Security

Approaching Zero Trust? Maximize the Tools You Already Have

For higher education institutions, working toward a zero-trust framework doesn’t have to mean investing in new tools.

Carly Walker joined Amplified IT and CDW Education after working as an e-learning technologist in the higher education industry for six years. During her time in higher education, Carly was the Subject Matter Expert for Google for Education. Carly is currently a co-lead for the EDUCAUSE Google Workspace Community Group. She is also a Google Certified Higher Education Trainer and a Google Certified Innovator.

There’s a common misconception about zero trust. It presumes that higher education institutions must make costly financial investments in newfangled security products in order to protect themselves from the scourge of cybercrime.

Very little of that is true.

The zero-trust philosophy — put simply as the implementation of a security architecture that automatically denies access to everyone before analyzing permissions to determine which people and/or devices can access which areas of a technology IT ecosystem — is not a product one can buy. There is no shiny new tool that will, on its own, set up colleges to reach zero trust. And even if universities achieve zero trust, there will always be cybercriminals and bad actors seeking to infiltrate networks, steal sensitive information or otherwise wreak havoc on institutions.

The good news is that there are plenty of higher education institutions that are probably closer to achieving zero trust than they realize. And there are others that are letting zero-trust-compliant settings languish within tools they already own, which could help them get far closer to that architecture than they already are.

Click the banner below to learn more about the benefits of a zero-trust security strategy.

Configuring Productivity Suites to Adhere to Zero-Trust Principles

The vast majority of higher education institutions are using either Google Workspace for Education or Microsoft 365 for Education as a suite of productivity tools. While these platforms have their own pros and cons, they share one important commonality that many colleges and universities are underusing: highly customizable administrative consoles.

At the country’s largest universities, there may be IT teams dedicated solely to managing these platforms, but that’s not the case for most. Even with a group of skilled IT professionals focused on the productivity suite, it can be hard to stay on top of the latest updates and trainings necessary to optimize everything.

Our specialized team at CDW Education spends every day staying up to date on the latest configurations for Google Workspace for Education, and our CDW Enterprise associates are doing the same with Microsoft 365. We work with higher education institutions of all sizes all over the country, and that experience has helped us understand the impact of every configuration setting.

There are a handful of security settings that can help institutions make the biggest gains toward zero trust. Data loss prevention rules should be configured to apply throughout the environment, including email and storage, and two-step verification and other forms of multifactor authentication should be turned on in every situation.

When an institution invests in additional capabilities, such as the Plus version of Google Workspace for Education, third-party application programming interface access can be customized to keep institutional email addresses from showing up on other platforms. This includes social media and other less-than-reputable websites.

Regular Audits Help Universities Defend Against Evolving Threats

To find out how your institution is positioned and which configuration tools could be optimized, an audit by a trusted and experienced partner is an ideal place to start.

The Google for Education Audit includes a review of configurations and settings and offers recommendations for storage, security, and future trainings or third-party solutions that can further enhance what institutions get from the full suite of tools.

In the case of Google, thousands of configuration settings are constantly being changed or updated. Through ongoing tinkering and reviewing, CDW’s expert auditors understand how those adjustments will impact an institution’s entire ecosystem.

We recommend a Google for Education audit at least every two years, and when the audit is complete, we’ll share our results and run tests to ensure that the adjustments we’ve made are working the way we intended.

At the end of the day, locking down the productivity suite you’re using is a major step toward achieving zero trust, and it can give IT security teams a win without any major new investments.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.