Ellucian has developed a suite of software to support the transformative impact of higher education. Their software suite provides vital tools that are used to empower higher education institutions the ability to utilize the software, and its capabilities in whichever way, they believe is deemed best for their productivity and utilization.
While there are a lot of benefits to the customization, there are some security pitfalls that we have identified that can easily be identified and overcome with the right tools. In the following short blog, we will discuss some obstacles and opportunities for resolution for one of their premier products, Banner.
Ellucian Banner Implementation and Security Recommendations
Custom Implementation – Each school has the freedom to on-board the software however they see fit, , if not implemented properly it could allow for security holes such as, improper authentication practices, outdated or vulnerable systems, and poor network segmentation. Banner software has many security features available, but they are not enabled by default. It is imperative to review the features to ensure student information is not at risk.
Intrinium Recommendation – Before implementing new software, we recommend executing a security assessment focused on Directory Services and a vulnerability scan. Make sure switch ports are properly configured and sensitive network traffic segmented is critical. A well-maintained and documented network would be highly encouraged to realize benefits.
Infrastructure – Each school will have a varied and complex infrastructure that supports their Banner software, so it is critical that the infrastructure that hosts the software is safe and secure.
Intrinium Recommendation – Make sure that you truly understand your infrastructure and have an asset management tool in place. If you do not know what you have, where it sits on your network, and the lifecycle and strategy for patching and updates, it allows the potential to leave gaps for vulnerabilities.
The Extra Security Mile – Even though your organization has implemented the software well, it is important to enforce security protocols that will ensure that your students, faculty and other users are as safe and secure as possible.
Intrinium Recommendation – Banner does not require complex passwords, but we always recommend that a strict password policy is in place, especially for internet-facing applications. This should be at least 12 characters and include Capitols, Numbers, and symbols, and should not contain easily guessable phrases (i.e. Password123). Users should be required to change passwords on a routine basis, and, when possible, the use of 2FA (Two-factor Authentication) is highly recommended. Additionally, password complexity should be combined with access rights. So, ensure the accounts only have access to USER-level access to systems and information, not administrative. If administrative-level access is required, a separate account for administrative duties should be created.
If you are currently utilizing Ellucian Banner, now is a great time to reach out to us to discuss how we can assess the security of your Banner implementation. Our skilled consultants can analyze and test your application and infrastructure to find any potential security vulnerabilities that may exist.
Once identified, our expert engineers will determine the best remediation for each item and can even assist in the implementation of the proper fixes. We are here to help you understand your risk to ensure that your student, faculty and staff information is as safe and secure as possible.