An ‘unhackable’ system for securing campus data?

New Hampshire-based company EduLok promotes a two-pronged approach to safeguarding sensitive data

data-securityWith data security breaches continuing to plague higher education, a New Hampshire company called EduLok is promoting what it calls an “unhackable” system for safeguarding sensitive information.

EduLok’s new system, announced in August, reportedly takes a two-pronged approach to securing campus networks and data: (1) It fragments the information stored in campus databases and disperses it across multiple EduLok servers located around the world, and (2) it requires multifactor authentication for students and staff to retrieve this information.

EduLok says its system eliminates the need for user names and passwords, which can be cumbersome to remember and easily hacked. Instead, students and staff would use a PassKey—either a USB token or a mobile app—and a Personal Identification Number to access the data.

Here’s how the system works, according to EduLok: When a student or staff member inserts a USB token into a computer and tries to access the campus network, or logs into the network using a special mobile app, this action initiates a “conversation” with an EduLok server, which asks the user for his or her PIN.

If the PIN matches the number associated with that PassKey, the user is granted access. Then, as the user requests information, these data are retrieved from multiple EduLok servers, reassembled, and delivered to the user.

Many data security breaches in higher education occur when someone hacks into a campus database, said Gerry Texeira, director of product management for EduLok. By fragmenting and dispersing information across multiple servers, “there is not a single database where hackers can get this information,” he said.

And because authentication isn’t taking place through a campus portal, but behind the scenes, EduLok’s system also “eliminates the possibility of phishing or ‘man in the middle’ attacks,” Texeira claimed.

(Next page: Fragmenting data, sovereignty and Internet2)