Something to look into: http://www.fidelissecurity.com/
We need to insure that staff and faculty who have legitimate access to sensitive information are not both creating their own databases or spreadsheets on their local systems AND running P2P networking software. Here's how it burnt Pfzier: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024491
Ideally, we need a comprehensive security and reporting strategy that both protects sensitive information and allows functional offices to deliver services.
Higher Education public institutions are facing significant financial challenges as they move to become more entrepreneurial. Another challenge as identified by Robert Zemsky, et.al. in "Remaking the American University" will be to maintain mission focus.
The University of Rhode Island appears to moving to address the challenge as outlined by their President in a Providence Journal article. Having the pleasure to work at an institution that is also seeking to find new opportunities to grow and service the region, I appreciate their efforts.