Documents Contributed by ECAR and Authorization

This July 2007 survey is part of a study of identity management and information technology (IT) security in higher education sponsored by CAUDIT in Australasia, by EUNIS in Europe, and by the EDUCAUSE Center for Applied Research (ECAR) in North America. Data from this study will form the basis of a report designed to help institutions position themselves in these evolving areas. Identity management refers to the business processes and infrastructure required to support the use of digital identities. Identity management is not the same as, but is related to, IT security, another top concern of IT leaders in higher education. The survey focuses on the key functions of establishing identity, user authentication, and authorization, as well as supporting infrastructures such as enterprise directory, reduced/single sign-on, and federated identity.

Researchers conducted this in-depth case study to complement the ECAR study, Safeguarding the Tower: IT Security in Higher Education 2006. The case study examines how four higher education institutions improved their information technology security programs since 2003—what they did, why they did it, how they did it, and which practices might be most effective for other institutions that wish to have similar results.

Presentation at EDUCAUSE 2006, October 9-12, 2006, Dallas, Texas. This presentation summarizes the findings of the EDUCAUSE Center for Applied Research 2006 study of information technology security in higher education.

When ECAR studied IT security in 2003, we discovered that despite efforts to develop a secure IT infrastructure in higher education, uneven management awareness and a culture that equated good IT security with the curtailment of academic freedom constrained IT security options and choices. The results of this 2006 study of IT security in higher education demonstrate that there has been a sea change in less than three years. This study not only assesses the current condition of IT security practice, but documents changes in practice over time among a constant set of respondents. Among 492 total survey respondents, fully 204 institutions responded to both the 2003 and the 2005 surveys. Extraordinary changes in both hard and soft security measures were reported. Nearly one-third of responding institutions now have a chief information security officer, and more than 60 percent of the 2005 respondents have a centralized IT security function. The study is supported with qualitative interviews from 18 higher education institutions and organizations and with three case studies.

This roadmap synthesizes the important issues and recommended actions drawn from the ECAR study, Safeguarding the Tower: IT Security in Higher Education 2006. When ECAR studied IT security in 2003, we discovered that despite efforts to develop a secure IT infrastructure in higher education, uneven management awareness and a culture that equated good IT security with the curtailment of academic freedom constrained IT security options and choices. The results of this 2006 study of IT security in higher education demonstrate that there has been a sea change in less than three years. This study not only assesses the current condition of IT security practice, but documents changes in practice over time among a constant set of respondents. Among 492 total survey respondents, fully 204 institutions responded to both the 2003 and the 2005 surveys.

This document presents the key findings of the ECAR study, Safeguarding the Tower: IT Security in Higher Education 2006. When ECAR studied IT security in 2003, we discovered that despite efforts to develop a secure IT infrastructure in higher education, uneven management awareness and a culture that equated good IT security with the curtailment of academic freedom constrained IT security options and choices. The results of this 2006 study of IT security in higher education demonstrate that there has been a sea change in less than three years. This study not only assesses the current condition of IT security practice, but documents changes in practice over time among a constant set of respondents. Among 492 total survey respondents, fully 204 institutions responded to both the 2003 and the 2005 surveys. Extraordinary changes in both hard and soft security measures were reported. Nearly one-third of responding institutions now have a chief information security officer, and more than 60 percent of the 2005 respondents have a centralized IT security function. The study is supported with qualitative interviews from 18 higher education institutions and organizations and with three case studies.

This bulletin is a companion to Campus IT Security: Governance, Strategy, Policy, and Enforcement, ECAR's 2006 bulletin (No. 17) by the same authors. Security technologies provide various types of protection to the campus, including technologies that secure the network, control access, encrypt data, facilitate backups, provide virus protection, and supply enterprise directory services. This research bulletin focuses on the emerging set of technologies that fall under the broad category of identify management. It is based on a literature review, campus interviews, and the firsthand experience of the authors.

These Key Findings describe the major discoveries of the ECAR research study called "Identity Management in Higher Education: A Baseline Study". This ECAR research study illuminates findings from a survey of identity management practices in higher education. In addition to exploring the adoption of identity management technologies, the study examines the importance institutions place on the benefits of identity management and their ability to deliver those benefits; the motivations that drive institutions to adopt identity management and the challenges they face; the policies and plans being prepared to support identity management; how identity management projects are organized and what resources and staff are dedicated to them; and the factors that influence good outcomes in identity management investment and capability. The study is based on a literature review, consultation with a select group of individuals representing organizations involved in identity management, survey responses from 403 higher education institutions, and qualitative interviews with 36 executives and IT personnel from 24 institutions. A corporate edition is available here.

This ECAR research study illuminates findings from a survey of identity management practices in higher education. In addition to exploring the adoption of identity management technologies, the study examines the importance institutions place on the benefits of identity management and their ability to deliver those benefits; the motivations that drive institutions to adopt identity management and the challenges they face; the policies and plans being prepared to support identity management; how identity management projects are organized and what resources and staff are dedicated to them; and the factors that influence good outcomes in identity management investment and capability. The study is based on a literature review, consultation with a select group of individuals representing organizations involved in identity management, survey responses from 403 higher education institutions, and qualitative interviews with 36 executives and IT personnel from 24 institutions. A corporate edition is available here.

This ECAR research study illuminates findings from a survey of identity management practices in higher education. In addition to exploring the adoption of identity management technologies, the study examines the importance institutions place on the benefits of identity management and their ability to deliver those benefits; the motivations that drive institutions to adopt identity management and the challenges they face; the policies and plans being prepared to support identity management; how identity management projects are organized and what resources and staff are dedicated to them; and the factors that influence good outcomes in identity management investment and capability. The study is based on a literature review, consultation with a select group of individuals representing organizations involved in identity management, survey responses from 403 higher education institutions, and qualitative interviews with 36 executives and IT personnel from 24 institutions.