When dealing with IT security, it pays to plan ahead.
Many colleges and universities approach IT security reactively, tackling problems when they arise as opposed to preventing them from occurring. But this method has damaging financial and organizational repercussions, said Ed Bassett, vice president of global security practice at CIBER, an IT consultancy.
“There’s a tendency to handle [IT security] with a firefighting approach, where you wait until something bad happens, and when it does, you scramble all the troops and try to fix it as best you can,” he said. “It’s a painful way to handle it.”
The root cause might be that educational institutions are fundamentally based on a culture of openness to which IT security is perceived to be a roadblock, Bassett said. That security incidents are relatively infrequent only exacerbates the problem.
Additionally, since IT security was originally considered a network function — protecting the Internet from hackers — it developed organically into a cause-and-effect practice.
“Early on, when there weren’t many solutions available, firewalls came out billed as ‘the silver bullet’ — they could protect hundreds of systems in one fell swoop,” Bassett said. “So it sort of started this trend of, ‘Oh, you’ve got a problem? Here’s a solution.’ And I think the industry built itself up around that, designing a lot of point-solution technology.”
As a result, a university in distress would rely heavily on customized software and an individual IT pro’s personal heroism to save it…
Please log in or subscribe to read this article