U.S. University Moves Trust to the Cloud After Data Breach


Earlier we reported about a series of data attacks against universities that were sweeping the country. These malicious incursions focused on extracting very private information such as Social Security numbers for students, alumni and personnel associated with the university.

Among the most damaging of these attacks took place against the University of Maryland, which saw data for more than 309,000 university people compromised, The Baltimore Sun reported.

Knowledge of the breach understandably led to a swift administrative response, and a look into the possible enterprise security vulnerability that could have enabled the attack.

Universities should secure their presence in the cloud.When large-scale incidents like these happen, they do not go away quickly. Whether it is a major corporation like Target or an educational institution, the breached enterprise can usually expect a significant degree of public scrutiny and the incursion of recuperative costs.

And so, in addition to the projected millions of dollars that the university is spending in recovering from the attack, University of Maryland president Wallace Loh was also invited to testify before the Senate Commerce Committee last week, according to Senate records.

Also among the attendees at the hearing was Entrust president David Wagner, who talked about security recommendations for government and business (read his full testimony here).

In his testimony, he admitted the university was unprepared for the attack — and that a security weaknesses had made it vulnerable.

An Entry Point in the University’s Physical IT Infrastructure
Loh admitted to the Committee that “because we’ve never been hacked before, we were just flying by the seat of our pants” after the attack.

Fortunately for the university, it avoided significant public backlash by notifying the affected parties immediately after the breach happened. This forthrightness has gone a long way toward recovering the university’s reputation in the wake of the attack.

But Loh said that the breach started because of an internal IT system with poor authentication management. By uploading malware into the university network, the hackers were able to breach several IT administrative passwords that were in place and gain access to the internal system, which contained the private data.

For Loh and the university’s IT team, the attack meant that something had to change.

For the University, Moving to the Cloud was the Answer
In a piece for OnlineTech, data researcher Jason Yaeger pointed out that cloud security can render the cloud  a very safe place to store information and conduct business. According to Yaeger an individual or organization’s cloud presence must be guarded by strong authentication measures to remain inaccessible to malicious parties.

Because of the opportunity it offered for safer computing, Maryland’s administration decided to move most of its IT functions to the cloud, and therefore boost its security infrastructure.

However, once in the cloud, the university must take the proper safeguarding measures to make sure their information does not slip out of their hands again. For all organizations, strong authentication is absolutely integral to ensure safe computing in the cloud.

“We have to find that proper balance between security and access, and that is the challenge for all universities,” Loh told the committee, according to The Diamondback. And while this is a challenge, the cloud can make it easier to solve.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


  1. Gary April 6, 2014 Reply

    Let me understand your message. A university that admittedly was clueless about security, suffered a breach because weak authentication allowed hackers access to the system to obtain id’s with elevated privileges obtains “better” security by leaving their data center and moving to a third party managed data center with cloud technology. (1) from their description sounds as if the bar for improvement was set very low, (2) since cloud technology does not guarantee any security, what services did they purchase and what contract provisions did they negotiate that was the improvement over their operations. and finally (3) what guarantees for security did the cloud data center provider give?

Add to the Conversation