Catch a clue from an EDU: Universities that get security right

In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security.

1 2 3 4 5 Page 2
Page 2 of 5

Alex Rothacker, director of security research at the New York-based Application Security, says a bump in reported breaches so far in 2011 could indicate a new level of sophistication in attacks. "The bad guys are looking for this information because it's very valuable. They've figured out how to monetize it," he says.

Why university security matters

Colleges and universities face a number of IT security challenges that have, until now, been unique to their own sector, says Frank Kenney, vice president of global strategy at Ipswitch, a Lexington, Mass.-based security vendor that works with a number of high-ed institutions. Specifically, those challenges include the following:

• Colleges and universities have hundreds, even thousands, of new users coming onto their networks every year, with an equal number of users departing.

• They support nearly every kind of device available in the consumer market, and they contend with a young population that's much more likely to engage in risky behavior online.

• They often have decentralized IT organizations, which makes it difficult to deploy standard technologies or to adopt and enforce standard policies.

Many IT executives in other sectors have been able to avoid such challenges, Kenney says, but that's changing. "It's happening in healthcare, government and the financial sector, and traditional businesses are right behind them," Kenney says.

The growing use of consultants, coupled with shorter job tenures, means some companies are seeing turnover that mirrors that of colleges with their constant ebb and flow of students and visiting faculty members.

Beyond that, thanks to the consumerization of IT and advances in mobile technology, corporate IT shops now support computing environments featuring multiple software platforms and a variety of untethered hardware devices -- environments similar to the ones their counterparts in education have dealt with for years.

And, of course, corporate IT shops now must accommodate their newest users, the millennials, and their demands for online activities (and their greater acceptance of online risks) -- something colleges have considerable experience with.

Given the breadth and depth of the new similarity between corporations and higher education, Kenney says, it's no wonder corporate IT leaders are increasingly looking at universities for best practices when it comes to managing security in a complex environment.

IT leaders in higher education are developing security best practices that involve multilayered approaches that combine technology-based defenses, data management policies and user education to protect internal information and resources from those who seek to do harm.

"At first, it was all about what the technology can do, so we had things like firewalls. But now it comes down to high-level governance and risk management," says Rodney J. Petersen, senior government relations officer at EDUCAUSE, a nonprofit that promotes the use of IT to advance higher education.

1 2 3 4 5 Page 2
Page 2 of 5
Shop Tech Products at Amazon