Challenges in Higher Education Security: Technology and Systems
Technology challenges at universities are often ones of scale and sustainability. Platform footprints are usually extensive, deployed organically, and dependent on infrastructure limitations and third-party data management feeds. These challenges can limit an organization’s security team’s ability to scale, upgrade, or replace systems to meet current needs or maintain compatibility with contemporary edge devices.
The most common challenge is legacy systems, implemented and expanded during many years or even decades. These systems may have outgrown the institution’s functional needs or may not be able to accommodate today’s more intelligent peripheral devices, such as next-generation readers, high-megapixel cameras, or smart sensors. Universities and colleges also face the challenges of disparate platforms: standalone devices implemented either for expediency or lack of available enterprise architecture. These disparate systems introduce an administrative overhead layer of managing multiple systems and databases that may not be shared across platforms.
Universities and colleges also face the challenges of disparate platforms: standalone devices implemented either for expediency or lack of available enterprise architecture.
Network and infrastructure support can be another common technical challenge. Older infrastructure can be expensive to replace across a large campus environment. Conversely, if an institution is moving to a contemporary model—such as subscription or hosted applications—legacy platforms can prevent security to align with the institution’s vision. A legacy access control system with a serial bus (a shared channel to transmit data) connecting panel hardware may not be compatible with an Internet of Things-supported architecture initiative without a costly total hardware replacement. Lastly, newer peripherals and smart sensors can be bandwidth- or process-intensive, straining legacy infrastructure.
Security organizations in higher education can take constructive steps to mitigate some of these risks and overcome existing challenges. Starting with a current state discovery is a crucial step to develop a detailed and informed picture for the right future state. This discovery should include all assets of the security profile and its supporting infrastructure. It is equally important to establish functional requirements for the desired outcome. Even if some of the requirements may be unattainable today, documenting them allows for the development of a proper roadmap, as long as the future state of the system is aligned with leadership goals and objectives.
A documented future state of a legacy access control system provides a roadmap for security and other responsible parties to properly build or upgrade the platform. A simple phased approach can start with the most critical items, such as legacy controllers or enterprise software. The phases then progress towards daily needs and supporting features, such as integration and peripheral devices like readers. If certain goals—such as frictionless access or identity management—are deemed unattainable due to costs, they should still be documented, along with their business justifications and anticipated costs. This documentation can keep those items on a projected deployment path for the future by starting the relevant stakeholder conversations around needs and costs today.
Consistent engagement with infrastructure and database teams is equally important. In some cases, existing infrastructure can be leveraged for wireless access control, mobile-compatible access control, or credential management apps. Data consolidation initiatives can incorporate security’s user feeds on identity and access rights. And if the institution is moving towards cloud or subscription models in its departments, security can start planning for that transition by looking at compatible solutions.
Starting with a current state discovery is a crucial step to develop a detailed and informed picture for the right future state.
The last step in managing the technical challenge for universities is to develop a concise, comprehensive strategic plan that establishes priorities based on risk and need. The plan should include costs, year-to-year goals, responsible parties, and value drivers, which are important for successful adoption. The plan should also include thresholds to trigger financial discussions, technology proofs of concept, and procurement cycle kickoffs.
Breaking the technical challenges down into manageable phases can help lead a successful transition to contemporary solutions. Leveraging ongoing initiatives can show quick successes, maintain required levels of security, and upgrade the overall portfolio.
As systems and solutions are upgraded, implementing some of the administrative tools of awareness, cross-functional collaboration, training, and lifecycle management can then help build a sustainable model for future growth.
Mohammed Atif Shehzad is the founder and managing director of Atriade, a full-service security consulting firm. He has extensive background in program development, strategic master planning, and executive-level program sponsorship. Shehzad also oversees program development and management efforts at several universities and colleges.