Safeguarding research and innovation: Singapore Management University’s cybersecurity transformation with Microsoft Security solutions

SMU is renowned for its forward-thinking approach to education and research, fostering innovation through global collaboration with researchers and industry partners. Located in the heart of Singapore's central business district, the University also leverages its city campus location to strengthen ties with businesses and the community.

As sophisticated cyber criminals increasingly target institutions, protecting valuable research, patents, and personal data is a top priority. A single breach could lead to the loss of ground-breaking research, disruption to teaching-learning process and damage to reputation.

"As a university recognised for its world-class research, our reputation is obviously critical," says Lau Kai Cheong, SMU's Chief Information Officer and Vice President for Integrated Information Technology Services. "We cannot afford any incident affecting sensitive and personal data from students, faculty, and staff. The University owes it to our stakeholders and to our constituents to treat their data with the utmost respect and privacy."

SMU's reputation directly impacts student enrollment, public trust, and funding. The University faces numerous cybersecurity challenges while maintaining a secure environment for over 13,000 students and nearly 900 faculty, complying with Singapore's Personal Data Privacy Act (PDPA) and Cybersecurity Amendment Bill.

"Research data is the crown jewel for threat actors," says Edward Panangian Pasaribu, Head of Cybersecurity at SMU. "And every day, we are resisting the efforts of adversaries, who pose multiple threats in the form of ransomware, extortion, selling passwords, and so on. Meanwhile, we need to ensure that the system is accessible from everywhere while keeping it secure."

Zero Trust: A cybersecurity imperative

Zero Trust strategy protects organizations by ensuring that every access request is thoroughly verified, regardless of where it originates. By adopting Zero Trust strategy, institutions can consolidate security solutions, minimize incidents and breaches, enhance resource allocation, improve compliance and reporting, and enhance their security posture.

"We engaged with Microsoft for an assessment of our cybersecurity posture," Kai Cheong explains. "We needed a holistic view of every access point and across all our applications. Detection and response to cybercriminals must be fast and provide responses to mitigate damages. After a full evaluation, SMU adopted Microsoft's Zero Trust framework to protect SMU's data, user identities and network infrastructure. This approach ensured that no user, device, or application was inherently trusted."

SMU restructured its approach by focusing on people, processes, and technology, building a cybersecurity framework that suits its unique academic environment. The IT team learned from organizations with strong cybersecurity practices to develop their strategy.

"The Zero Trust security model helps us combat threats and get a holistic view of all our data and systems," says Pasaribu.

SMU relies on a comprehensive suite of Microsoft security products: Microsoft Entra ID and Entra ID Governance manage identities and enforce least-privilege access; Microsoft Intune secures devices, manages access policies, and ensures compliance; Microsoft 365 and Purview protect sensitive data with encryption and governance tools; Microsoft Defender provides endpoint protection and incident response; and Microsoft Sentinel enables advanced threat detection and monitoring.

Guaranteeing access in an evolving threat landscape

In a constantly shifting threat landscape, SMU relies on Microsoft tools to implement a robust Zero Trust security model without hindering student, faculty, staff and partner access to resources. Access to critical resources is managed based on user identity, device health, and application behavior, all while supporting the teaching and learning process.

"For our university, we need to create a secure digital environment to support the teaching and learning process," says Pasaribu. "This requires protecting sensitive information and ensuring the continuity of our service. So, we need uninterrupted access to learning systems, materials, and platforms as well, regardless of any network disruptions. With Microsoft security solutions, we can monitor and measure our performance and see exactly how many incidents occurred where there are disruptions. This really helps us with reporting."

Recognizing that people play a key role in security, SMU invests in awareness programs to address human-created vulnerabilities and foster a strong security culture.

"Tools are only as useful as people's knowledge in how to use them," says Kai Cheong. “We have engaged a Microsoft training partner to create cases tailored specifically to the university environment. We are truly embarking on a journey to equip the students, faculty and staff with the skills needed to make the best use of AI technology, and it comes with the tools they use on a day-to-day basis.”

AI beyond cybersecurity: Enhancing administrative efficiency, teaching and learning

With a focus on producing entrepreneurial leaders, SMU is exploring how AI can streamline administrative processes and create personalized learning paths that are tailored to students' unique strengths and career aspirations.

"Security is only one aspect where we plan to make good use of AI," Kai Cheong explains. "In the area of student learning, we want to deploy AI to better enable students to learn at their own pace, in a very personalized way that harnesses their strengths and identify areas where they need improvement. Additionally, we want to apply AI to help students plan a road map for their studies based on their career aspirations, identify any gap in competencies that need to be addressed. If students want to be data scientists, for instance, what are the skills they need to pick up at SMU and what are the courses that offer those skills? So, we will be providing a personalized road map leading to their ultimate career goals."

By analyzing student performance and engagement data, AI tools will allow SMU to provide real-time feedback and guidance, offering a more personalized approach to education. This is especially relevant in the context of SMU's mission to cultivate entrepreneurial leaders. By helping students identify and pursue the most relevant skills for their desired career paths, SMU is ensuring its graduates are well-equipped for success in an increasingly competitive job market.

SMU's use of Microsoft tools plays a critical role in safeguarding research sensitive data while empowering students to shape their own learning journeys.

Looking forward: Strengthening security in an AI driven world

As SMU deepens its partnership with Microsoft, the University remains committed to bolstering its security measures in an ever-evolving cyber threat landscape, through the guiding principles of Microsoft Zero Trust framework. With AI-powered tools and Microsoft’s advanced security solutions, SMU is well-equipped to counter emerging threats while upholding its mission of delivering world-class education and research.

“Microsoft continues to empower us with the security tools we use for incident response as well as instilling confidence within our team,” Pasaribu says. “We are facing adversaries who are constantly innovating. Microsoft Security tools have been very helpful in our ongoing battle with threat actors. And with the advent of these AI-powered security tools, we are making our security posture even stronger and taking it to the next level.”