14
CAMPUS TECHNOLOGY | May/June 2020
Security
A change in otherwise predictable user behavior is a primer for additional exposure to information security challenges and vulnerabilities.
current situation, fast was the mandate, so we were left with just two options: 1) Some of the efforts that were put forth came at an expense that will now need to be accounted for in already strapped budgetary times (in other words, good but not cheap), or 2) The quality of the solution might reflect its intention as a temporary option or the solution lacks a sustainable business or support plan beyond the immediate (cheap but not good). It is always worth remembering, while information security is a critical piece to maintaining a reliable and productive enterprise operation, it can sometimes be left behind if you don’t already have processes and systems in place that build in those principles in all phases and not as a secondary consideration.
2) Enhanced Vendor Accommodations
The solution and service provider response during this time has been unlike anything I’ve seen before — and without it, institutions would likely be struggling to offer services and support to a user population that no longer resides or has a presence on campus. In a lot of ways, the licensing and access that has been afforded to us (temporarily) by many of our vendors/ partners is likely what we always wished we had or could afford all the time! But this also is a cautionary tale for many because with those looser or more generous access options, you may find yourself in a situation where users are accessing and managing university data and information in ways that you no longer have oversight or visibility into.
3) Supporting a Fully Remote
User Population
The proliferation of “free” software and web applications available to the user population
is nearly endless right now, and ensuring every solution is vetted or integrated with a single sign-on solution simply isn’t feasible. As a result, we may find that many are creating accounts using their university-managed e-mail address (and likely a similar password) on systems with vulnerabilities that, in different times, might have been handled by those responsible for ensuring user security and system safeguards. This abundant access to niche solutions also creates opportunities for users to veer away from enterprise-level supported and licensed software. Now more than ever we should be promoting the tools available to our users, and more importantly how to use them.
4) Shared Access to Technology
The increased demand for technology and internet service is unprecedented. Nearly all populations on campus are looking for ways to ensure they are meeting work-from-home demands, home schooling, etc., often with limited supply of technology means in their homes. It’s also not uncommon, understandably so, for many of us to have to be creative with who is using that that technology and how. A change in otherwise predictable user behavior is a primer for additional exposure to information security challenges and vulnerabilities. Whether it be ensuring applications are properly logged out, sessions are ended, etc., managing a machine that is shared by many creates vulnerability to the data owner, but also challenges their privacy.
5) Access to the Internet
Similar to the extremely generous and vital offerings of many other solution providers, nearly all local internet service providers