International university applicants are often required to provide mountains of personal information when applying for their CAS (Confirmation of Acceptance for Studies) letter, a vital part of the process for obtaining a visa to study in the UK. Depending on their region, they may need to send up to 15+ documents containing sensitive data to the sponsoring university, ranging from bank statements to passport details.
At Enroly, our automation software streamlines the process of requesting and managing these documents, making it much quicker and friendlier for students, agents and our university clients, but it also brings huge security benefits. With so much personal information being integral to the CAS process, unless this data is properly handled, it could provide a ready-made toolkit for an identity thief.
All data collected for the CAS process in our application is securely stored in our Amazon Web Services (AWS) infrastructure. AWS is the world’s most comprehensive and broadly adopted cloud platform, which facilitates the rapid innovation of our dev teams, while also enabling us to build best-in-class security into every part of the process. All files and data are encrypted at rest, but we go even further to protect student data, taking measures to limit who has access to it, and also protect against accidental access and changes.
One of the core principles of how we do secure and scalable development in AWS is by splitting our organisational unit into multiple accounts, a best practice approach which is part of the Security Pillar under the AWS Well-Architected framework. This set-up facilitates rapid innovation within custom environments and offers flexible security controls. And ultimately, a multi-account AWS environment enables us to use the cloud to move faster in a secure, scalable and resilient manner.
Having multiple accounts offers safety in numbers. By using different accounts for our production and development environments with centrally controlled access, we can keep them completely separate in terms of infrastructure and resources, so that changes in one account can’t affect the other. This allows our developers to work in an environment where they can rapidly innovate without any fear of breaking something or compromising security.
Beyond these measures, we also use short-lived security credentials and follow the principle of least privilege (POLP), to limit what a developer can do, which is about giving users the least amount of access and responsibility necessary to complete their duties, again, building resilience into the system.
Many of you will have come across multi-factor authentication (MFA) when using other secure platforms - a system which is designed to add an additional layer of security. MFA is a fundamental requirement to gain access to any of our AWS infrastructure, and any time our employees want to access AWS they must sign in with MFA to do any actions, including request temporary security credentials to access our different accounts.
So with Enroly CAS Shield, you can be 100 percent confident that security and resilience are our top priority for the platform and the ways in which we do development. Many universities are currently relying on tools like spreadsheets and email to manage these processes, which could expose them and their students to damaging data breaches. Join the safety in numbers brought by our expert development team, to ensure that your CAS processes are underpinned by the best available security infrastructure.
Ready to find out more? Secure a demo.
