With universities into another year, their IT departments will surely be making security a top priority – especially in light of recent data breaches at colleges in Tampa and Nebraska. Considering most universities must accommodate a network of thousands of desktops and laptops, in addition to end-users ranging from students, developers, researchers, academics and admin staff – it’s no wonder balancing security and productivity is such a complex endeavor.

For instance, a major concern is the number of apps downloaded on university computers, many of which become gateways for malware to infect the university system at large. But eliminating administrative rights to download applications isn’t realistic, considering the sheer variety of subjects offered at universities – all of which require different software applications for coursework. Some universities wipe desktops after each session to get around this, but doing so requires a staggering amount of manpower and limits student access to information.

In fact, the University of Derby, based in the heart of England with students from than 120 countries around the world, recently faced this very issue. The university has built a culture of passion and freedom — actively encouraging both students and teachers to be innovative and enterprising. To empower this environment, the university wanted to eschew setting restrictions on its technologies and enable users to download all apps that would further their education.

After all, access to information is key to meeting the varying demands of learners, researchers and academics. But, like businesses, university IT departments face the reality of data security. And unlike corporate environments, education networks are built on the principles of free information exchange, which need to match the diversity of their users.

Moreover, university systems are at risk now more than ever as they regularly grant open access to students, academics, distance learners, researchers and administrators. With current studies showing 70% of all IT security breaches originating from internal sources, the challenge for higher education is to mitigate this risk, while still ensuring the right levels of access to information — and supporting flexibility across academic research and learning programs.

In the case of the University of Derby, the organization handles a network of 4000+ desktops and laptops and end users, ranging from students, developers, researchers, academics and admin staff. Their big challenge was to improve systems security, while adhering to their founding principles.

On top of this, they faced a second challenge related to the diversity of courses they offer. Like most universities, their student labs hold a large number of software applications that enable the completion of specific course work. In order to use many of these applications students required a high level of access – something most IT departments aren’t particularly comfortable with.

To remedy this situation, the university opted to remove user admin rights, while elevating required applications, ensuring they be accessible, when necessary. This approach enabled the university’s IT department to effectively manage and minimize the risks involved with downloading unknown applications, as well as ensuring compatibility with other incumbent applications on the system and delivering license conformity. Ultimately, this measured approach enabled the university to dramatically reduce risks and its amount of IT resources required.

As an added bonus, this strategy resulted in a substantial cost-savings by reducing support time, plus the approach was implemented with minimal downtime for students. And ultimately all of these benefits led to a much improved user experience.

Universities are, and should always be, beacons of free thought — and upholding this ideal while also protecting information is the holy grail of the new millennium.