ISO 27001 Certification Leads the Way
Information technology (IT) is continually evolving and is also transforming other markets that are driven by IT. Networked systems and back-office technologies were once viewed as merely business tools, but are now recognized for the competitive advantages they provide.
Cloud computing offers many markets the opportunity to move IT infrastructure outside brick and mortar constructs, freeing companies from IT expenses and positioning businesses to take full advantage of technology breakthroughs. How exactly has cloud computing impacted research institutions and higher education? How will IT decisions continue to impact our universities moving forward? And what are the risks and challenges of implementing cloud computing systems for research administration?
State of the Market
Higher education and its research facilities are one of the fastest growing targets for hackers, hacktivists, and nation-states looking to steal sensitive and proprietary data, and the damages of cyber breaches are far reaching. Findings from the Ponemon Institute in 2015 estimate the cost of data breaches in education to be as high as $300 per record (a 33% increase over 2014). These breaches reflect higher education’s heightened vulnerability to theft compared to its private and governmental counterparts. So what steps can universities and research facilities take to protect intellectual property and valuable data when moving to the cloud?
The October/November 2016 issue of NCURA Magazine contains an excellent article, “Through The Cloud, RAs Shine” written by Randy Ozden, president and CEO of Vivantech and Jennifer Taylor, PhD, MBA, assistant vice-provost for research and sponsored programs and research professor at the University of Arkansas (page 30, but available by subscription only, so apologies for not providing a link). While the premise of the piece is debatable – I’m not sure many research administrators have the time to gain a deep understanding of available eRA solutions and do their day jobs – the article does a great job of describing the value, benefits and risks associated with moving research administration to the cloud.
As reported by NBC News in September 2015, Michael Borohovski, founder and CTO of Tinfoil Security, summarizes the problem stating, “Most of the third-party companies that provide software to education institutions, frankly, don’t focus on security.” Fast forward to today, and the landscape for providers of software to higher education has changed – at least for eRA providers.
Reap All the Benefits without the Risk
Cayuse recently announced that the company has received ISO (International Organization for Standardization) 27001 vendor certification for the Cayuse Research Suite. ISO 27001 is the strictest international and EU security certification available for cloud computing solutions and demonstrates Cayuse’s commitment to customer information security and data privacy. Cayuse is the only eRA provider with ISO vendor certification, and that’s significant.
All other eRA cloud providers rely on their data center providers who are hosting those solutions, whether big players like Amazon Web Services (AWS) or the myriad of smaller players available. There’s no question that these data center providers go to extensive lengths to protect the data they host, but Cayuse knows the market needs more.
ISO 27001 vendor certification is based on a company’s information security management system (ISMS) and includes all policies, procedures, plans, processes, practices, roles, responsibilities, resources and structures that are used to protect and preserve information. Based on Cayuse’s ISMS, ISO 27001 certification applies to all processes of operating and supporting the Cayuse Research Suite platform, including people, systems and infrastructures in the company’s two office locations, as well as its geographically dispersed datacenters (using data centers on both US coasts provides the timely backups, extra protection and disaster recovery that cloud customers expect).
The benefits of a high-quality eRA system are undeniable, and cloud computing adds many other benefits:
- Improved system uptime with greater than 99% availability
- Easy anywhere, anytime internet access – great for mobile workforces
- No infrastructure costs and capital expenses from hardware purchases
- Fast implementation times that require fewer IT resources and shorten ROI
- No IT burden to perform ongoing maintenance, upgrades, data backups and disaster recovery
- Improved productivity with instant, no-hassle feature enhancements and upgrades
While deeper insights into the capabilities of eRA solutions may benefit research administrators, information security remains the number one concern among higher education IT leaders in 2016, according to EDUCAUSE. The simple path for research institutions is to learn about a vendor that not only shares your concerns for data security, but also has demonstrated its commitment to protecting your data in the safest ways possible.