The modern student experience is dependent on digital services. Teaching and learning are being maintained thanks to cloud services. But universities are putting themselves at serious risk if they don’t have reliable and robust backup and disaster recovery measures in place. With no fallback if these services become unavailable, the offering for both students and staff is severely compromised.
The responses to our FOI request actually show that universities are fairly confident in their data security measures. Almost all respondents (97%) report responsibility for storing sensitive data, with the vast majority using some form of cloud computing (96%) or online storage like Microsoft Office 365 (92%). Additionally, 88% maintain a digital backup of their data, demonstrating that they do understand the risks of data loss.
But it’s one thing having accurate cloud backups in place, and another matter entirely to be able to make use of it quickly should the worst occur. Only 67% of universities have a formal process in place to respond to outage incidents. Investment is important, but good disaster and backup capabilities are equally about behavior, process and practice.
What’s so important about keeping backups and regularly stress-testing systems?
There are several questions universities should always be asking themselves when it comes to their IT strategy. How important is their data to their day-to-day business? What are the financial and reputational implications if they were to lose all their data – even temporarily? IT systems are now vital for almost all university operations. Backup, then, must be taken seriously, using approaches like the 3-2-1 rule.
Three copies of data, across two different types of media, with one copy kept off-site, is a well-known rule of thumb here. But without also regularly stress-testing systems and fire-drilling IT teams to test their response, the fallout from a serious incident could become a real risk.
We’ve found UK universities experience 1.5 outages per month on average, and whether it’s an unfortunate mistake by an overworked employee, a technical issue, or even the activity of a malicious actor – the end result is the same. Systems go down. Data is potentially stolen. Trust and experiences are severely impacted. By teachers and students alike.
By proactively protecting and stress-testing the systems that store and manage their critical data, IT teams can be confident that should an incident occur, they can restore normal operations as quickly as possible.
What kind of IT resources are we talking about here? What should university IT teams be prioritising?
The organisational needs and capabilities of each university can be very different, and so it’s important that IT teams consider disaster recovery in the context of the wider strategy their university has. By running things like a business impact assessment, the applications and processes most critical to keeping operations running all day, every day, become much clearer.
Considering hypothetical scenarios can be a big help here, helping to inform things like recovery time objectives (RTOs). Once those are in place, the decisions about what kinds of IT infrastructure, tools and partners to make use of are more informed. The end solution will more closely fit how universities use and manage their data, and also go the furthest in terms of maintaining both continuity and availability.
What role does IT availability play in today’s student experience?
Universities are increasingly attracting and encouraging an ever-more diverse student body, and many are offering more flexible ways of teaching and learning. Whether it’s live streamed lectures, or coursework shared via the cloud, these ways of working have become a lifeline.
In a world where universities are preparing to welcome a new student year almost entirely virtually, IT availability could not be more important in delivering these services. It’s vital that the services which provide learning material and tutor contact are maintained at all times, as it’s the best means universities have to provide the right student experience.
How do you ensure that backups themselves don’t become a target?
It’s encouraging that the vast majority of universities have data backups in place that they’re regularly updating. But the blackmail potential of a university’s entire digital infrastructure is huge, if they’re not kept secure. By attempting to protect their continuity, universities could inadvertently be creating a goldmine of poorly protected data that could be used against them.
To mitigate this, universities need to be carefully considering the media types they’re using or working closely with the cloud partners they might have on hand to make sure that their data is resilient. Immutable backups in the cloud is one way of doing this, using methods like object lock. This prevents cloud-stored backup data being accidentally deleted or tampered with by malicious actors.
Why do so many universities turn to partner organisations to manage their data for them?
We found from our FOI research that a high number of universities are turning to cloud partners – as many as 68%. In-house managed solutions many not be suitable for the needs of all institutions. With the current squeeze on both budgets and resources, it’s no surprise to see so many organisations turning to trust cloud partners and service providers to manage this challenge for them.
The adoption of Platform as a Service (PaaS) and Software as a Service (SaaS) in the public cloud has helped bring down the operational overhead for internal teams, who are usually tasked with having to manage specific hardware and infrastructure themselves.
To that end, it’s important for us as vendors to not only focus on the service providers we work with, but also to align with the likes of Microsoft Azure, AWS and other public cloud offerings so that businesses can easily integrate backup tools into whatever environment they might be working with.
- Dan Middleton, VP UK & Ireland, Veeam.