I've often advocated for "the right tool for the job", generally preferring that faculty and staff not be overburdened with too much IT control and "over-management". This works well to support the campus activities, our main focus of educating our students. However, this needs to be balanced with central IT management for critical systems, sensitive information, or areas of security.
In particular, we want to avoid the situation at the City College of San Francisco (CCSF), where personal personal banking details and other private information was leaked for years:
Each night at about 10 p.m., at least seven viruses begin trolling the college networks and transmitting data to sites in Russia, China and at least eight other countries, including Iran and the United States, Hotchkiss [David Hotchkiss, the chief technology officer] and his team discovered. Servers and desktops have been infected across the college district's administrative, instructional and wireless networks. It's likely that personal computers belonging to anyone who used a flash drive during the past decade to carry information home were also affected.
As PJ Connolly writes in eWeek, the prevailing view in many organizations is "IT security .. isn't cheap and it won't make any money for the organization, and therefore, it's as low of a priority as one can get away with."
Computing Services (Morris) and the Office of Information Technology (Twin Cities) work together very closely to monitor our security. We have processes in place to track suspicious behavior on the network, and alert us if we see traffic indicative of an issue. We have security processes and standards to protect data - on your desktops, and on our servers.
For example, in the last year, Computing Services has rolled out "Active Directory" to many staff areas. You may view Active Directory (AD) as just providing online storage (your H: and S: drives.) But Computing Services also can use AD to automatically install patches and keep critical software up to date. In the event of a virus sweeping across campus, AD will allow us to quickly distribute a patch to address the vulnerability. This provides a good balance of "benefit" (to you) with "IT control" (security.)
Not all areas have moved to Active Directory yet; this will be an ongoing project. But it's one example where Computing Services is working to keep the campus safe.
