What does 40+ universities coming together to tackle payments issues together equal? Let’s just say, a whole lot of good.
As campus IT ecosystems continue to evolve and embrace cloud vendor services, the need for a tool that can evaluate institutional risks to the confidentiality, integrity, and availability of sensitive information including personally identifiable information (PII) has never been greater. Enter the Higher Education Cloud Vendor Assessment Tool (HECVAT), an initiative developed by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group that serves as a “starting point for the assessment of third-party provided cloud services and resources”. Follow along as the team breaks down how HECVAT benefits both universities and cloud providers, and ultimately foreshadows a higher education payments revolution to come.
Drinking from the firehose
Cloud services are immensely valuable for their ability to streamline and secure, but their implementation on campus comes with a price. As most treasurers know, the information security and data protection implications that come with each solution that is added to the university’s payments mix can resemble the same complexity as the neural pathways of a human brain. Already tasked with guarding a university’s best-kept secrets, university treasurers become increasingly overwhelmed when they realize that they are also responsible for keeping a pulse on each individual cloud service.
The grass isn’t greener on the other side
On the other hand, cloud providers are met with serious roadblocks when racing to serve the higher education space. Resource burdens associated with answering each institution’s individual questionnaire for security assessments can be cumbersome and costly. Even worse, it takes their focus away from product improvements, and ultimately results in them passing costs to their clients.
Diligence is due
Despite the barriers to cloud vendor assessments, mapping out a campus IT environment in the lens of cloud providers is crucial to understanding how data is shared and protected. So how can both parties win with HECVAT?
For institutions, they will no longer have to reinvent the wheel every time they want to evaluate a cloud vendor. The standardized tool allows for a consistent security review process, as well as cost and time savings. Cloud vendors are also eager to join the community consortium, as it provides similar cost and time savings, along with the understanding of what is required of them to deliver in the higher ed space.
The future looks bright
As “glass half full” payment advocates, we believe that the HECVAT is a signal of more collaboration to come.
By working together and learning from one another, we can mitigate information security and data protection issues that are unique to higher education.
Speaking of working together, click below to learn how we partnered up with Northwestern University to manage their payments across campus: