C-Level View
the information security needs of their institution, but all anticipate that sharing of a cloud resource will
have significant impact on reducing institutional risk.” GreyCastle Security, from Troy, NY, was selected from RFP responses returned by more than 10 vendors.
The consortium was spawned from a somewhat larger group of area colleges and universities, WSIT (West Suburban IT), that meets regularly to talk about IT topics.
valuable to be a part of this collegial group.
A couple years ago, we started noticing that information
sharing is one thing, but there are some things that we could be doing better together. Security was one of the first things we started to talk about, in terms of sharing services among us. Each of us was struggling with the growing feeling that we did not have adequate attention to our institution’s security profile.
We started talking about this in WSIT, the larger group
of our area schools. We finally formed the West Suburban Information Technology Group security-as-a-service consortium with a subgroup of five WSIT institutions, and a few more are considering their options to join.
Our first step, the RFP, helped us to lay out and quantify exactly what it was that we were looking to get. It wasn’t just penetration testing — we wanted something more.
We wanted each of our schools to have a kind of quarterback doing security. And, we wanted to gain some efficiencies together, in the projects that we would choose to do. There are different ways you can leverage external partnerships: just for buying power or as a truly shared endeavor in terms of the workload. Ours is kind of a hybrid, if you will. We did get some buying power, and we are also benefitting from doing this together. As more schools join the consortium, they can benefit from our groundwork and not have to start from scratch.
We all basically agreed on what our initiatives are and who’s doing what piece, and we charted a roadmap together in the first year of a three-year agreement.
CT: What has the consortium meant to you, so far?
Albin-Hill: Cybersecurity in general addresses vulnerabilities that could be catastrophic for the institution, if you have a major incident. It’s also very much of a time-consumer if
“There are different ways you can leverage external partnerships: just for buying power or as a truly shared endeavor in terms of the workload. Ours is a kind of hybrid, if you will.”
Higher education has always been very good at sharing and bouncing ideas off each other. This larger group brings CIOs and some of our IT teams together every other month or so to talk about many relevant IT issues. We tend to set the agenda based on different projects people are doing, but often it’s just a good touchpoint to boost one’s awareness of what’s going on.
The institutions are all at different places in terms of their specific IT programs and implementations — there have been different SIS or network vendors chosen, for example. But the concepts and struggles experienced by us are basically still the same, regardless of some of the solution choices that we’ve made. So it’s been very
With schools of our size, it’s hard enough to have sufficient staffing in general, but to be able to hire a CISO ... nearly impossible! Security professionals
are really a hot commodity right now. So it’s difficult to approach security issues well, when we are looking at our own internal staff. Many of us do penetration testing and perform different tests of our systems. But we all were faced with not having any dedicated internal staff for this.
So, we asked if security is a space where we should work together. We were already each spending money
in the area of security, so if we pooled some of that together, would we be able to get more resources together and provide services that we can’t afford separately?
43
CAMPUS TECHNOLOGY | June 2017