Question HLNT-01

Do you enforce network segmentation between trusted and untrusted networks (i.e., Internet, DMZ, Extranet, etc.)?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Explain your alternate mitigations for protecting trusted hosts from untrusted networks.

Answering "YES"

Provide a brief summary of how trusted and untrusted networks are segmented.

Reason for Question

Networks are excellent at segmenting trusted and untrusted networks, a best practice used by many. Implementations can range from simple to complex but at a minimum need to be appropriately implemented and maintained.

Follow-Up Inquiries

The lack of segmentation indicates a flat network is in use. If this is the case, other compensating controls (e.g., host-based tools) will need to be in place to properly manage network communications within a vendor's infrastructure. Ask why the vendor has used this strategy and what they are doing to safeguard institutional data in this environment.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]