Reclaiming the Keys to the Kingdom: Examining End-User Administrator Rights in Higher Education
“Any society that would give up a little liberty to gain a little security will deserve neither and lose both.” — Benjamin Franklin, 1738
Giving administrator rights to computer end users was once a common practice, but it has all but disappeared in corporate America. As companies embrace the least-privilege model of information security, most employees interact with corporate computer systems with user-level access in tightly controlled software environments. In higher education, information security standards have historically been much looser. Universities, the birthplace of modern interconnected networks, were designed around the free flow of data to share knowledge with all willing parties. Ideals of information freedom and communities of trust continue to influence network security policies at many universities today. Unfortunately, the cybersecurity threats faced by higher education mandate a new approach to this issue.