Click here to receive your FREE subscription to Campus Technology
Supplement
Convergence: Yea or Nay?
7/1/2008
Penn State's Chief Privacy Officer David Lindstrom believes the best way for higher education institutions to improve data and physical security is to start with bulletproof policies that identify vulnerabilities in the areas of both data and physical security. A security committee then can administer deployment and implementation. The committee should include at least one or two students, so decision-makers are always considering issues that are of importance to the institution's largest user group.
THE HOLISTIC APPROACH
For technologists at Penn State, one of the largest state school systems in the country, the answer to the "Converge or don't converge?" question has been to think holistically from the get-go. David Lindstrom, the school's chief privacy officer, believes that higher ed institutions should take an all-encompassing approach that renders irrelevant distinctions between different kinds of security. Lindstrom, who also serves as co-chair of the Higher Education KnowledgeNet for the International Association of Privacy Professionals, says he sees security in general as a way to minimize risk, and notes that in this context, worrying about convergence isn't nearly as important as investing time and money to maximize network defenses across the board. "If my convergence solution doesn't prioritize physical security, someone can figure out a way to break onto my campus and steal my equipment," he says. "But if my convergence solution doesn't prioritize data security, a user doesn't even have to show up on campus to hack into the system and steal data."
For Lindstrom, the best way for higher ed institutions to improve data and physical security is to start with bulletproof policies. The first step, he says, is to develop institutional controls and protocols that give technologists in each individual department advice on how best to lock down critical assets. With these policies in place, Lindstrom recommends that schools go in and identify vulnerabilities in the areas of both data and physical security.
The final phase of his step-by-step approach is to put together a privacy or security committee to administer deployment and implementation. Lindstrom suggests that institutions build this committee around managementlevel individuals, and representatives from a variety of different constituencies (or in Penn State's case, departments). He notes that the committee should include at least one or two students, so decision-makers are always considering issues that are of importance to the institution's largest user group.
"Buy-in from the people who will live with technology every day is critically important for the success of any security project," he says. "Without this connection to the real world, even the best approaches to security ultimately will fail." For more tips and best practices on how to approach the question of converging data and physical security, see "The Road to Convergence."
Matt Villano is senior contributing editor of this publication.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Get Users on Board
- Greening IT
- It's a Zinch
- Meeting up Virtually
- Online Tutorials to the Rescue
Now's the time to use online tutorials to streamline professional development and help desk management.
- Retention Rx
