Challenges in Higher Education Security: Finance and Funding

Administrative and technical challenges in higher education security portfolio management have demonstrated two common trends: the scale of the systems and a need to accurately understand the lifecycle of the portfolio’s current state. Consequentially, funding and financing these large portfolios is the next challenge, which requires proactive management by security organizations.

Higher education security portfolios often bear greater deployment and management costs in the industry. Construction windows are typically limited. Large geographical footprints sometimes require multiple contracts to deploy and manage applications. Infrastructure pathways can be expensive to install over sprawling campuses. Buildings are often older or historically preserved, which limits options for pathways and installation—and adds further costs.

Cost of ownership is also higher. Higher education security organizations need a greater number of resources to manage applications, monitor alarms, and respond to incidents. As cost models have shifted towards device licensing, the annual recurring costs for software management have also increased. Add to this the trending towards software as a service (SaaS) models, the annual cost of ownership of security portfolios will continue to climb even more significantly.

As cost models have shifted towards device licensing, the annual recurring costs for software management have also increased.

This series of articles has highlighted a proper lifecycle and strategic plan as a critical tool in mitigating most of these challenges. The same applies to finance and funding. An inadequate lifecycle plan can create lack of awareness of the security portfolio’s current state and health. This can lead to unpleasant surprises, costly delays, or incomplete installations. Incorporating financial needs into strategic plans can give organizations a more complete and proactive picture of the proposed system and its future, paving a clearer path to avoid administrative and technical challenges.

The financial elements of the lifecycle plan should include capital and installation costs, licensing, maintenance, administration, and software support. The plan should also factor in any indirect costs not borne by security, including electrical infrastructure, network equipment, and structural or civil elements (trenching, foundations, etc.). Even though they may not be part of security’s budget, proactively tracking them can be very effective in planning for funding requests.

The next critical piece is the cycle itself. This includes procurement and contractual considerations, submission deadlines, funding request thresholds, and approval timelines. The plan should incorporate activity triggers and alerts based on relevant thresholds for each aspect.

Complementary systems, such as identity management, incident management, and situational awareness, have made change management—ongoing administration, configuration, and optimization of systems—more complex, requiring dedicated external or internal resources. These resources are typically not technicians, but system administrators or application managers instead. With Security as a Service models trending, change management will continue to gain importance and require higher financial planning for the right type of resources. This means that security organizations may need significantly more funding in operating expenses versus capital expenditure—both for dedicated staffing and vendor software support agreements.

Complementary systems, such as identity management, incident management, and situational awareness, have made change management more complex.

Requesting additional dedicated staffing is typically a challenging and long process. Therefore, for systems involving change management needs, financial forecasts should include long-term staffing and support needs. In some instances, these resources can be part of support agreements or existing resource overhead, but it is still important to identify them based on their specific roles and objectives.

As in any environment, not all funding requests are approved. Creating a detailed and proactive financial plan allows security organizations to have informed engagement with leadership and align requests with mutual objectives. It builds a consistency in financial expectations, appropriately assigns risks, and builds a strategic, long-term roadmap for the security program.

Mohammed Atif Shehzad is the founder and managing director of Atriade, a full-service security consulting firm. He has extensive background in program development, strategic master planning, and executive-level program sponsorship. Shehzad also oversees program development and management efforts at several universities and colleges.