SC Magazine has published an article about data security and higher education, written by Josh Shaul of Application Security. The article examines the importance of balancing the need for the free exchange of information with data security risks. As Josh Shaul points out, enterprise security systems are not set up for university data systems and needs, which makes for unique challenges.

Recommendations for data security in higher education include:

  • Move towards a centralized IT policy - departmental IT policies make it impossible to be proactive with data security
  • Understand the culture & its risks – the demands for access to information by students, professors, administrators and more with few control policies is a culture issue that increases risks to inside breaches
  • Restrict access - given that so many people must have access to data, put all high-value data into a secure protected database – a centralized place with restricted access & tight controls. Monitor activity in real time.
  • Identify flaws in the system - look at unpatched systems, weak passwords, excessive user access & monitoring. Audit regularly.
  • Automate - use a system that automates security process and reports, freeing up IT time for more proactive security measures
  • Add real-time detection - have an alert system to deliver intrusion detection warnings in real time (in addition to real-time monitoring of user activity)

Many of these suggestions hold true in any industry, but understanding the culture of higher education and current IT policies, it’s clear that data security requires a fundamental overhaul for many institutions.

To learn how Absolute Software can help improve data security for higher education institutions, read here.

Image: darnok @morguefile ; Tags: , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati