Select Page

What does 40+ universities coming together to tackle payments issues together equal? Let’s just say, a whole lot of good.

As campus IT ecosystems continue to evolve and embrace cloud vendor services, the need for a tool that can evaluate institutional risks to the confidentiality, integrity, and availability of sensitive information including personally identifiable information (PII) has never been greater. Enter the Higher Education Cloud Vendor Assessment Tool (HECVAT), an initiative developed by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group that serves as a “starting point for the assessment of third-party provided cloud services and resources”. Follow along as the team breaks down how HECVAT benefits both universities and cloud providers, and ultimately foreshadows a higher education payments revolution to come.

Drinking from the firehose

Cloud services are immensely valuable for their ability to streamline and secure, but their implementation on campus comes with a price. As most treasurers know, the information security and data protection implications that come with each solution that is added to the university’s payments mix can resemble the same complexity as the neural pathways of a human brain. Already tasked with guarding a university’s best-kept secrets, university treasurers become increasingly overwhelmed when they realize that they are also responsible for keeping a pulse on each individual cloud service.

The grass isn’t greener on the other side

On the other hand, cloud providers are met with serious roadblocks when racing to serve the higher education space. Resource burdens associated with answering each institution’s individual questionnaire for security assessments can be cumbersome and costly. Even worse, it takes their focus away from product improvements, and ultimately results in them passing costs to their clients.

Diligence is due

Despite the barriers to cloud vendor assessments, mapping out a campus IT environment in the lens of cloud providers is crucial to understanding how data is shared and protected. So how can both parties win with HECVAT?

For institutions, they will no longer have to reinvent the wheel every time they want to evaluate a cloud vendor. The standardized tool allows for a consistent security review process, as well as cost and time savings. Cloud vendors are also eager to join the community consortium, as it provides similar cost and time savings, along with the understanding of what is required of them to deliver in the higher ed space.

The future looks bright

As “glass half full” payment advocates, we believe that the HECVAT is a signal of more collaboration to come.

By working together and learning from one another, we can mitigate information security and data protection issues that are unique to higher education.

Speaking of working together, click below to learn how we partnered up with Northwestern University to manage their payments across campus:

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

How to Prep for PCI Compliance

How to Prep for PCI Compliance

Higher education faces a unique set of challenges when it comes to credit card security and PCI compliance. As compared to other businesses, higher education institutions operate with multiple units, departments, and campuses — each that accepts and processes a number...

What is EMV Compliance?

What is EMV Compliance?

Consumers want to make payments quickly, easily, and securely. For universities that accept payments across multiple departments — from bookstore payments to tuition payments — securing credit and debit card payments is not optional. Not only does it boost consumer...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery