I am recently back from the Educause Security conference 2012 — my first time going to that conference. I should note that I am the security officer for the campus so this was a great opportunity to connect with folks who have been doing this for a long time.
It was quite a good conference and, based on a few discussions with other attendees, one role of the conference is to leave you unsettled due to how many security threats there are. I mean, there are a lot. And hearing from large Universities (that have security departments of 3-5 staff) about how they need to manage multiple data breaches of personally identifiable information (PII) leaves one restless at night. The challenge with large Universities is how distributed information and systems can be. At a small College with a single central IT department there is more control over the systems housing institutional data (and clear accountability).
REN-ISAC (Research and Education Networking Information Sharing and Analysis Center) kept coming up and it clearly brings much value to its members. First thing when I’m back in the office, join REN-ISAC. One product I was very interested in was Cloudlock — enterprise control over your google docs domain. You can retain docs after someone leaves, retain documents for legal discovery, audit access rights to comply with FERPA, HIPAA, PCI — just pick your abbreviation. Of course it costs per user so this could offset any licensing savings you might be recouping with moving to google apps but it provides enterprise management tools that would make me rest easier at night.