Universities face hurdles during the COVID-19 pandemic and beyond—focusing on data access and data security implications is critical

Ensuring data security during remote and hybrid learning


Universities face hurdles during the COVID-19 pandemic and beyond—focusing on data access and security implications is critical

California State University, the largest four-year public university system in the country, made headlines when it announced recently that it intends to continue with remote teaching in the fall term at all 23 CSU campuses, affecting most of its 482,000 students. This was a bold move. I applaud the CSU system, or any college or university, as the rapid shift to online instruction amidst COVID-19 has been an undertaking of historic proportions.

Lost in the headlines is the amount of work that IT teams must do to enable remote access to HR applications for nearly all university staff and faculty. For Cal State, more than 53,000 faculty and staff need access to essential information and systems. Along with student users, in total, that is 535,000 (mostly remote) users accessing student information and HR systems from all over the world.

Related content: COVID-19 ushers in a new era of cybersecurity

The repercussions of this decision are wide-reaching. First, Cal State must be able to keep students engaged and provide parity to classroom learning. Beyond that, there are myriad implications placed squarely on the enterprise applications that support these institutions.

With millions of students, faculty, and staff depending on these applications to keep operations running smoothly, how will campuses look to adapt these systems to their new normal? How can they ensure these systems can meet these new demands?

Remote and distance learning means operations will be hugely dependent on self-service. Universities face a double whammy: Maintaining strict authentication and data security policies while requiring additional UX/UI solutions that create an intuitive mobile user experience. This double-whammy occurs because on-premise student information systems were primarily designed before the prevalence of mobile access.

Universities must focus on TWO key areas: user experience and data security.

For students, user experience is EVERYTHING

Today, the primary method for communication for students is through their mobile devices. Taking a UX/UI meant for the desktop and applying it to mobile can create misalignment, leading to the abandonment of whatever task the user was doing. Without additional UX solutions, the mobile interface for a university’s website can be challenging for students to navigate.

This poor user experience could prove problematic as tens of thousands of students simultaneously register for classes. Students should be able to navigate through transactions like add/drop/swap courses, view grades, class schedules, search for classes, access advisor information, and financial aid details from their mobile device with as little friction as possible.

Without an intuitive mobile interface, campuses face the prospect of flooding their support desks or risk having students quitting self-service transactions and not meeting critical enrollment deadlines. Giving students the proper tools to execute most of their tasks through self-service will alleviate the university staff’s workload. It will also provide one fewer hurdle that students, especially new students, will have to face before classes begin.

For EVERYONE, data security is EVERYTHING

Colleges and universities face the same challenges as businesses that had to transition entire workforces from office-based to work-from-home. Remote access is now a requirement. IT departments should have the ability to dynamically control access to sensitive transactions and maintain granular visibility into user behavior.

Campuses are turning to VPN solutions to ensure secure authentication, but VPNs have plenty of vulnerabilities, including their ability to be hacked and their overall lack of access control capabilities. To mitigate some of these vulnerabilities, universities are adding Multi-Factor Authentication (MFA). MFA integration allows users to access different resources while requiring a more robust authentication mechanism to execute a sensitive transaction. While application-layer authentication is good, transaction-level authentication is ultimately the best way to ensure data isn’t unnecessarily exposed.

MFA integration also allows universities to leverage adaptive capabilities. This can enable you to deploy MFA challenges based on the context of access, such as only outside regular business hours, if the location of the device accessing the system is from overseas, or is a mobile device at all. This flexibility can reduce the disruption of MFA challenges on the user and ultimately provides significantly better data security.

Additionally, campuses must consider how they can maintain visibility over the data in their transactions. After all, when you consider the sheer volume of sensitive data in a student information system like student records, student financial information, parent financial information, etc., it becomes clear that the implications of a breach could be catastrophic.

There are many data security considerations that are not simple to solve, but the focus must be on visibility, control, oversight, and accountability. How detailed is your view of data access and usage? If there was a potential security threat, how long would it take you to detect and remediate it?

It is too early to tell how many colleges and universities will follow Cal State University’s lead and announce remote learning plans for the Fall semester. Regardless, now is the time to prepare for a school year that still has many variables and unknown factors, starting with the student mobile user experience and data security.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

eSchool Media Contributors

Oops! We could not locate your form.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.