Why Proven Frameworks and Automation Matter for Higher Ed Security

SteelCloud has just returned from exhibiting at the EDUCAUSE conference in Nashville. EDUCAUSE is a nonprofit organization supporting higher education technology leaders and professionals in the advancement of teaching, learning and decision making. Topics included everything from AI and chatbots to payment technologies and cybersecurity.

Attendees represented the best and the brightest of IT in higher education, and many of them stopped by our booth in the cybersecurity pavilion to ask questions about cybersecurity automation, a capability SteelCloud is both a leader and innovator in.

Addressing the elephants in the room.

You’ve probably heard the old saying, “the best way to eat an elephant is one bite at a time.” The same is true for cybersecurity. It’s a huge undertaking and a job that is never really done.

But one of the things people don’t talk about—the other elephant in the room—is how much cyber threats are evolving in higher-ed. Higher education is an attractive target. Data theft, phishing, denial of service attacks and ransomware are on the increase in recent years. In 2023 alone, ransomware attacks increased by 70% with the US leading the trend. Much of it is caused by human error in falling for phishing scams. In any given year, more than 90% of education institutions will encounter a breach or cyberattack. The average cost to resolve a successful attack is $3.65M. Which is why EDUCAUSE routinely places cybersecurity at the top of their list of annual priorities.

SteelCloud addresses both elephants in the room—thwarting the ever-increasing range of attacks and enabling a manageable cybersecurity approach through automation.

And there is one more elephant in the room. Adoption of proven, world-class cybersecurity frameworks is low in the industry. No industry or governing body is currently requiring adoption or audits so the funds that would be earmarked for maturing your cybersecurity program are going to other technology priorities. And this is setting up a perfect storm for future breaches because frameworks like NIST SP 800-53 and CIS Benchmarks are based on a global knowledgebase of known threats and are continually updated so breaches are nearly impossible. They are the best line of defense against hackers. EDUCAUSE prioritizes it. Yet little is getting done, despite the need and risks.

All of this made our booth giveaway quite popular, however—stuffed elephants that double as screen cleaners so you can get a clearer view of things. They serve as a reminder that cybersecurity is a big job that we can’t ignore.

A Rare Approach: Automating World-Class Cybersecurity Frameworks

SteelCloud’s solution at EDUCAUSE was truly distinctive, setting us apart as a rare presence in the room. SteelCloud automates the implementation and maintenance of standardized, proven cybersecurity frameworks, including:

• CIS Benchmarks. CIS Benchmarks have been created by a global consortium of cybersecurity professionals and act as a roadmap for securing all the endpoints in your organization. They tell you where to look for vulnerabilities and how to fix them. SteelCloud is the only vendor featured in the CIS Benchmarks CyberMarket for cybersecurity automation.
• NIST 800-53. The National Institute of Standards and Technology have developed a list of security and privacy controls for any organization to reference in their cybersecurity journey. They form the basis of other frameworks, like CIS Benchmarks.

These two frameworks are like the Rolls Royce’s frameworks for higher education. SteelCloud also automates STIG implementations for the DoD and other government agencies. Our nation’s biggest secrets and data are protected by these frameworks.

Once implemented and policy is set, automation turns months of manual configurations into minutes of error-free work. Then it continues that work with little human interaction 24/7/365, creating and maintaining nearly impenetrable cybersecurity throughout your system.

While many at the conference had a good understanding of using automation to scan for vulnerabilities, some had not realized that remediation could also be automated. In all, SteelCloud’s ConfigOS automates scanning, remediation, reporting and continuous compliance—everything you need for a world-class cybersecurity solution.

If we had to report a big “a-ha” moment from our booth, it was when people saw the remediation in action. For those who have been struggling with NIST or CIS Benchmarks implementation, as well as for those who weren’t aware of CIS Benchmarks, seeing how well ConfigOS simplifies cybersecurity at that level was a big eye opener.

People also asked us how we differentiate ourselves in the cybersecurity marketplace. Just one look around the floor answered that question: We were the only ones there that automate CIS Benchmarks and NIST frameworks. Moreover, there will never be anyone who has done it longer than we have, as we are the long-standing pioneer in the space.

Bringing Cybersecurity Automation to Life at EDUCAUSE

Overall, EDUCAUSE was an exciting show with a lot of opportunities and good conversations. If you want a taste of what visitors to our booth experienced, feel free to request a demo of ConfigOS, our cybersecurity automation solution. Once you see it in action, you’ll wonder why you’ve been putting off implementing these frameworks for so long!