It's not surprising, therefore, that breaches happen with some regularity on university campuses. According to data analyzed by Application Security, a database security company, there have been 435 reported breaches that affected 8.5 million records at U.S. institutions of higher education since 2005, the year that the Privacy Rights Clearinghouse and other organizations started tracking such events.
Alex Rothacker, director of security research at the New York-based Application Security, says a bump in reported breaches so far in 2011 could indicate a new level of sophistication in attacks. "The bad guys are looking for this information because it's very valuable. They've figured out how to monetize it," he says.
Why university security matters
Colleges and universities face a number of IT security challenges that have, until now, been unique to their own sector, says Frank Kenney, vice president of global strategy at Ipswitch, a Lexington, Mass.-based security vendor that works with a number of high-ed institutions. Specifically, those challenges include the following:
• Colleges and universities have hundreds, even thousands, of new users coming onto their networks every year, with an equal number of users departing.
• They support nearly every kind of device available in the consumer market, and they contend with a young population that's much more likely to engage in risky behavior online.
• They often have decentralized IT organizations, which makes it difficult to deploy standard technologies or to adopt and enforce standard policies.
Many IT executives in other sectors have been able to avoid such challenges, Kenney says, but that's changing. "It's happening in healthcare, government and the financial sector, and traditional businesses are right behind them," Kenney says.
The growing use of consultants, coupled with shorter job tenures, means some companies are seeing turnover that mirrors that of colleges with their constant ebb and flow of students and visiting faculty members.
Beyond that, thanks to the consumerization of IT and advances in mobile technology, corporate IT shops now support computing environments featuring multiple software platforms and a variety of untethered hardware devices -- environments similar to the ones their counterparts in education have dealt with for years.
And, of course, corporate IT shops now must accommodate their newest users, the millennials, and their demands for online activities (and their greater acceptance of online risks) -- something colleges have considerable experience with.