eResearch NZ
Browse

What happens after you turn on the flashlight: Building security capability

Download (886.05 kB)
presentation
posted on 2024-03-04, 09:45 authored by eRNZ AdmineRNZ Admin, Michael KarichMichael Karich

Over the course of the last 2 years, Waipapa Taumata Rau University of Auckland has invested in tools, processes, and awareness to broadly build security maturity throughout the university. Through the use of investment in tooling and automation ‘turning on the flashlight’ we have illuminated significant risk and vulnerabilities across many of the services that our researchers use daily.

In one service, over 3000 incidents were created for vulnerable researcher systems. We have also identified over 2000 publicly accessible web domains that need to be monitored and secured. Now that we can see into the dark, we are working across teams to build maturity through education, tooling, automation, to sustainably approach this cave of a problem. We have handed researchers the keys to amazing tools and have only now turned on the headlights for them, but across the sector still expect them to be system administrators, security engineers, and application experts on top of completing the great work showcased here.

Due to the agile, adaptable, and ever-changing needs of research, it isn’t possible to have IT staff administer these research systems and processes as we do enterprise applications. So we are investigating configurations, tooling, and automation to keep the flashlight on across research systems and patch and configure as broadly and automatically as possible while building in capability to support researchers when it breaks. This is an active work in progress, but we are seeing great traction with our researchers approaching this as collaborators and taking a shared responsibility approach.

ABOUT THE AUTHOR
Michael Karich is Deputy Chief Information Security Officer – Research at Waipapa Taumata Rau University of Auckland, NeSI, and UniServices. Across these roles, he strives to support and enable secure research operations across the entire data lifecycle. Before this, he held roles in HPC and cloud infrastructure, data management, and research administration. With Computer Science and IT Operations qualifications, Michael pulls from a broad background to build and enable secure yet efficient research. He is currently focusing on the enhancement of internationally known capability through governance, staff enablement, and visibility.


For more information about eResearch NZ / eRangahau Aotearoa, visit:
https://eresearchnz.co.nz/

History

Usage metrics

    eResearch NZ

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC