With password theft a leading cause of data breaches, the University of San Diego has implemented a secret server vault solution to secure shared IT credentials.
The University of San Deigo (USD), like most universities, isn’t expecting a cash windfall anytime soon; so they’ve turned to a simple data protection solution: passwords.
Every day, hackers target colleges and universities across the country. And, as a rising number of schools can attest, higher education is finding it tough to defend itself. Preventing such attacks is never easy, but universities may be particularly vulnerable because of budget constraints. In the words of one critic, lack of money often leads to an approach of “if it ain’t broke, don’t fix it.” As a result, schools tend to run old software that lacks the security features of later upgrades, or they may simply fail to patch software that contains exploitable bugs.
While few IT administrators are expecting a budget windfall anytime soon, schools can nevertheless take affordable steps to reduce the chances of a data breach. At the University of San Diego, for example, IT has focused its attention on an unglamorous security vulnerability—passwords—that is one of the leading causes of data breaches.
“Everyone was doing their own thing with passwords,” recalled Jordan Anderson, systems administrator at USD, which utilizes a centralized IT setup that is organized into several subgroups. “The networking team was storing passwords one way, we had our own solution in systems administration, while another team was using freeware to do localized encryption of passwords. We weren’t doing anything too outlandish—no Excel document with passwords in it, for example—but it was all sporadic.”
A scattershot approach like that can lead to increased vulnerability. Staffers who are required to remember passwords for a variety of systems, for example, are often reluctant to change them on a regular basis. Even worse, they might write the passwords down—sticky notes are a favorite medium.
While USD’s password setup never led to a breach, security-conscious staffers realized there had to be a better way.
(Next page: Harnessing a password “vault”)