The State of Data Protection at Four-Year Institutions of Higher Education in the United States

Thursday, October 28, 2021 | 1:15PM–2:00PM ET
Viewing Location: Online
Session Type: Poster Session
Delivery Format: Poster
Institutions of higher education (IHEs) in the US are stewards of valuable data—from research data that may ultimately be monetized as commercial intellectual property to sensitive student and patient data. Amid more frequent and intense natural threats, constantly evolving human-induced threats (especially cyberattacks), and an increasing array of regulatory compliance requirements, IHEs must ensure effective data protection. But how well prepared are four-year IHEs in the US to respond to the various causes of data loss? In this session, a set of modern best practices for data protection (specifically to address data loss) that are relevant to IHEs will be presented. These best practices were curated from a literature review of academic, practitioner, and governmental sources. A survey was then conducted with a broad set of contacts at IHEs to collect their input on current data protection practices at their institutions. The survey results reveal a patchwork of compliance to the identified data protection best practices. Several recommendations are offered to improve the data protection posture of IHEs. Institutions should implement ransomware-specific response and recovery plans, implement automated disaster recovery (DR) orchestration, leverage the cloud for recovery solutions, leverage their risk assessments (RAs) and business impact analyses (BIAs) to establish recovery objectives, conduct data discovery, and test their ability to restore from backups.

Presenters

  • Matthew Ricks

    Senior Director, IT Facilities Infrastructure & Resilience, Stanford University