How Ready Are IT Managers for a Crisis?
In a year of vicious attacks -- both actual and virtual -- information technology administrators have been left with the task of protecting their networks from harm and their campuses from unseen threats.
That's the context for this year's annual survey by the Campus Computing Project, which polled officials at 555 colleges and universities on their technology use via (what else?) an online questionnaire. The report, which is being released today at the Educause conference in Seattle, found that even as more institutions than last year say they have a plan for network disaster recovery, some two-fifths have yet to devise a response strategy. And while shootings at Virginia Tech and Delaware State University, among other places, underscored the importance of well-planned notification systems, fewer than half of respondents -- 44 percent -- said their institutions had a strategic crisis communication plan as of this fall.
The report noted that among colleges that did have such plans in place, most relied on existing technologies such as e-mail, campus Web portals and campus phones. Only 22.1 percent of the respondents said their plans incorporate students' cell phones, although it wasn't clear if that included the increasingly popular text-message notification systems adopted since the Virginia Tech shootings.
(A separate survey, released two weeks ago by Educause, found that more than 63 percent of the institutions polled had assessed their campus IT security risk, compared to 58 percent last year. That's slightly higher than the Campus Computing Survey's findings but in the same ballpark.)
Aside from security issues, the survey found that wireless access continues to expand into the classroom, adopting open-source applications is more attractive in theory than in practice, and colleges remain aggressive in combating illegal file downloading.
In this year's survey, 59.1 percent of participating colleges and universities said they had a plan for responding to hackers or data losses to the campus network infrastructure, up slightly from 55.7 percent in 2006 and 55.5 percent in 2004. But despite the press, the number of virtual attacks continues to decrease, according to the report, in nearly every category (to 45.6 percent in total this year from 51.1 percent in 2005). The survey found a stark drop in problems from computer viruses (14.8 percent, down from 35.4 percent in 2005) and spyware (15.9 percent, down from 40.8 percent in 2005 ), but noted an increase in security incidents connected to social-networking sites such as Facebook (13.2 percent from last year's 9.8 percent) that might reflect their solidified status as a staple of the campus experience.
But if virtual data appears more secure this year, physical theft is on the rise. Incidents of stolen computers were reported by 17.1 percent of the surveyed institutions, from 13.5 percent last year, and for the first time, the report finds that 6.5 percent of IT security breaches involved intentional wrongdoing on the part of an employee.
In light of the data, it's not surprising that campus IT officials identify network security as the "single most important IT issue affecting my institution over the next two-three years" -- but the proportion saying so is decreasing, to 25.5 percent from 30 percent in the past two years. The second priority (according to 13 percent of respondents) is upgrading or replacing campus "enterprise resource planning" systems, which seek to unify information and processes from across the campus into a single, integrated database.
Aside from security issues, the report follows up on trends several years in the making, such as the increasingly widespread reach of campus wireless networks (60.1 percent of college classrooms, from 51.2 percent last year and 31.1 percent in 2004). The number is nearly 70 percent for private research universities and almost 45 percent for community colleges. And while advocates for open-source software (which is free and can be adapted and improved without a license) hope that institutions of higher education will embrace the movement wholeheartedly, IT officers continue to see the benefits mainly in the abstract.
For example, 57.3 percent of respondents think open source "will play an increasingly important role" in campus information technology, but less than a third think it offers a truly "viable alternative" to commercial solutions. One possible area of growth is the adoption of open-source course management software -- a potential threat to Blackboard -- such as Moodle and Sakai. The survey found that the proportion of institutions using Moodle had nearly doubled to 7.8 percent this year, but among private four-year colleges, it was much higher at 17.2 percent.
Over on the student end, 2007 has been a milestone year. PDAs are becoming more popular, and the iPhone has colleges wondering how to handle the potential increase in Internet traffic caused by dozens of handheld WiFi devices surfing the Web and downloading music during class -- or even on the way there. (At the same time, some professors are grumbling about computer use during class, the report suggests.)
"To date campus IT officials have preferred not to deal with mobile phones and PDAs on campus networks. That will have to change with the arrival of a new generation of network compatible phones and PDAs in the coming year,“ Kenneth C. Green, the founding director of the Campus Computing Project and a visiting scholar at the Center for Education Studies at the Claremont Graduate University, said in a statement.
And as for that ever-present scourge, peer-to-peer file sharing, the survey repeats the finding that most institutions have policies to discourage or discipline students who illegally download music or video. Over all, the figure stands at 82.9 percent. Over 70 percent of polled institutions can revoke students' network privileges for violations, while almost half have some other form of discipline. To combat downloading on the electronic battleground, some 29.1 percent of institutions use blocking technology of some kind. Meanwhile, almost 13 percent require their students to take a course (online or otherwise) to learn about file sharing.