Global Engagement Solutions for Higher Education

menu
menu

Data Security: A Top Priority


Kerry Geffert
Product Evangelist, Terra Dotta

 

There was a day when your Social Security Number could be printed safely on your personnel and financial documents, and your mail. Those days are gone. From childhood, we are now taught to guard personal information and identifying numbers as if our identity depends upon it. Because, well, it does. Those whose identity has been stolen know too well the challenge of rectifying the status of their personal information.

At Terra Dotta, we fully understand the importance of securely handling the data of our clients and their travelers. Your traveling students and faculty must be able to trust us; your administrators must be able to trust us; and your IT Department certainly must be able trust us. For those reasons we sought and, in 2015, obtained one of the highest security certifications available - PCI DSS certification. To understand more about information security in general as well as Terra Dotta's data security and certification, we recently spoke with Scott Burkett, Terra Dotta's Information Security Officer.

In the last five to ten years, many organizations have started moving their business processes out of their server rooms and into the cloud. While this move brings many benefits to organizations (e.g., decreased costs and higher availability), it can come with some significant challenges as well.  Typically, one of the biggest concerns for organizations moving to cloud-based solutions is that of information security and privacy.  Terra Dotta, as a Software-as-a-Service (SaaS) provider, recognizes the challenge that this presents to our clients and has from day one ensured that our offering is hosted in an extremely secure facility and meets industry standards of data protections. 

Being in the education business for over 15 years, we understand the complexities of the security requirements and standards in place at your campus. We work hand-in-hand with your Information Technology (IT) department to make sure that your security requirements are met and everyone is comfortable with our solutions. While everyone is a little different, after working  with over 500 institutions worldwide we are confident that we can meet your existing data security and privacy requirements. Terra Dotta is always happy to discuss our protections with your campus IT staff – in their language – regarding various internal IT security policies and how Terra Dotta meets their requirements. 

 

PCI DSS Compliance

 

Data security is an ongoing and constantly changing process. Long ago, Terra Dotta saw the importance of protecting our clients data and has always dedicated ourselves to maintaining the highest of security standards. As Information Security Officer, Scott is responsible for continuing to push our solution with constant improvements. For utmost data center security, we choose only hosting partners that maintain multiple security certifications and auditing practices. Terra Dotta’s long term and evolving practices in providing secure environments for our clients’ data have resulted in Terra Dotta obtaining and maintaining PCI DSS certification for the past 3 years. PCI DSS stands for Payment Card Industry Data Security Standards, and certification requires an annual audit of not only Terra Dotta's hosting infrastructure, but also the business and information security policies and procedures that work together to ensure high levels of security for clients' data. While PCI DSS is used primarily to validate that merchants are secure enough to accept, process and/or store payment card information, PCI DSS compliance is also considered by many to be a broad, standards-based certification that verifies a business’ overall security posture. The best part about this certification is that it is not Terra Dotta telling you how secure we are but a third party auditor who is independently confirming it. As an institution, your IT security office can review our annual PCI Attestation of Compliance and other supporting security documentation to quickly assess the maturity of our policies and procedures.

As a security conscious organization, Terra Dotta knows it cannot can “rest on its laurels.” Compliance is an ongoing activity requiring continual review as well as an annual audit. Data security is a constant effort to stay one step ahead of potential vulnerabilities and exploits in the technical environment, while simultaneously having well-established policies and procedures in place in the unlikely event that a data breach occurs. For this reason, Terra Dotta contracts with industry leaders to perform continuous vulnerability tests to assess our environment and highlight any new vulnerabilities that have arisen “in the wild.” Just a few of the technical and business controls mentioned by Scott include intrusion detection systems, active log reviews and regular testing of our incident response team and business continuity plans.

Although Terra Dotta works continuously to provide the very best data security to our clients, it is important to to remind our client users and administrators that data security requires the attention and vigilance of everyone. We love partnering with your campus IT to make sure your policies are met and are committed to doing our part in implementing a solution that fulfills both your functional needs and your data security requirements.

 

Summary

 

Few people enjoy thinking about data security, yet we all must pay attention to it and take steps to ensure the safety of our personal information. Terra Dotta is no different. Since our inception, data security has been, and continues to be, at the forefront of all we do. PCI DSS compliance is an important indication of the strategic value we place on earning your trust and confidence and protecting your sensitive data. Should you want to discuss the meaning of our certification, or if you have general questions regarding the security of data with Terra Dotta, our full-time Sales Engineer or Information Security Officer would be happy to work with you. They can be contacted through info@terradotta.com. And finally, a special thank you to Scott Burkett, Terra Dotta’s Information Security Officer, for his insights and assistance with this article.