECVAT. Please stop by the HECVAT and NET+ sessions or register for the workshop if you’re interested in learning more:

Hope to see you there!