Balancing Act: Meeting Security, Privacy, and Compliance Mandates within Universities’ Open and Collaborative Environments

Universities’ open and collaborative nature is fundamental to their mission and research preeminence but can complicate cybersecurity efforts. This session will focus on how to balance higher education’s open environment and the free flow of information with security, privacy, and compliance mandates. State-of-the-art cybersecurity principles, agreed upon by both academic researchers and the National Security Agency (NSA), will be briefly reviewed. These principles include zero trust, end-to-end encryption, encrypted logs, key-based authentication (i.e., no passwords), administrative distributed trust, data visibility, and controlled access. Federal mandates governing universities’ cybersecurity controls also will be briefly reviewed, including the DoD’s CMMC framework, the DFARS Interim Rule, NIST 800-171 self-assessments, and the anticipated extension of these DoD regulations to the Department of Education, Homeland Security, and others. The emphasis will be on how modern cybersecurity systems can adhere to the highest security standards and yet help simplify compliance, akin to how Signal is the most secure way to message but is simple to use. A security professional from a leading university will discuss a test case use of a solution built on modern cybersecurity principles, highlighting how the solution helps maintain open—but secure and compliant—communication within and across institutions, particularly for research purposes, and smooths the path to compliance.