Making learning experiences smart, yet secure and hybrid is not a paradox anymore. An interesting Microsoft-CyberMedia workshop unfolds how
Conversations about transforming education are not just about enriching learning and career-readiness but also about security, privacy, inclusivity, and engagement. That assures that many critical aspects are not relegated to footnotes but are etched as centre-points when one thinks of education transformation.
That’s necessary. Security has to be on the top of mind for everyone investing one’s time and money in hybrid learning. When we look at all the data being generated, the rich research work, the wealth of data about payments-faculty-students etc. – all that makes this area a rich target for malicious actors. The numbers and red flags around it remind us of that quite well.
In an immersive workshop on this topic, Sunil Rajguru, Editor, Dataquest, PCQuest & CiOL reminded everyone how cybersecurity was always on the backburner for even enterprises. “The importance is still not realised. How can then education institutions be alert and proactive about security?”
Amit Pawar, Director, Education, Modern Workplace, Microsoft explained that it’s not a choice anymore because this space is a honey pot of data. “A lot of data is a rich pot for attackers. Education is a soft target. So much data is there—student information, social security data, health records, IP, research work data and a lot of other records worth mining for malicious actors.”
“It’s not just independent malicious attackers but paid actors too who are behind such attacks. So do not think about delaying it. If you think you will get to it one day, those days are long gone. You need a holistic and strong policy around security, data management, data hierarchy, compliance etc. because we do not have a holistic strategy, we end up having shadow IT too. So data siloes, other vectors of attack and lack of visibility will keep creating new points of vulnerability. So we really need an end-to-end strategy when it comes to education organisations and their approach to security.”
Security—Yes. But How?
“Hybrid teaching learning is being approached through guidance and best practices, we use an education transformation framework,” Pawar.
He talked about what he observes the customers are doing now and what can be learnt from their own best practices there. Pawar strongly encouraged institutions towards having the security-first mindset. A lot of deployments are concentrated on end results. “Deployment should not come at the cost of security. Some customers use third-party solutions too but their implications affect the security posture a lot.
His roadmap for this ‘security first’ mindset was as follows. “Do not be caught in a typical technology deployment path. It’s where one prepares users and data, deploys workloads, on boards and trains users and then implements security. Deprioritising security creates vulnerability. The approach should rather be – pay attention to security along with the deployment. We see a lot of security breaches happening across India in the education realm. So having a proactive security stance is quite crucial. We want to make sure to create an internal strong security environment across all aspects – from internal threats, phishing attacks, device risk, remote access, data exfiltration, lateral movement to unmonitored activities and other network policy issues.”
He explained how this works well with a journey approach. Like phase-1 is about identity and threat protection. Next phase is device and apps management, next is productivity and collaboration and then there is information protection and governance. “Microsoft 365 is a secure, intelligent and complete solution to empower your employees.” He stated.
Security – The Cloud-Ready Way
The panel also talked about readiness amidst stakeholders and institutions so that they can use hybrid education platforms in a meaningful way.
During the workshop, a deep-dive demo was also given by Shubham Dubey, Technical Architect, Microsoft. It covered conditional access, privileged identity management, identity protection, self-service, phishing attack, Shadow IT discovery, endpoint protection, and zero-touch deployment among other aspects.
Parimal Deshpande, Vice President, Cloudstrats added how fighting data governance isolation and absence of a centralised mechanism used to be barriers to security. Having a command centre to operate education platforms in a comprehensive way can help a lot here. This helps to remove blind spots at the ground level.
Siddharth Chawla, Senior Product Marketing Manager, Microsoft added that devices should not be treated as a commodity. “Security should continue to be looked at proactively. We have seen instances with ransomware attacks and attacks on firmware as well as devices. So security at the chip-level and Cloud-level is important. It helps to have tools—wherein with the unique Device Firmware Configuration Interface (DFCI) in Surface, IT Managers can control hardware elements at a firmware level. It also helps to have built-in protection at every layer of the hardware.”
He suggested having some strong policies in place. “Like having robust device life-cycle protection, a strong security status visibility for IT, and the ability to wipe the slate clean with remote access and ensure data compliance on devices when specifically needed.
Wiping the slate clean–well, we need that very strongly now, specially when it comes to our minds where one can still spot a lot of complacence and old approach to security. It’s time to get squeaky clean and strong.