Another Academic Year Already? – TES Best Practices for the Fall Rush

Sep 13, 2018

Another Academic Year Already? – TES Best Practices for the Fall Rush

Was it just me or was that a quick summer? This year the National Center for Education Statistics estimates that 19.9 million students are enrolling in college courses across the United States. 12.3 million of those students will be under the age of 25, and 7.6 million will be ages 25 and older. That’s a lot of students returning to campuses this year or finding themselves on one for the first time.

This month marks my own 4th year at CollegeSource and my departure from Columbia College. I am happy to still be serving students and staff in higher education through technology solutions. At this time of year, even after four years, I reminisce about how the return of students would transform the small, midwestern town where I worked into a busy, little city for the next 9 months. The number of drivers exploded, parking became a nightmare, and the everyday became very much about dealing with “rush” files and less about being pro-active.

Despite the frustrations of the sudden increase in population, there would always be fun stories to tell around the office regarding the returning students. Usually, it would start with someone sharing the “Mindset List” for the incoming freshman class. This lead to a lot of responses like “Really!?! Yeah?! Can I really be that old now?” or “How can they not know what _____ is?” There were also the highlight of being able to help a student switch to the correct course or prevent them from taking a duplicate course. It is a great feeling to be able to help students get on the right track when they begin school in the fall. This was always my second or third favorite time of the academic year. First and second had to be the commencement ceremonies, but that’s a story for another day.

Of course, once we got done helping those last-minute transfer students and getting the school year started smoothly, it was time to turn our attention to updating transfer rules, transfer pathways, and other yearly maintenance to be taken care of for the incoming academic year.

Here at CollegeSource, we are actively collecting for the 2018 catalog year. This is a yearlong process for us, but we understand there may be some catalogs that you need sooner rather than later. If you come across an institution whose catalog you need added to TES as soon as possible, you can use our Catalog Request form in TES. This form is located at the bottom of the Institution landing page on Course Finder 2. You will see a statement that reads “Didn’t find what you were looking for? Click here to request a catalog” and this will generate a form for a request.

This is also the perfect time to make sure all your users are up to date in TES and Transferology. Take the time to check in with your users to make sure they still have access. Each year we receive bounce-back emails when users send emails to contacts that are no longer at their institution. When checking in on your users, you can ask if they still need access, are still the point of contact, or if they need any refresher training on the products. This will help ensure that any evaluation tasks or requests from students get answered in a timely fashion and don’t just sit unmonitored in a deactivated email queue somewhere. A few months back I wrote an article to help users manage employee transitions in TES, and it may be helpful to refer back to this when updating any users this year.

Last year at the CollegeSource Annual Conference, I ran a session regarding best practices for annual equivalency maintenance. In this session, I covered some recommended yearly maintenance for keeping up with equivalencies that are stored in TES. If there is enough interest, we could host an online webinar for those clients that need a refresher or missed the training opportunity this past June (contact us).

We want to hear from you.

If you have any interesting or funny stories regarding the first weeks of school at your institution, we would love to hear them. Please reach out to us with your stories on our Facebook, Twitter, or Instagram!

As we like to say around the office, “Teamwork makes the dream work,” and with close to 20 million students returning to school this fall if there is anything we can do to assist you, let us know.

 

 

Cloud Security for Degree Audit

Sep 06, 2018

Cloud Security for Hosted uAchieve Degree Audit

Many IT people know the benefits of using the cloud: including cost, scalability, reliability and ease of use. However, the number one issue raised by professionals considering a move to the cloud is security and concerns over not having critical data on-premise. These security concerns are valid, so we’ll explore some of the security features offered by Amazon Web Services (AWS) that are utilized for uAchieve in the cloud. We’ll look at three elements: logical security, physical security, and compliance.

Logical Security

When you create a new account with AWS you get your own VPC (Virtual Private Cloud). Think of this as your own data center in the cloud logically separated from anyone else’s private cloud. You can log into the AWS console and administer users’ accounts, grant permissions and setup security roles. Users set up in AWS are the only users who will have access to the VPC and resources within it.

Within your VPC you can setup separate logical “areas” called subnets, each of which can be secured differently. You can setup private subnets that would not allow any access to or from the outside. These private subnets will only communicate to resources you setup within your VPC via private networks that do not go over the public internet. You can setup public subnets and add resources that communicate to the internet based on rules you setup.

Within a subnet, you can setup Network Access Control Lists (NACLs) that allow you to allow/deny specific traffic types to and from your subnets. NACLs can allow or block specific IP addresses. For example, you can have your institution’s IP range, and only that range, allowed to connect to the subnet. Typically, you would use NACLs to allow specific IP addresses from a specific location for specific reasons such as SSH or RDP.

Within a subnet, you can setup Security Groups.  Think of Security Groups as individual firewalls for the different resources you have in AWS like a Virtual Machine (VM). With Security Groups you can define an additional security layer to secure access to and from your cloud resources beyond the NACLs setup at the subnet level.

AWS offers many of its cloud compute resources as services, including storage, databases, load balancers, and many more. With cloud services, AWS takes care of the underlying hardware, software, operating system, patches, and upgrades.  AWS cloud services don’t allow anyone to SSH or RDP into the service ensuring added security.

AWS supports SSL and ETL for data communication and encryption of data in transit with TLS across all its services. With storage in AWS for your files, data blocks or databases, you can enable encryption at rest. AWS will handle the encryption/decryption for your application access without any changes to your code. If the underlying hardware is compromised, your data will be inaccessible due to encryption.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or reconnaissance by attackers.

AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. The best defense is to turn attacks away at the front door! AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

The community of AWS users also helps to identify and share routines for dealing with new forms of attack. This is a tremendous resource for comparing the strategies of other security managers and perhaps adopting a ready-made solution, saving critical response time.

Physical Security

AWS monitors data centers using their global Security Operations Centers, which are responsible for monitoring, triaging, and executing security programs. They provide 24/7 global support by managing and monitoring data center access activities, equipping local teams and other support teams to respond to security incidents by triaging, consulting, analyzing, and dispatching responses.

Physical access points to server rooms are recorded by Closed Circuit Television Camera (CCTV). Images are retained according to legal and compliance requirements.

Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection systems, and other electronic means. Authorized staff utilize multi-factor authentication mechanisms to access data centers. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open.

Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit. These devices will sound alarms if the door is forced open without authentication or held open. Door alarming devices are also configured to detect instances where an individual exit or enters a data layer without providing multi-factor authentication. Alarms are immediately dispatched to 24/7 AWS Security Operations Centers for immediate logging, analysis, and response.

Media storage devices used to store data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.

Compliance

AWS compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.  AWS is certified in ISO 9001, 27001, 27017 and 27018. They’re also PCI DSS Level 1 certified and SOC 1, 2 and 3. AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Addendum) to support customer compliance such as FERPA, HIPPA and IRS 1075.

Conclusion

When thinking about cloud and moving your data to the cloud, security should be at the forefront. However, the idea that public clouds are less secure than an on-premise data center are absolutely invalid. With AWS, security is built into all layers of the cloud from physical to logical security. Following AWS Security Best Practices will ensure that your cloud is as secure, if not more secure than an on-premise data center.

With AWS, Microsoft Azure or Google Cloud, you are benefiting from the big footprint of these companies for your institution. These multi-billion companies can negotiate lower hardware/software prices, setup bigger more reliable centers and dedicate many more resources to security and compliance than your institution

For more information about uAchieve in the cloud or to send me a comment, please email me at ayman@collegesource.com.