Why Removing Technical Debt Is Important to Higher Ed Cybersecurity

 

Technical Debt Limits Visibility Into Higher Education’s Vulnerabilities

Legacy systems, and the IT teams that manage them, tend to be siloed. That makes incident response difficult. With limited visibility across the enterprise, organizations may have trouble discerning where problems start. That places an emphasis on troubleshooting, which all too often can lead to finger pointing, extending the time it takes to mitigate a threat.

“As threats evolve, technical debt becomes a roadblock,” says Jeff Olson, director of SD-WAN product and technical marketing at Aruba, a Hewlett Packard Enterprise company. “Security protocols and standards have advanced to address common threats, but if you have older technology, you’re at risk until you can upgrade your devices.”

Upgrades can prove challenging, though. Without an enterprisewide view of what’s been deployed where, it’s difficult to manually patch every single laptop, device or network endpoint, Olson adds. Unfortunately, that leaves vulnerabilities in place.

Reducing Technical Debt Is a Matter of Prioritization in Higher Education

The first step to reducing technical debt is to act now, Olson says. “Sweating it out” for another two or three years will only make it worse, as change in higher ed takes time. Waiting also stymies innovation because organizations aren’t well positioned to leverage advanced technologies such as artificial intelligence.

Organizations should start with a deep-dive gap analysis that identifies the legacy technology in place and the limitations it presents. Ragsdale recommends focusing on pain points that lead to complex workflows that don’t align with security or operational best practices.

The next step is prioritization; not everything can be modernized overnight. Olson likens the process to triage. Organizations need to determine what requires immediate attention, such as classroom technology vital for teaching and learning and what may not be as critical.

“It needs to be a practical approach of enhancing what you have and putting layers of security in place,” he says.

EXPLORE: Cyber resilience helps institutions recover from incidents faster.

With Hyperconvergence Comes Security and Insight

Ragsdale says it’s common for institutions to move forward with reducing technical debt by combining storage, server and networking infrastructure and managing it through a single software layer.

The resulting hyperconvergence brings three immediate security benefits:

• Modern hardware is inherently more secure, whether that means the latest laptops or cloud-native servers. So are operating systems. “There are no hidden back doors,” Olson says. Automated security updates are also much easier to manage than manual installs.
• Converged infrastructure requires less hardware in fewer locations. There are fewer attack vectors to manage, and fewer point solutions are needed to monitor them. For IT teams, Ragsdale says, “there’s one user experience, and one support number to call. The time to resolution is quicker.”
• Running a converged hardware platform improves application performance. This cuts down on work-arounds that can compromise security, such as sharing passwords instead of waiting for new logins to start up.

Infrastructure convergence also makes it possible to create a data lake for managed detection and response, especially at the network level, Olson says. That enables behavioral analysis of devices, which can be applied to policies for managing devices and used to detect anomalies.

“You need modern infrastructure, with security built in at the network level, to take advantage of these powerful capabilities,” he says.