Higher education web estate audits

What is a web estate?

Web Estate: a collection of websites, or web properties, for which an organization has technical responsibility or legal ownership.

University and college websites typically develop organically, producing estates of hundreds or even thousands of autonomous websites, supported with disparate levels of resources and expertise. As a result, many institutions are unable to answer the following types of questions:

With the EU's General Data Protection Regulation (GDPR) coming into force, how many of our websites will be affected? How many of our sites and on which pages do we use forms to gather personal data?

We want all of our institution's websites to offer secure HTTPS connections. How many of our sites does this apply to? What web servers do we currently use? Are our HTTPS sites using certificates from our preferred supplier?

Visitors expect our websites to be accessible. If we implement accessibility institution-wide, how many sites would be involved? How many different content management systems would be affected? How many content pages would this impact?

Our internal audit group needs a list of all our websites for a value-for-money study of hosting service usage. Do we have such a list? In fact, how many websites do we have? How many are hosted internally versus externally?

While content and technical set-up on individual websites creates risk exposures, the risks increase materially with growing numbers and limited knowledge about each site.

We can help you answer three basic questions to assess your web estate's risk profile:

Exactly how many websites do we ‘own’?
Who maintains each of these sites?
What underlying applications and technical infrastructure do they use?

What risk exposures do higher education web estates pose?

Web estates typically expose higher education institutions to three risk areas:

Financial risks as a result of:
- inaccurate, out-of-date, inaccessible, inappropriate and low quality content
- non-mobile friendly and non-responsive sites
- unclear branding
- redundant/legacy technology,
- duplicated hosting contracts,
- cost inefficiencies and potential revenue losses

Legal & Regulatory risks caused by:
- unclear content copyrights
- unenforced data privacy policies
- uncontrolled cookie use and incomplete policy implementation
- unmanaged social media implementations

Security risks resulting from:
- unpatched content management systems and web servers
- insecure website connections
- untested site back-ups
- incomplete HTTPS implementations
- on-page security issues

Our Higher Education Website Risk Matrix provides further information about the specific risk exposures university and college websites can present.

Assessing web estate risk exposures

Our three-step process identifies all the sites within a web estate, then evaluates and records critical data about each site.

Survey

A highly automated survey explores and discovers the full scope and scale of an institution's websites by:

finding core web servers and content management systems (CMS)
and, iteratively scanning to uncover further sites within the estate

The survey output is a comprehensive list of the websites in a higher education institution's web estate.

Evaluation

Sites identified by a survey are systematically tested to collect data about:

technologies - security measures implemented, web server configuration and set-up, content management system(s)
site configuration - cookies, metadata characteristics, policy and privacy links and page counts

Evaluations capture and record site-level data to assess and understand potential risk exposures.

Registration

The survey and audit data, in turn, populates a Web Estate Registry to:

deliver a central database of an institution's websites and critical data about each site
provide the key data to explore, identify and evaluate potential risk exposures

Periodically re-running surveys and audits keeps data current and reliable.