Colleague
Ellucian's Colleague, (aka Colleague) is MassArt's primary enterprise system. It serves as the College's Enterprise Resource Planning (ERP) system or application, and as the Student Information System (SIS). It is currently hosted in Ellucian's cloud environment, and is delivered as software-as-a-service (aka, SaaS). Ellucian's Cloud Security at Ellucian web page provides a great overview of its security program, and links to more detailed informatoin.
Google Workspace (formerly known as Google G Suite or Google Apps) is a suite of cloud computing, productivity and collaboration tools available to students, faculty, and staff. It includes Gmail, Meet, Contacts and Calendar, for communication; Drive for storage; Docs, Sheets, Slides, and Sites for productivity and collaboration.
Much of MassArt's enterprise computing infrastructure is hosted at Markley Group's data center in Boston. Markley is a best-in-class solutions provider which incorporates multiple tiers of physical security and redundant safety systems to ensure MassArt's infrastructure is hosted in a secure and safe environment. Markley is also a key partner in delivering internet service to the MassArt campus via the Colleges of the Fenway Area Network (COFAN).
We perform internal and external information security scans internally and externally to identify vulnerabilities and to look for malicious or problematic network behavior.
Rapid7’s Managed Threat Complete scans devices on the network and identifies vulnerabilities which can be addressed with security patches or other configuration changes, and analyzes network traffic to look for suspicious behavior.
We perform other regular scans or our externally available network ports and IP addresses, including regularly scheduled External Network Penetration Testing ("Pen Testing") to probe the public-facing network to identify vulnerabilities.
Endpoints is the industry term for computing devices. In MassArt's case, this is typically Windows and macOS desktop and laptop computers. We use several tools to protect endpoints from cybersecurity threats, and to address cybersecurity vulnerabilities which emerge over time in response to the ever-evolving cybersecurity landscape.
Administrative computers are configured with the following tools:
- Code42's CrashPlan backup software backs up files from the Desktop and My Documents/Documents folders macOS and Windows endpoints, prevent data loss and reduce risks associated with ransomware.
- Sophos Central is a suite of endpoint security tools that allows us to protect computers against a variety of cybersecurity threats, including malware (e.g., viruses, spyware), hacking, and data breaches. Additionally, Sophos provides tools which allows us to manage encryption of endpoints, and important control for data loss prevention (DLP).
- Rapid7's Insight Agent, installed on all endpoints, provides endpoint visibility and detection by collecting live system information—including basic asset identification information, running processes, and logs—from MassArt assets, and sends this data back to the Insight platform for analysis.
We also configure operating systems' built-in security capabilities to harden endpoints, which adds additional security.
For on-premise enterprise storage and computing we backup data to two enterprise-class UniTrend devices. One is hosted on campus, and the other is hosted at a co-location space (Markley Associates, in downtown Boston). These devices are mirrors of each other, and in the highly unlikely event that one of the devices fails, or becomes unavailable, we have redundancy.
If an endpoint was locked due to ransomware, we could restore a backup of the data of it within minutes or hours.
Multi-Factor Authenticaion (MFA)
MassArt uses OneLogin to provide enterprise Multi-Factor authentication (MFA). MFA is critical in preventing unauthorized access to systems and data, either intentional or accidental.
Our Cybersecurity Awareness Plan includes access to on-line cybersecurity training from KnowBE4 which is available to all staff and faculty.
Based on input and analysis from a number of recent cybersecurity assessments, audits and activities, we are considering additional measures to continuously improve the College's information security posture.