Over four months this autumn, we collaborated on a joint research project with Educause and ten large universities that are Educause members. The aim was to document how useful Arctic EWS could be for them. While the study was in higher education the content is relevant for companies as well.
It was a unique experience to work with such renowned universities and gather their insights regarding external cybersecurity monitoring. The idea of this follow-up project was to provide the universities with data about cybersecurity issues that were visible to the outside and provide it in a way that was in an easily consumable format.
The results were very encouraging, and we learned a great deal about how to provide this kind of service for higher education institutions. It was fascinating to document the systemic problems brought to sunlight once continuous external monitoring is in place.
We saw systemic problems related to firewall management, established security processes, processes related to incident response, change management, vulnerability management, asset management, and stakeholder communications.
We also saw how the Arctic EWS data impacts daily routines and helps discover shadow and abandoned infrastructure. However, we also learned that shadow infrastructure could often be more of a norm than an exception in a university! Asset management is a complicated topic, as one of the project participants put it:
"As an R1 research institute, we have principal investigators, grad students and undergrad students who are all involved in research projects. All standing up infrastructure under the desk at any moment. None of this necessarily went through any sort of validation and acceptance. So, we saw both shadow and abandoned infrastructure during the project."
- CISO, project participant university
The full research paper is available to download, and you can get it from the link below. We hope you'll find it as interesting to read as it was for us to research. You can also sign up for Arctic EWS and take advantage of our free service, which provides you with a monthly Asset Discovery and Assessment report.
