Educause Logo

2017 Educause Top 10: #1 Information Security

First off, yes I have moved to my ‘forever home’ of the University of Arkansas. Hopefully I am here forever and ever and ever (smile). Now on to the topic!

If you are unaware of the annual Educause Top 10 Issues list, you must not be in higher ed. And that’s ok because the list translates to industry as well. You sillies that think industry is so far beyond higher ed technologically make no mistake, your budgets are undoubtedly bigger, your systems that directly run your industry might be beefier, but true innovation is occurring on campuses nationwide. In my previous presentations to largely corporate audiences on the topic of ‘mobility’ (Manhattan to Phoenix to Orlando and much in between), it was astounding to me the number of conversations I was drawn into that drilled home the fact that in many ways higher ed has pushed past industry – from virtualization to ‘one stop shops’ to app rumination to user experience. Why? Because we have to. Our current customer is your customer-employee-manager-CEO of tomorrow – I bring you today’s student. And we are prepping your future workforce and leadership with high expectations on technology and integration. But I digress. The Educause Top 10 Issues list is to us higher education technology folks a bit like the Toys ‘R Us ‘Top Toys’ catalog is to my kids around November of every year. It. Is. Everything.

So…even though it won’t be officially published until January 2017 here we go!

Information security: Developing a holistic, agile approach to reducing institutional exposure to information security threats.

I have to admit, I’m always surprised to see this on the list because to me, these days, it seems pretty utilitarian. This is year two in the top spot after years of always being a bridesmaid but never the bride. I’m pleased to see this in the REINVEST column so it’s not truly new, just kind of re-new. Interestingly, albeit a little confusingly to me (but again I’m a simple girl), the top 10 list was divided into three categories: Divest, Reinvest, Differentiate. I like this model a lot after thought and it makes me less agitated that security is in the number one position. I mean by now we should all have rock-solid security systems in place, right? I mean, RIGHT? (nervous laughter)

Security is no joke. I had the privilege to speak at an InfraGard event with the CSO from UConn (brilliant) and was truly impressed with the safeguards and response that his university has set up under his stead. What’s crazy – and entirely accurate – is that the landscape continually changes in this arena and YES whether you have an amazing set-up for security this very second it is still time to reinvest in process, procedure, testing and solutions. Between phishing, moves to the cloud and mobility, the underlying education on appropriate response becomes key. And while the user education piece should be the simplest with a simple SANS implementation, do we follow up? Do we check in aside from the annual online assessments? And the governance? Are we getting wrapped up in politics rather than completing a task of defining and living security governance? There is a reason that the entry points these days tend to be of the phishing variety – inadvertent users, despite being non-malicious, are the predominant ways ‘in’. In fact, according to Verizon’s 2016 Data Breach Investigations Report, that little feature about employees and/or users inadvertently opening a malicious email thus handing over a baby-sized to giant-leap step into internal systems? UP ALMOST 10% OVER LAST YEAR. Despite training. Despite focus. Despite press. Despite the Target debacle. So yes, we need to build and invest in great systems YET the education of the people needs to be at the forefront at all times to mitigate risk.

“The only thing we have to fear is ALL OUR USERS!” – Confucius (click here to see more)

Please tell me you didn’t just click above 😉 If so GOTCHA and connect with me on LinkedIn. I didn’t steal your soul…this time.

So Info Sec is number one. Ten months until the next Educause. Top 10 list. I can totally do this. Please note this is entirely my gut reaction to the list and I’m one of those that gets unduly excited about the list each Educause. One year (maybe two years?) I was even able to sit on the panel discussion at the conference. If you love technology, have a heart for higher ed and really want to benchmark your areas of interest and concern to ensure your focus is quasi-shared, this annual list is invaluable. I’m refusing to look ahead in the list (again) to ensure my responses are truly ‘gut’ but, if I recall, there are some really unusual-in-an-exciting-way entries this year. They fall in the Differentiate category and who doesn’t love to differentiate? It’s how we pride ourselves on standing apart from our closest peers and it can result in an amazing institutional ‘special sauce’ (thank you Nancy D. for that forever phrase of mine now) to absolute catastrophe. Always exciting possibilities! Until next issue next month – happy holidays all!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s