Annual report gives so-so grades to IT security on college campuses

Published 30 October 2007

CDW Government released the results of its third annual report card on campus IT security; the grades are mostly Cs — gentleman’s Cs at that

Talk about so-so grades. We are talking about IT security on campus:

1. IT and Physical Security Integration earned a “C”

2. Student Support for security earned a “C”

3. Faculty Support earned a “C”

4. Administration Support earned a “B”

Data security ranks among the top priorities of IT directors and managers in higher education, a survey has found. CDW Government (CDW-G) released the results of its third annual Higher Education IT Security Report Card yesterday. The report is based on a national survey of 151 higher education IT directors and managers. It gauges IT security and support on campuses over a three-year period. It reveals that, despite increased attention to better IT security in higher education, there has been but little progress. The report concludes that less than half of campus networks are safe from attack, with 58 percent reporting at least one security breach in the last year. Data loss or theft has increased 10 percent in the last year, up to 43 percent. This includes loss or theft of staff and student personal information. CDW-G found that increased attention to the convergence of IT and physical security solutions has failed to expedite adoption of related security tools. Managers and directors cite lack of staff resources as the biggest barrier to improving campus IT security

Eight percent of respondents reported “very secure” networks,” and 47 percent report their “moderately secure” networks that require some improvements. Directors and managers said data protection is their third-highest priority among the top five IT security risks on their campuses. “Sensitive data residing on unprotected machines” and “intruders gaining access to high-profile material” topped the list, CDW-G said.

The report called the rise in data loss or theft compared with the previous year “alarming.” “Ensuring IT security at higher education institutions is challenging,” Julie Smith, director, higher education for CDW-G, said. “The amount of data residing on the network is growing exponentially and IT directors struggle to balance security concerns with the open nature of higher education.” The survey found that convergence is increasingly a priority, with 38 percent of respondents spending more time on it than the previous year. Eighty-six percent of respondents noted that their campus has the network infrastructure to support converged solutions, but only 6 percent have fully converged IT and physical security solutions, the survey found.

IT directors and managers gave administrations a “B” for their support of IT security and said they need more funds and better enforcement of IT policies. They gave “Cs” to faculty and students, saying both lack awareness. Faculty expect exceptions to security policies and students disregard rules, they said. Many campuses reported some benefit from network access control and tutorials or classes on IT security.

CDW-G recommends a layered security approach including network access control, content filtering, end-point security, network security, and compliance, as well as funding and support for increased IT security education.