Imperva Solutions for Higher Education
Security breaches are a growing concern for higher education institutions. Universities are rich targets that accumulate financial and personal information about thousands of enrolling students and staff members every year. In the past year alone, a number of leading institutions had fallen victim to data breaches that exposed the personal information of students, employees and alumni:
- An incident of unauthorized access to a computer server exposed 170,000 state university records including student and employee social security numbers
- Over 100,000 recruitments' records with ACT and SAT scores, dates of birth and Social Security numbers where breached by a foreign hacker who attacked computer systems at a Florida university
- Over 25,000 Student records on a Texas based university file server were compromised on four separate occasions within the last two years. The server contained student health center prescription records.
FERPA
In April 2011 the U.S. Department of Education announced a series of initiatives to safeguard student privacy. Educational agencies and institutions must provide students with access to their education records, but should not release student records or share them with other agencies without the student's consent. Controls are required to ensure that only authorized personnel can access student records, and all access is audited.
Universities, colleges and other High Education institutions need to implement controls to mitigate risks associated with vulnerable databases and web-facing applications and protect these systems against unauthorized access and malicious attacks.
Leading educational institutions are using Imperva's market-leading data security solutions to:
- Protect databases, files systems and web applications from attacks such as SQL injection
- Prevent data theft, leakage and unauthorized access to sensitive data
- Mitigate vulnerabilities that may expose databases and applications to attacks
- Audit access to sensitive data including card holder data and personally identifiable information (PII)
- Save time, money and resources associated with compliance and security projects
- Prove data privacy and security "due diligence" for compliance with government regulations