The Internet was built on university campuses. It was built by academics for academics, and without any notion of the new kinds of commerce, crime, and espionage it would enable.
As the Internet spread beyond purely academic circles and became a valuable tool for corporations and governments, as well as a target for criminals and terrorists, a vast—and growing—security industry sprang up to develop new controls and defenses that would protect us against threats. But the academic world, from which the Internet originally came, has not wholeheartedly embraced this growing market of new security tools and tactics.
A highly secured network that closely regulates and restricts new devices, users, or online traffic streams may be desirable in a secretive government agency or a company jealously guarding its intellectual property and strategy, but it may make less sense on the campus of higher-education institutions, which draw intellectual sustenance from the regular arrivals of new people from all over the world, carrying their own devices, looking to study and collaborate alongside everyone else.
If you run a college or university you don’t necessarily aspire to a computing environment that fortifies your chosen “insiders” and their data, and keeps out everyone else, and their potentially infected laptops and smartphones. At the same time, you still want to protect the personal information and intellectual property of your staff and students, and make sure that their computing resources are not being taken advantage of, or used to attack or infiltrate other targets. So, on those same campuses where the Internet was born, administrators, academics, information-technology staff, and students are struggling to figure out the right way to balance their academic research and educational missions with the need for computer security.