VERNON HILLS, Ill. – October 29, 2007 – CDW Government, Inc. (CDW-G), a wholly owned subsidiary of CDW Corporation and leading source of Information Technology (IT) solutions to governments and educators, today released the results of its third annual Higher Education IT Security Report Card, a national survey that asks higher education IT directors and managers to rate the state of IT security and the support they receive from constituents on their campuses. The 2007 report provides three-year trend data along with additional insights on increasingly complex campus security issues such as converged IT and physical security solutions.
According to the Privacy Rights Clearinghouse, there have been 148 publicly-disclosed data breaches at colleges and universities since 2005. While some incidents are unintentional, such as a data file posted to a public Web site, hacker activity and malicious attacks account for much of the data loss. The 2007 CDW-G Higher Education IT Security Report Card reveals that despite increased attention to the need for better higher education IT security, there has been little progress toward improving IT security in higher education. Key findings from the study include:
- Fewer than half of campus networks are safe from attack; 58 percent report at least one security breach in the last year
- Data loss or theft has increased 10 percent in the last year, up to 43 percent, including the loss or theft of staff and student personal information
- Increased attention to the convergence of IT and physical security solutions, but slow adoption of these tools
- Lack of staff resources is the biggest barrier to improving campus IT security
Data in Danger
“Ensuring IT security at higher education institutions is challenging,” said Julie Smith, director, higher education for CDW-G. “The amount of data residing on the network is growing exponentially and IT directors struggle to balance security concerns with the open nature of higher education. The Report Card gives voice and support to their concerns.”
While eight percent of respondents report that their network is “very secure” from attack, 47 percent report their network is “moderately secure but requires some improvements.” Not surprisingly, IT directors ranked issues regarding data protection as number three of the top five IT security risks on their campuses, with “sensitive data residing on unprotected machines” and “intruders gaining access to high-profile material” topping the list. This year’s study also points to an alarming rise in data loss or theft compared to the previous year, especially staff personal information (17 percent) and student personal information (16 percent).
For the first time in the study’s history, IT directors cite “lack of staff resources” as the biggest barrier to improving IT security. “IT managers’ responsibilities are growing at a rapid pace, consuming a greater amount of time than ever,” Smith noted. “The use of security information management tools can consolidate services and free IT staff to work on higher priority projects.”
IT and Physical Security Crossroads
This year, CDW-G asked IT directors about the convergence of IT and physical security programs, such as network access control, card access systems and mass notification systems. Respondents report that convergence is becoming a higher priority than in previous years, with 38 percent spending more time on it than the year before.
Eighty-six percent of respondents noted that their campus has the network infrastructure to support converged solutions, but only six percent have fully converged IT and physical security solutions. According to the EDUCAUSE 2007 Current Issues Report (May 2007), IT security is a top five priority among higher education administrators, but Report Card respondents note that convergence is not yet a top-five priority.
The Report Card
IT directors/managers were asked to rate the support for IT security that they receive from their executive administration, faculty and students:
- Administration earns a “B”: Respondents cite administrators’ “lack of financial commitment” as the biggest barrier to implementing better IT security and policies on their campuses. Respondents also note a need for administrators to commit to enforcing IT policies
- Faculty earns a “C”: The higher education culture continues to plague faculty grades. Respondents say that “lack of awareness” and the “expectation that exceptions will be made for individuals” are the biggest challenges. Using solutions such as network access control increases awareness of security protocols by ensuring that only machines updated with the latest software access the system
- Students earn a “C”: Respondents cite a “disregard of rules/policies” and “lack of awareness” as the major roadblocks with students. Many campuses are using education as a means to improve students’ understanding of IT policies, with required tutorial sessions or classes that engage students to be a part of the security solution Calls to Action“The results of this year’s report are sobering, but not without hope,” Smith said. “With a focused effort by the higher education community on each campus – administrators, faculty, students and IT staff – institutions can implement solutions that protect the IT infrastructure and engage the community as part of the IT security solution.”
CDW-G recommends the following actions to improve campus IT security:
- Campus IT security has not improved over the course of the Report Card’s three years, and critical data losses continue to put the entire educational community at risk. The administration bears the responsibility of taking the lead to unify and enforce security policies and procedures across campuses, colleges and departments
- The growing convergence of IT and physical security tools offer institutions a chance to consolidate and streamline human and financial resources while strengthening overall campus security
- IT breaches are forcing institutions to balance the free flow of ideas and information with the need to ensure community members’ privacy. A layered security approach including network access control, content filtering, end point security, network security and compliance can help IT directors develop a solid framework to protect institutions
- Student and faculty lack of awareness continues to challenge IT departments. IT security education should be considered a first line of defense to improve campus security – with the funding and administrative support to affect real change
Methodology
The CDW-G Higher Education IT Security Report Card findings are based on online and in-person surveys of 151 higher education IT directors and managers at a variety of higher education settings – from large research institutions to small community colleges.
For more information on the Report Card and to download the complete study, please visit www.cdwg.com/higheredsecurity.
_____________________________________________________________________
CDW-G Oct. 29 press release