In the face of growing security concerns nationwide, as the Department of Education hands over student information in antiterrorism efforts, a fact unearthed by Northwestern University Medill School of Journalism student Laura McGann, more and more universities—including UW-Madison—are stepping up security measures for the protection of their students and alumni.
UW-Madison is one of the first universities to abandon a paid-for program for its Internet portal, MyUW, and embrace uPortal, a free, open-source program, according to Jim Hewig of the Department of Informational Technologies.
The latest incarnation of MyUW not only uses open source technology, but also features new security measures and a customizable user interface.
Developed by JA-SIG, a not-for-profit group of universities, uPortal connects the e-mail, calendar, directory, and other functions of MyUW to an easy-to-use interface.
Brian Rust, communications director of DoIT, believes the nature of open source software makes uPortal superior to a paid-for program.
""There's a whole bunch of people who have a vested interest in further developing the software, and its not for money, it's just because they want to develop it into something more useful for their campus or their company,"" Rust said.
A new security measure was also added to MyUW in August, allowing students to log in and out of all the various applications connected to MyUW at the same time, rather than individually.
""Starting this summer, we implemented the ability to just sign on once to My UW-Madison and that automatically authenticated you to all of the applications that you would use,"" Rust said.
Brian Wahe, who handles security issues with DoIT, said that the changes came after various people reported finding computers still logged in to e-mail and other applications on MyUW.
""There were a small number of reports of people who reported walking up to a kiosk and seeing someone's e-mail,"" Wahe said.
The measure did not come as a response to any malicious activities, he said, but rather as a response to those complaints, aiming to prevent users from forgetting to log out of all of their personal programs individually.
""It was really good of the people to call and tell us that that was going on,"" Wahe said.
While there have not been any problems yet, Wahe said, it is still important to make sure that people could not purposely ""hack"" into the wide variety of information on MyUW, including e-mail, classes and calendars.
""In our environment, there are so many people who use shared workstations, either the kiosks or library computers or a friend's computer, whereas most people are not malicious in nature, we need to protect people's information,"" he said.
Hewig said that since it began using uPortal in May, UW-Madison has shared any improvements it makes to MyUW and to uPortal with the other universities that use it, while and the other universities share as well.
""With commercial products, you don't have as open a community that are sharing information,"" Hewig said.
The change to uPortal came after Epicentric, the company providing UW-Madison with the portal, signaled that it might raise its prices, according to Rust.
""They were going through some changes in terms of development of the software and also pricing that prompted us to do a review of other products we might find out there,"" Rust said.
The only real concern about the new MyUW is that DoIT will be responsible for handling any problems with the software, since there is no company backing it.
Wahe also says that there are no particular security concerns in using an open source program, like uPortal.
""There has been no identified security risk in using an open-source application like uPortal versus an enterprise application such as Epicentric,"" Wahe said.
However, Wahe stressed that the new security measures only go so far, and that students should take certain precautionary measures to protect their information.
""For students you want to protect your identity, so you want a secure password, you want to make sure you're visiting legitimate websites, that you're not responding to fishing schemes, don't provide personal information when you don't need to,"" Wahe said.
