The Imperative to Integrate Security and Privacy on Modern Campuses
Imagine it is homecoming weekend, and visiting alumni have flooded a college campus for the big football game.
From the moment they park in the campus garage to when they leave the grounds, the visitors enter a new digital world that current students encounter every day. They use an app to pay for lunch in the student union, another app to buy a sweatshirt in the bookstore, and still another that holds their game tickets. The alumni also look at digital signage for a schedule of events and directions to a pep rally. At the stadium, there are separate digital signage systems for security rules, food prices, and the game status.
This type of fragmented digital experience is now commonplace across the breadth of activities on college campuses—from the classroom to the library to the dormitory to the rec center. Students, faculty, and visitors that bring their own device may expect a seamless digital experience, but that is rarely what they get. The breadth and diversity of technology in play also increase risks to data security and privacy.
As higher education institutions adopt a growing number of digital tools, they must focus on pursuing a strategy that moves not only toward a more seamless, integrated experience, but also incorporates cybersecurity, physical security, and privacy for everyone on campus.
Diverse Digital Expectations
Any organization with a large footprint will have a broad range of personas with different digital needs. Given the many services a large campus provides, it’s common for various departments and stakeholders to choose applications and services for their requirements that are delivered without much thought to other departments. This leads to decentralized and siloed systems. Anyone navigating that landscape quickly ends up with a smartphone full of applications along with hard-won local knowledge on how to survive this digital ecosystem.
Cyber and Physical Security are Intertwined
On its surface, the decentralization may seem like just an annoyance to users, but serious security concerns are embedded in it as well. First, these applications and information systems require users to input personal and financial information. The applications create a greater surface area for risk, creating a wealth of transactions and interactions that could result in stolen data.
There is also the physical security component. Campus environments extensively leverage digital signage to provide information to students and guests. It is not uncommon for different parts of the university to use other applications to manage these systems—the library uses one product while the dorms use another and so on. That silos the messages being conveyed, which is inefficient and even potentially harmful.
For instance, it has sadly become more important in recent years to use such signage for communicating during an emergency. If university security needs to inform the campus community of an active threat, it could take additional time for the information to be posted across diverse campus systems. Instead, a single, integrated system, would make this time delay non-existent.
The same goes for physical access systems. Universities often use multiple access systems across different buildings. Should an institution need to lock down the campus immediately, numerous systems add valuable time to the process.
Creating a Centralized System
To address this situation, universities must first rethink how to bring these disparate platforms together and institute a “buck stops here” approach. That likely includes designating a new leadership role to oversee the complete digital experience.
Beyond the more limited purview of a CISO, this role would take a high-level approach to understanding all of the different potential engagements on campus, and—to the extent possible—coordinating all involved departments to streamline and integrate the systems supporting those experiences.
As just one example, emerging digital identity technology stored on a user’s mobile device could replace university-issued physical ID cards that use RFID to grant access to specific services. That’s a tall order. Consequently, such a position will require the authority to create policies and procedures for a broad swath of university stakeholders. While some operations may not be a fit (a third-party fast food restaurant operating in the student union, for example), there is still an opportunity for increased collaboration.
There also needs to be an acknowledgment that if a system collects information or creates transactions, it must meet specific security and interoperability standards. There needs to be an information loop that includes cybersecurity leaders so they remain aware of any associated risks, and can plan accordingly. The same is true with physical security because campus protection must understand the different systems used and how to restructure them into a consolidated approach.
Your Roadmap to a Secure and Satisfying Digital Experience
No doubt the digitization of the modern campus will increase, escalating challenges around cyber and physical security and data privacy. It’s time for higher education institutions to face these realities and take action.
Develop a comprehensive digital experience program informed by those security and privacy implications. Assign a leader to own building the program, while bringing together a team capable of creating a streamlined approach that delivers the best experience, with security and privacy at the core. Consider external partners—if needed—to help with the steep learning curve and accelerate results.
Having a proactive, comprehensive strategy will enable institutions to achieve better coordination of security and privacy controls across fewer platforms. Not only will users have an enhanced digital experience, institutions will enable better outcomes for their entire campus community.
Michael Sink, chief technology advisor of higher education at World Wide Technology, regularly engages with clients on strategy, innovation, and transformation to develop and deliver solutions tailor-made for higher education institutions. He previously served as the associate vice president and deputy CIO at the University of Central Florida, as well as on the board of directors for the Higher Education User Group—a worldwide community enabling the sharing of knowledge and practices to maximize institution investment in higher education information systems.
© World Wide Technology