26
October
2023

NET+ Security and Identity Portfolio Update for Cybersecurity Awareness Month 2023

Subscribe for more like this

Share

By Nick Lewis - Internet2 Program Manager

Estimated reading time: 6 minutes

Welcome to the latest update from Internet2’s NET+ Security and Identity Portfolio! As the fall semester continues, it’s clear that the world of higher education continues to evolve rapidly. With new faces joining our community and an ever-changing landscape, it’s crucial to stay informed and engaged.

In this blog post, I’ll highlight some key activities and developments in my portfolio, especially in recognition of Cybersecurity Awareness Month. Whether you’re a seasoned veteran or new to the scene, there’s something here for everyone. I’m going to quickly summarize my activities for the year for anyone that might have missed announcements about a future service evaluation, community calls, service advisory board opportunities, and brief updates on my services.

Other Portfolio Updates Coming Soon

Check out updates from the other NET+ service portfolios in the coming weeks.

  • Infrastructure and Platform Services – Week of November 6
  • Software as a Service – Week of November 13

Nick Lewis speaking at educause
Internet2 Program Manager Nick Lewis presented at the EDUCAUSE annual conference

Spotlight on Vendor Management

In May NET+ announced a future service evaluation for a cloud vendor risk management platform. This effort has evolved through community engagement as we work together on requirements for developing and evaluating a platform. Community discussions around vendor management have been occurring across many procurement and information security communities. 

Many campuses have been maturing their vendor management processes, and as part of this endeavor have engaged with their peers via a NET+ BPLAC working group focused on vendor management. The group was sponsored to develop a comprehensive community framework that enables institutions to address internal coordination between operational, procurement, and strategic personnel, increase visibility of vendor management, and reduce risk, control cost, and minimize redundancy. The BPLAC IT Vendor Management Working Group presented its Community Framework for IT Vendor Management earlier this month at EDUCAUSE annual conference.

Now that we have this framework, the next steps can get started to identify specific requirements and service providers to include in a service evaluation. Additional details will come later this year.

Service Updates and Community Engagement

One of the most rewarding aspects of my role is fostering engagement within our community. My goal is to involve as many individuals as possible in collaborative problem-solving. Here are some updates on the NET+ security and identity programs and the opportunities they offer for community engagement:

  • NET+ Splunk: The NET+ Splunk program added Splunk Cloud at the end of 2022. The NET+ Splunk program held a community call last month on Baylor’s migration to Splunk Cloud. The recording from that call can be found in the NET+ Splunk wiki. We’re planning the next call, so please let us know what topics you would like to see coveredt and how soon! Maybe a call on student SOCs?
  • NET+ CrashPlan: Over the past year, this program has hosted quarterly community calls on the first Thursday of the month with the next call taking place on Nov 2 at 2 p.m. ET to keep subscribers informed about important developments. These calls provide a platform for sharing updates, product updates, discussion of API usage, and reporting.
  • NET+ Duo: The NET+ Duo service advisory board has continued engaging with Duo on several critical features requested by the community around logging and TOTP support. Duo published updates for logging in September. Duo has also started a private preview of TOTP support and briefed the advisory board on those plans. The advisory board made some suggestions for the private preview. As part of the engagement around logging and issues around HOTP/TOTP, the NET+ Duo program started a NET+ Duo Companion Guide to supplement the Duo Liftoff Guide, which includes sections on user support, logging, self-service, instant restore, bypass codes vs. bypass status, security setting, and HOTP/TOTP. Please contact NET+ Service Management if you would like a copy of this guide. The program also continued to host monthly calls on the first Friday of the month. Contact me for access to the call recordings or for more details on upcoming events.
  • NET+ LastPass: The NET+ LastPass program kicked off a Service Advisory Group in May 2023 with Karim Toubba – LastPass CEO reviewing  2022 incident and updates as well as answering questions. The group discussed feature requests from the incident. The group met in August  to discuss the product roadmap, including product updates, the updated passwordless functionality, SIEM integration update, and upcoming changes in the master password enhancements. Future updates from the advisory group will be posted to the NET+ LastPass wiki.
  • NET+ Palo Alto Networks: The program is still in its early stages, but we are working to make the community aware of the new program and its benefits. As the program grows, we will arrange more community engagement opportunities. Future updates to come!

I encourage you to participate in our future calls, which range from intimate discussions to larger forums where hundreds of campuses engage with their peers. If you have ideas for other community engagement opportunities, please share them with us. Your input and feedback are greatly appreciated.

Service Advisory Board Engagement

One opportunity for deep engagement is participating in NET+ service advisory boards that provide oversight, community input, and guidance for NET+ programs. We frequently discuss new features and functionality and give input to service providers to help prioritize feature development or business models. We’ll also have open discussions on challenges that campuses are currently facing to share solutions and collaborate with the service provider on these solutions. I’m currently recruiting for the NET+ CrashPlan, NET+ Duo, and NET+ Splunk service advisory boards, so contact me if you’re potentially interested. More details on NET+ service advisory boards can be found on the NET+ wiki.

Got Ideas, Questions, or Suggestions? Let Us Know!

Please reach out to me if you have any questions about community calls, want to be involved in an advisory board, are interested in one of the services, or just have a question or suggestion! We’re also interested in new NET+ services as well if you have any suggestions. 

Thank you for being a part of our vibrant community, and I look forward to collaborating with you all in the exciting times ahead. Together, we can continue to advance the information security landscape for research and higher education!

Author’s Note:

Along with the technical parts of information security, I like writing and engaging with the community. I thought it might be interesting to see how ChatGPT might be able to help me decrease the time it takes to write this blog post, so I asked ChatGPT to update my blog post from last year for Cybersecurity Awareness Month. The first thing it displayed was not to include confidential data, which is a good reminder. It then told me it couldn’t directly access the blog, so I directly copied the blog in. It immediately produced an updated blog that was pretty good, but it stripped out all the URLs since it doesn’t know about what’s happened in the last year. Can you tell what ChatGPT wrote versus what I wrote? Hint: ChatGPT is more entertaining than me! It was a fun experiment.