NET+ Security and Identity Portfolio Update for Cybersecurity Awareness Month 2022

By Nick Lewis - Internet2 Program Manager

Estimated reading time: 5 minutes

Hopefully, everyone made it through the start of the fall semester! I’ve talked with people on campuses and know everyone is moving as fast as they possibly can to keep up with all that’s happening and changing! I’ve also attended community events in-person during the last six months and observed the great resignation in person. There is a large number of new people in higher ed. 

To support the new people and everyone else in the community, I’m going to quickly highlight my activities for the year in recognition of Cybersecurity Awareness Month and for anyone that might have missed any of the other announcements about a future service evaluation, community calls, service advisory board opportunities, and brief updates on my services. 

(There’s a companion blog post related to Internet2’s celebration of Cybersecurity Awareness Month. )

Service Evaluation In Development

I recently returned from the Cloud Security Alliance SECtember Conference where I learned about how the world outside higher education has been approaching the cloud. It’s always good to look for new points of view and ideas to share with the research and higher education community. During this conference, I heard about SaaS Governance Best Practices for Cloud Customers (opens in a new window). I’m still digesting the information to see how it applies to higher education. 

However, I do know campuses are still struggling with managing their SaaS apps. Some institutions have 10s, 100s, 1000s, or more SaaS apps in use on their campuses and are trying to determine how to manage them. To help, NET+ is exploring a service evaluation for a cloud vendor risk management service. Yes, a cloud service to manage cloud services! From my perspective, a service like this could help campus information security teams along with procurement, legal, accessibility, identity, cloud, and other teams on campus. This can also help campuses manage all their HECVATs!

Community Engagement  

One of the best parts of my job is facilitating engagement with the community that really resonates! One of my goals is to get as many people in the community involved to help solve problems. Here are some quick updates about the NET+ Security and Identity programs and the opportunities they offer for engagement with the community: 

• NET+ CrashPlan
  • The program has held quarterly community calls (opens in a new window) for the last year, which were announced to NET+ CrashPlan subscribers. One of the calls was immediately after CrashPlan was spun into a new company and provided NET+ CrashPlan subscribers with an update on the change, which had minimal impact on their campuses. 
• NET+ Duo
  • The program held one community webinar. It featured a campus deploying the Duo Universal Prompt. A second virtual event is being planned on evolving MFA on campus – from MFA phishing attacks to moving to the Universal Prompt and reducing telephony usage. Contact me if you want access to the recording or an invite to the virtual event being planned. 
  • The program continues to co-host a monthly call with the REN-ISAC community – open to the higher education community – where we’ve discussed effective practices for using Duo on your campuses, preventing attacks, using certain features, etc. Register for the event (opens in a new window). 
• NET+ Splunk
  • NET+ Splunk Community calls (opens in a new window) went on hiatus during 2022 while the NET+ Splunk program added Splunk Cloud to the program. The next NET+ Splunk community call will feature an update on adding Splunk Cloud to the program with a campus sharing how they migrated to Splunk Cloud. We’ll send an announcement when the calls resume. 
  • The NET+ Splunk program has been focused on adding Splunk Cloud to the program, including developing a higher education-focused customer agreement and the best pricing possible for the community. Please contact me if you’re interested in Splunk Cloud.  
• NET+ LastPass
  • The program has been busy completing the transition to the updated NET+ LastPass program. We co-hosted an EDUCAUSE QuickTalk on NET+ LastPass (opens in a new window) and have been engaging around LastPass being established as an independent company (opens in a new window).
• NET+ Palo Alto Networks 
  • The program is still in the beginning stages of making the community aware of the new program and its benefits, including how a campus was able to cover twice what they had initially planned because of the savings from NET+ Palo Alto Networks. As the program grows, community engagement will be arranged. 

I’d love to see you participate in future calls, which range from smaller conversations to larger discussions where more than a hundred campuses engage with their peers, so let me know if you have questions about how to join! Are there other community engagement opportunities you would like us to offer? I really appreciate your input and feedback. 

Service Advisory Board Engagement  

We’re currently recruiting for the NET+ CrashPlan, NET+ Duo, and NET+ Splunk service advisory boards. NET+ service advisory boards provide oversight, community input, and guidance for NET+ programs. We frequently discuss new features and functionality and give input to service providers to help prioritize feature development or business models. We’ll also have an open discussion on challenges that campuses are currently facing and collaborate with the service provider on solutions. More details on NET+ service advisory boards can be found on the NET+ wiki (opens in a new window). 

In Closing

If you’re unsure about the opportunities available for engaging with your peers, please reach out to me with any questions about attending community calls, being involved in an advisory board,  or expressing interest in one of the services. Also, feel free to get in touch with me if you just have a general question or suggestion! 

We’re also interested in new NET+ services (opens in a new window) as well if you have any suggestions. I’ll be at EDUCAUSE Annual at the end of the month speaking about HECVAT Futures (opens in a new window) and then at Technology Exchange in December, so I’m happy to talk and catch up in person if you’re at either conference! Of course, I’m also available to talk via Zoom call if that works better for you!

ICYMI

Cybersecurity Awareness Month 2022: Seeing Yourself in Cyber with the MS-CC