Slade Griffin, security engineer at Sword & Shield Enterprise Security: "I spent almost 10 years working in both secondary and higher education. The challenges presented are numerous and no one thing can currently be blamed. I would say the most persistent challenge for IT security personnel is culture and the resistance to change. More than once as an IT security framework was being developed necessities got bogged down in the "endless meeting" cycle. Much talk of change would often result in no change at all in order to accommodate a very small portion of the population. Attempts to make rules exceptions often spiraled out of control until IT security was moved out of the umbrella of network operations where the CIO, or equivalent, did not face a conflict of interest concerning security and convenience. On the other hand I have also seen IT security personnel attempt to become big brother with no accountability to any person or group other than themselves. Overcoming the challenges in academia is a delicate balancing act which must be situationally dictated to the given environment."
Bryan Murphy, information security analyst at Michigan State University: "I have found that governance and policy are difficult to implement. If a specific policy is approved its "enforcement" section is always a fluffy copy/paste from the union handbook. Teeth are difficult to build in given academic freedoms and staff unionization."
Matthew Lye, senior computing support officer at Griffith University in Australia: "I've found the largest problem is you don't have a large degree of control over user desktops in academia when compared to a business environment. As a result you end up with very little ability to protect users from themselves in regard to data leakage. ID management tends to be reasonably standardized and easier to control as long as they don't keep using post-it notes to keep their passwords and IDs on their monitor or whiteboard."
Peter Anderson, CSO at Computer Systems Center: "I don't know if ID management solely address the data leakage issues within academia. I can only speak to where academia collides with national security. The fundamental problem of controlling access to highly sensitive information and potentially highly destructive technology while allowing the academics to publish their research and collaborate amongst their peers has been long standing. Balancing the "publish or perish" mentality of academics and the classifying information demands of the US Department of Homeland Security (DHS) is a cultural problem that has plagued this community for a long time. Identity management coupled with a suite of technologies such as access management, entitlements, and digital rights management can provide capabilities that limit and control the sharing or collaboration amongst the peers in a protected manner. These tools working together will drastically limit the leakage or the second-hand sharing that tends to take place."