How to Complete Your Zero Trust Mission With a Single Pane of Glass

  January 14th, 2021
Written by:

Since it was first coined by Forrester more than a decade ago, the Zero Trust model has proven its strength in identity and access management (IAM), relying on strict controls and not trusting anything by default. The events of 2020 have made Zero Trust (ZT) a priority once again as remote working requirements expanded every organizations’ networks well beyond the office walls.

The flexibility of the cloud made the swift shift to remote work possible, but it also introduced more than a few challenges for IAM and ZT. The challenges are compounded by the hybrid situations most companies find themselves in: still unable to move everything to the cloud while simultaneously in search of solutions that can better integrate with their on-premise and legacy systems. Unfortunately, this has often resulted in a disconnected patchwork of not quite connected quick fixes.

Piecemeal solutions are not sustainable. Businesses need one source of truth — one pane of glass — that brings all of these otherwise disparate technologies together in one platform. This saves organizations time and resources, keeps costs down, and seriously simplifies processes for IT teams.

The Hitachi ID Bravura Security Fabric gets organizations over these hurdles by bringing all of these critical needs into one solution and framework including Pass, Identity, Group, Privilege, and Discover. By shifting to a single pane of glass for IAM, organizations are able to better see the big picture and conquer even the most persistent challenges to achieve ZT success.

Bridge the Gaps

For many businesses, moving to the cloud is not a simple migration. It’s likely done in stages. Some businesses may even have highly regulated data that can’t be stored in the cloud at all and need to find hybrid solutions. On-premise and legacy problems don’t just go away when cloud services are introduced. Having a solution that can seamlessly integrate the cloud with existing architectures is a critical success factor.

The Hitachi Bravura Security Fabric and its extensive set of connectors significantly simplifies the integration of disparate systems. These connector capabilities are also core to the offerings within Hitachi ID Bravura Security Fabric, allowing organizations to easily turn on or off services (Pass, Identity, Group, Privilege, and Discover) as their business needs change.

Get a Handle on Groups

Across most industries, groups reign supreme as the primary access granting system for organizations. Keeping group access organized is a crucial aspect of maintaining a ZT model. All too often this is where wires get crossed — either by human error or a lack of access to controls beyond the IT team. Granting incorrect permissions via groups can spell disaster.

Organizations can avoid catastrophe with a few simple best practices: allow users group management access, automate where possible, create business friendly names for groups, etc. Hitachi ID Bravura Group can help your IT team easily oversee all of these group activities to maintain visibility and control over these critical access points. By balancing user access with IT oversight, organizations can maintain IAM and ZT success.

Increase Resiliency With Adaptive Authentication

As our recent survey uncovered, remote access remains a top IAM challenge and priority for many organizations. User authentication and password management is a critical component of remote access strategies and the ZT model. With remote access, IT teams face challenges caused by overly simple, misplaced, and generally compromised passwords and credentials. Remote working environments have only increased the risk surrounding these vulnerabilities, especially with insufficient support access.

Hitachi ID Bravura Pass helps businesses tackle these risks by providing resources to help users better manage their own credentials, including:

  • Strong authentication (MFA) and federated access (Security Assertions Markup Language (SAML) 2.0 identity provider (IdP) )
  • Self-service password and PIN reset
  • Self-service unlock of encrypted drives
  • Password synchronization
  • Managed enrollment of security questions, mobile phone numbers, personal e-mail addresses and biometrics

The Future of Zero Trust in the Cloud

Cloud environments present a fresh host of IAM and ZT challenges and the fact is siloed technologies cannot address these issues. By bringing together the tools to manage all of these business-critical pieces in one place, companies have a comprehensive collection of tools and resources that streamlines IAM in a single, secure, scalable solution.

We covered all of this and more in our recent webinar with Hitachi ID partner IntiGrow. As a leading global enterprise information security company and one of our channel partners, IntiGrow delivers comprehensive security solutions empowering enterprises to proactively detect and prevent security threats to their computing infrastructure, data, and applications.

Learn more about IntiGrow and the rest of our channel partners here and see the full webinar now available on demand by following this link: Complete Your Zero Trust Mission Using a Single Pane of Glass

UCSF Higher Education IAM Case Study

  January 12th, 2021
Written by:

In higher education the challenges of identity and access management (IAM) are many, and for the University of California San Francisco (UCSF), they had the usual obstacles: ever-increasing number of users with changeable and overlapping roles to account for (students, professors, faculty), plus the need to secure all of their personal data, data related to research projects, and federally funded grants. In addition an aging mainframe system sat at the core of their IAM environment and retiring it was of utmost importance since administrators with expertise in it were retiring quickly!

However, because UCSF is both a university and a hospital (with its own interlaced medical teaching needs), the IAM security environment is even more complicated. Multiple data sources combined with loose affiliations for members including students, teachers, staff, residents, nurses, doctors, researchers, guests, volunteers and contractors made the quality of the data unreliable.

That’s why after 20 years of coping with these mounting challenges, UCSF knew it was time to modernize its decades-old IAM system. The challenge? How to replace a legacy identity system that was deeply entangled with core business processes while keeping the older systems alive and minimizing risk to the university. Of course, there’s no easy answer, but ultimately it came down to finding the right approach:

Do the Research

Understanding what the best solution for their IAM challenges was a multi-step process unto itself. UCSF knew it needed one data source to automate provisioning, synchronize systems of record, and streamline appropriate access through the identity lifecycle with a highly secure yet publicly accessible identity solution. They also knew they needed to not only solve current challenges, but also plan for the future with a system that was capable of scaling and evolving to meet them.

Kevin Dale, senior manager of identity and access management at UCSF brought the project from concept to completion and conducted thorough research of the vendor landscape before beginning this critical transformation. Casting a wide net not only allowed him to vet potential vendors, it also brought to light what capabilities are being offered in the marketplace. Demonstrations and discussions with peers and reference clients helped validate the decision, making the next step infinitely simpler.

Prioritize Projects

For colleges and universities, an IAM upgrade is an enormous, multi-faceted project that impacts nearly every department. It’s not a solution that can be simply switched on. Implementation takes time and coordination to ensure that risk was mitigated to the greatest extent possible. That’s why UCSF knew it needed to prioritize the features and technology that were most critical.

For UCSF, the prioritized must-have features included password management and good connectors, including one for Active Directory supporting group management, identity lifecycle, access management and governance. Identifying these must-haves allowed the university to more clearly map out its roadmap and assisted in the vendor selection process by eliminating those who didn’t fit those needs.

Get Everyone on Board

With multiple departments, colleges, and the hospital to coordinate, having complete buy-in was an absolute must. Nine departments worked to promote adoption across the campus. The effort was spearheaded by the IT team, which outlined concrete deliverables: replacing the mainframe, introducing Hitachi ID Bravura Identity, production deployment, automating and standardizing provisioning and deactivations, and more.

By frequently communicating prioritized outcomes linked to timelines, the stakeholders helped foster partnerships with staff and kept the project on track and on budget. That included the critical step of training everyone on how to use the new Hitachi ID solution and augmented skills as needed.

With a modern Hitachi ID identity solution, UCSF simplified and improved data protection and access while reducing security risk. Improved control has better positioned UCSF to provide access for its members today and ever growing population into the future.

Hitachi ID is the only industry leader delivering password, identity, group and privileged access management across a single platform to ease implementation as your IAM and PAM roadmaps evolve. You can learn more about the IAM challenges UCSF faced and the solutions Hitachi ID implemented to overcome them here: UCSF IAM Case Study

Why Higher Education IAM Automation Shouldn’t Forget UX

  January 7th, 2021
Written by:

We recently asked IT leaders in higher education to share their thoughts on identity and access management (IAM) automation via a survey conducted with Pulse. The questions touched on their goals, progress so far, anticipated benefits, and more. For many of these questions, the results matched the trends we’re witnessing in IAM for higher education. However, a few categories had some surprises, among them, end user experience (UX).

While only 13% of higher education IT executives cited the improvement of end user
experience as a main benefit of IAM automation, two-thirds rated the influence of UX over the IAM roadmap as at least a 4 (on a scale of 1-5). End user experience isn’t driving IAM automation, but it still has plenty of pull when it comes to automation. Understanding its influence can help higher education better incorporate UX into automation plans moving forward.

Reputation Is Everything

Most end users may not be a decision maker at any colleges and universities, but they’re still certainly stakeholders when it comes to identity and access management. Whether it’s a student needing to reset their password from home or a new research project that requires specific entitlements, the process needs to be seamless, simple, and secure.

Clunky processes can create frustration for the end user (at best) and serious system vulnerabilities (at worst). It’s also worth noting that ultimately, when it comes to IAM processes, the opinions of end users can and do influence those who make the decisions.

Amplified by Remote Access

While remote access has always played a role in UX, the pandemic has made it a priority. Our survey reflected that 98% of those surveyed said UX improvement has risen in importance following the mass work-from-home migration and the broad swath of resources being accessed remotely. Remote access has also added another dimension to UX with IT teams needing to account for how remote students and faculty can reach support (for password problems or more serious issues) when the need arises.

Lighten the Load

While the end user is the focus of UX, higher education IT teams will also reap some of the benefits. Seamless, simple, secure IAM that’s easy to use and incorporates support solutions that users can access remotely, will ultimately remove many of those tasks (password resets, permission updates, etc.) from the IT team’s to-do list. Fewer user issues means less problem solving for your IT team, freeing them to focus on more strategic initiatives — further improving processes, application development, or whatever innovation is next.

User Experience Smart From the Start

UX may not be the driving force for higher education IAM automation, but IT leaders still need to keep its impact and influence in mind when plotting out their identity and access management roadmaps. When higher education IT leaders incorporate UX into IAM automation strategies from the start, they can stay ahead of any complications and ensure IAM automation benefits all stakeholders. Learn more about the many benefits of identity and access management automation in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

The Future of IAM and PAM: Hitachi ID Bravura Security Fabric

  January 4th, 2021
Written by:

In the age of digital transformation, protecting against threats is increasingly complex but also crucial as organizations face a constantly evolving cyberattack landscape.

This swiftly shifting environment has left many organizations with a collection of insufficient options when it comes to their identity and access (IAM) and privileged access (PAM) management solutions. Some must prioritize one essential service over another. Others have to patch together multiple services and platforms to cover their needs. Then there are those who have to settle for an incomplete system due to legacy assets.

What’s the solution?

Organizations need flexibility and reliability to power these critical systems with technological and architectural building blocks that protect, manage, and govern the entire IAM and PAM infrastructure.

Hitachi ID Bravura Security Fabric delivers on all of the above with a singular, powerful framework and platform that brings together all the layers of IAM and PAM solutions organizations need to manage and protect their most critical and sensitive identity data.

Hitachi ID has always strived to help businesses achieve access management success, and our latest solution and architecture, the Hitachi ID Bravura Security Fabric, continues that tradition.

The Right Platform and Framework

First and foremost, the Hitachi ID Bravura Security Fabric offers all of the IAM and PAM solutions organizations need in one place. The Hitachi ID Bravura Security Fabric brings together mature automation and detection, governance and compliance, analytics and reporting.

Plus, as a single open architecture platform and the industry’s largest organically grown connector portfolio, it offers a robust API platform to complete your security strategy. That means no more patching together solutions and potentially creating system vulnerabilities in the process. IT leaders can also simplify vendor selection and program deployment, streamline SLAs, and lower the overall cost.

Right-Sized for Your Business Needs

Hitachi ID Bravura Security Fabric isn’t solely a single solution for your IAM and PAM needs — it’s actually five. The security fabric architecture includes: Identity, Privilege, Pass, Group, and our threat detection layer Discover. This collection of services allows companies to weave patterns of functionality to protect against continual threats and ensure your identity and access security program is covered.

Every organization may not yet need this robust of a solution. That’s why the Bravura Security Fabric is built to be easily scaled up or down based on business needs. As new threats are uncovered or your roadmap evolves, turn services on or off as needed without the need to install other products.

Equipped to Combat Complex Cyberattacks Head On

What’s the best weapon organizations can deploy against increasingly sophisticated attacks? Automation. The Hitachi ID Bravura Security Fabric automation-first approach gives IT teams agility to accurately configure your identity and access solution and provide continual protection.

Hitachi ID Bravura secures your systems faster and more effectively than access certification and individual products. That’s just the start. Our threat and detection response layer, Hitachi ID Bravura Discover, gets ahead of the game by revealing changing risks before they happen and identifying threats below the surface — allowing your team time to resolve them before they become a larger issue.

The Right Roadmap for Your Industry

With more than two decades of experience and deployments around the world, Hitachi ID has honed in on how to deliver faster time to value across industries. We used these best practices to develop the Hitachi ID Bravura Security Fabric and the supporting Patterns customized for industries and products. These templatized solutions reduce time, cost and risk for IAM deployments from months to days.

The Power of One

By creating one, single source of truth for IAM and PAM solutions, the Hitachi ID Bravura Security Fabric empowers organizations to better navigate the increasingly difficult terrain of cybersecurity. You can learn more about Hitachi ID Bravura Security Fabric and the future of IAM and PAM through our on demand sessions from our first Digital Identity & Access Virtual Summit.

Combat Ransomware With Hitachi ID Bravura Security Fabric

  December 17th, 2020
Written by:

In the age of digital transformation, protecting employees and users against cyberattacks and ransomware threats is increasingly difficult but also more crucial than ever. Organizations face a constantly evolving and costly cyberattack landscape. In 2019, they spent an estimated $11.5 billion on ransomware attack recovery and this year, IBM projects data breaches will cost affected businesses around the world an average of $3.86 million each. Furthermore, the latest forecasts for global ransomware damage costs are expected to reach $20 billion by 2021.

It’s apparent the world of security is getting increasingly more costly and complex. When we used to think about organizational security, we were only concerned with our employees — whether they be in finance, operations, engineering, or supply chain. Today, when we evaluate security, we must also factor our customers and partners into the equation. We are seeing an explosion of identities across the security landscape and many organizations have adapted by weaving a complex web of identities and relationships into their network infrastructures. However, this complicated structure is still vulnerable to risk and attack.

As usage grows in complexity, businesses have traditionally tried to secure their systems through siloed individual technologies from different companies that have disparate architectures, different connectors, and multiple administrative screens. But when put to the test, these siloed solutions are not protecting organizational networks and leading to billions in damages not to mention irrevocable brand damage.

Interwoven legacy and disparate solutions aren’t the answer. Instead, many organizations are opting to weave in patterns of functionality with one solution — the Hitachi ID Bravura Security Fabric — to protect against continual and evolving threats.

The beauty of the Hitachi ID Bravura Security Fabric is that it’s a singular platform for identity, privilege access, and password and group management. It offers mature automation and detection, governance and compliance, and analytics and reporting capabilities all in one solution. Through the platform, organizations can simplify vendor selection and program deployment and streamline service level agreements and lower overall cost.

With a singular security platform, people, edge devices, network, system preferences, and data are all all under one umbrella. All layers are interconnected so changes you make to one layer or vertical will reverberate across the entirety of your organization’s systems and infrastructures. This ability makes implementing updates and security more efficient and cost effective. Moreover, these deployments can be fine-tuned to fit your customized needs whether that be SaaS, on-premise implementation, private cloud, or mix ‘n’ match hybrids.

Additionally, as an organization uncovers new threats or as its roadmap evolves, it allows you to turn services on or off as needed without installing other products. This potential offers turn-key customization and quick as-needed changes that a patchwork of distinct solutions simply cannot provide. Furthermore, it combats automated attacks with security automation to win against hackers and provide continual protection to secure your systems faster and more effectively than access certification and individual products.

With a singular security fabric, you can achieve some quick wins in increasing cybersecurity. Start with simple password management. Vault your shared credentials. Review all the current entitlements. Doing those undemanding things well will provide you with an immediate return on investment. Then over time, grow into more comprehensive, mature, and automated approaches. Often small changes have outsized gains when dealing with adversaries. But the critical thing here is to look at your threats comprehensively and tackle your most serious threats in priority order instead of which products you may have purchased:

  • Password policies and periodic changes with Hitachi ID Bravura Pass
  • Vaulting and managing administrative credentials with Hitachi ID Bravura Privilege
  • Reducing peoples unnecessary access through your organization with Hitachi ID Bravura Identity

Watch the webinar from our Power of One Summit to learn more about how the Hitachi ID Bravura Security Fabric can singularly transform your digital identity and access security culture.

Top Hurdles Holding Back Higher Education IAM Automation

  December 14th, 2020
Written by:

In our recent survey (conducted with Pulse) the latest trends in higher education identity access management (IAM) automation were confirmed: Nearly all IT leaders surveyed said they plan to automate (at least in part). That’s great news, since the unique IAM needs and challenges faced by colleges and universities make them a prime candidate for automation.

Unfortunately, due to obstacles faced by much of higher education, that automation panacea is still a ways off. The following hurdles are holding back critical growth for identity and access management in higher education and overcoming them will be crucial for success in the future.

Budget Constraints

Pre-pandemic, higher education was already facing budget cuts. Now, Covid-19 has only further intensified financial constraints. IT departments at colleges and universities, in particular, have been faced with unforeseen challenges as they were forced to quickly adapt for remote learning and then strengthen these swift solutions as the pandemic stretched on. Of course, this increase in internal IT demand had its own financial outlays and was simultaneously coupled with schools needing to tighten their budgets even further.

In our survey, all IT leaders agreed that budget is a primary roadblock for identity and access management automation. While there’s no easy solution for these financial hurdles, clearly communicating the full value of IAM automation (long-term cost savings, more efficient processes, fewer errors, etc.) will strengthen efforts to implement these essential processes and solutions.

Existing Infrastructure Investments

Legacy systems make those budget constraints even more challenging to overcome, as many schools have put significant amounts of time and financial investment into these systems and processes. Making the switch to a new automated system is about more than the financial cost, it’s also the time needed to onboard and implement that new technology — especially training teams and getting them up to speed with the new IAM solution.

All IT leaders we surveyed selected this as an impediment on the road to automation. Understanding that the investment — both time and cost — is worth the increase in efficiency, security, and so much more will allow colleges and universities to expedite their automation journey.

Executive Buy-in

Ultimately, automating identity and access management in higher education requires that IT leaders achieve buy-in from all decisions makers. While those in the trenches of the IT department may have a clear understanding of the benefits of automation, communicating that with the C-suite can present its own challenges.

While three-quarters of respondents identified executive buy-in as an automation hindrance, for schools struggling to convince decision makers of the value, it can be the sole roadblock to automation. As is the case with budget constraints, presenting the ROI of automation (time saved, decrease in human error, and as a result, reduced long-term costs) will be key in convincing leadership to commit to this essential evolution.

All of these challenges certainly present stumbling blocks on the path to IAM automation for colleges and universities. Clear communication of the return on this investment will be critical as higher education IAM moves forward. See the full results of our survey and learn more about IAM automation challenges and benefits for higher education in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

FAQ: Three Big IAM Questions Answered

  December 7th, 2020
Written by:

When identity access management implementation is on the table, there’s often a list of common questions that organizations ask before taking the big step. Some surround misconceptions, while others cover the lesser understood benefits that come with IAM automation. Overall, these questions have the potential to stall definitive IAM action and improvements that IT decision-makers can champion in any IAM execution.

To help streamline the decision making process, we’re spotlighting three of the most common questions and insightful answers to clear up much of this ambiguity and drive successful IAM automation process decisions.

  1. Are data cleanup or roles a prerequisite to IAM implementation?

Some people assume that before an IAM system deployment:

  1. You must clean up inappropriate entitlements.
  2. You must define roles to assign appropriate access rights to users automatically.

Both of these preconditions to IAM deployment are a myth. No matter how bad their access rights data, every organization has at least manual processes to grant and revoke access, and those processes work at some level. While cleaning up entitlement data is a worthwhile cause, it’s not a prerequisite for IAM deployments.

However, once you deploy an IAM system, processes such as analytics, org-chart construction, data cleansing, and more can help shape the definition and the automatic assignment of roles. In other words, IAM does not depend on role-based access control (RBAC), and RBAC does not strictly require IAM, but RBAC is much easier to implement once an IAM solution with role-mining capabilities is in place.

  1. Can an IAM system help clean up insufficient and incorrect data?? 

Many IT decision-makers look to IAM systems to provide a means to clean up unsatisfactory data. This desire is often the impetus behind implementation in the first place. Thankfully, automated processes and workflows helps clear the obstacles that substandard data places on an organization’s IT infrastructure and network.

You can leverage automated processes and workflows to:

  1. Link users to their managers.
  2. Invite stakeholders to perform reviews and flag inappropriate entitlements.
  3. Deal with orphan and dormant accounts and profiles. 

Take note, however, that an IAM implementation supports data cleanup and not the reverse. 

IT leadership can use a reference level IAM solution to clean up old, no-longer-needed entitlements. This process is often done before undertaking role development.

  1. Does RBAC help with efficiency or security? 

It is important to understand that role-based access control (RBAC) is useful for efficient administration and improves the user-friendliness of requests, but RBAC alone is not a practical approach to long-term risk management. 

Roles are an excellent way to grant appropriate rights where many users have identical requirements. When an organization scales and the scope of specific users’ authority grows ever-larger, such as with executive management, two deleterious things happen simultaneously:

1. The risk represented by these business users increases. Clearly, the CFO can do much more harm to a company than a sales clerk. 

2. Users become increasingly unique, making the use of roles to govern their access rights less cost-effective. For example: What is the point of defining a function if you will assign only one user that role?

Therefore, in less complicated scenarios, roles are a useful tool to improve access requests, automate entitlement assignment and revocation, and help manage entitlements shared by many users usually found in low-risk job functions. But don’t make the mistake of trying to create a role for everything. As roles become more fine-grained (applying to only a few people), they are no longer cost-effective, do little to assist in the management of entitlements, and, ultimately do not lower the access risk of the most privileged users.

Instead, other mechanisms – segregation of duties policy, approvals before granting access, risk scoring, and access certification – are more appropriate tools for risk management and access governance. 

While these three common questions cover some of the most significant IAM system ideas, they are not the only concerns that organizations have surrounding IAM solutions.  In fact, this FAQ may only scratch the surface of your own uncertainties and challenges in identity access management deployment and that is where Hitachi ID can be a helpful resource.

Schedule your demo today to see how Hitachi ID Bravura Identity can answer all of your identity management questions and challenges.

Unexpected Benefits of IAM Automation for Higher Education

  December 3rd, 2020
Written by:

Identity and access management (IAM) automation is an undeniable game changer in higher education, with countless advantages for colleges and universities. So, when we recently worked with Pulse to survey IT leaders in higher education, we were a little surprised by the narrow scope of some of the results. When asked what automation benefits they’re most looking forward to, most of the answers centered around three categories: 

  • Reduced security risk 
  • Boosted confidence in compliance status 
  • A shift from reactive to proactive threat detection

All of these are certainly key benefits for higher education; however, the payoffs for colleges and universities go well beyond these three. Automation can increase efficiency, resiliency, and accuracy in a number of ways.

More Time for Strategic Initiatives

While just over a third of respondents showed interest in this benefit, the importance of time saved cannot be overstated. Institutions that no longer have to spend time manually managing IAM can instead dedicate those resources to more innovative projects. Whether it’s app development, streamlining processes across departments, or focusing on end user experience, removing the more time-consuming parts of identity and access management allows colleges and universities to devote more resources towards strategic thinking.

Improved End User Experience

With so many other priorities to manage, user experience can get left behind. Our recent survey certainly reflected that: only 13% of respondents noted it as an expected benefit. Overlooking this vital piece of the IAM roadmap may expedite processes in the short-term, but poor UX can create extra work (i.e., onboarding challenges and overall usage issues) down the road if neglected for too long. 

Simplified Workflows and Streamlined, Modernized Processes

Never underestimate the power of simpler processes. These automation bonuses may have only sparked excitement in around 10% of our IT leaders, but these streamlined workflows can make all the difference for universities. This is especially true for larger institutions who are tasked with identity and access management across multiple departments and colleges where automation can save countless hours.

For IT leaders in higher education, IAM automation provides a significant number of positive outcomes. Before any of them can be realized, however, automation must be prioritized. Learn more about these important benefits of identity and access management automation in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

The Top Trends in Higher Education IAM According to IT Leaders

  November 19th, 2020
Written by:

Higher education institutions face numerous challenges when it comes to identity and access management (IAM), and this year has only intensified them. From the volume of resources and data to the unique lifecycles and access challenges presented by students, staff, and alumni, the cybersecurity threats and vulnerabilities are many. 

IAM for higher education has only been further complicated by a new batch of challenges brought on by the pandemic: an increase in layoffs, additional security challenges created by the influx of remote access requirements, and budgets that are even more in flux than they already were. Finding the right solution requires an intimate understanding of this complex case. 

To understand the landscape better, we went straight to IT leaders in higher education for their thoughts on IAM. Our survey, conducted by Pulse, focused on changes in priorities, emphasizing reducing the risk of using fewer resources. 

Their responses highlight some key themes and trends in higher ed IAM and provide not only a big picture of the state of higher education IAM but a clearer view of the best route forward for colleges and universities.

Automation vs. Governance?

Automation — a key business enabler — is becoming paramount for IAM success and the survey results reflected that with nearly all leaders reporting they plan to automate most or all of their IAM processes. But another result regarding governance seemed to stand in the way of these automation goals: 99% said they consider identity management governance (IGA) to be the best approach to identity and access management.

Furthermore, 97% also claim that IAM automation is necessary to maintain compliance — this brings to light a conflict between what respondents have implemented today and what best practices truly are. It’s long been a misconception that governance must precede automation to achieve IAM success, but automation is always a critical tool in achieving governance success. 

While governance is a critical success factor, prioritizing it over automation can actually slow the progress of both goals. Moving forward, colleges and universities should see automation as a tool to support governance, not the next step after compliance is taken care of.

4 Expected Benefits of Automation

Although automation is on almost every to-do list, higher education IT leaders have a slightly broader view of what the top benefits of automation will be. Reducing institutional security risks is a top priority for 69%. Just about two-thirds of respondents hope automated IAM will boost confidence in compliance status. 

Still, more than half hope to see a shift from reactive to proactive threat detection. Surprisingly, 37% look forward to reallocating resources to strategic initiatives. Luckily, automation can help higher education achieve all of these and more as IT initiatives and priorities continue to shift.

The Impact of 2020

Across all of higher education, the pandemic has threatened most institutions’ IT budgets and significantly slowed automation momentum. In fact, all of those surveyed reported that budgets and existing infrastructure investments are preventing full IAM automation. 

Other 2020 challenges have also shifted some automation priorities. For instance, there’s been a significant increase in layoffs and furloughs within colleges and universities since the start of the pandemic last spring. As a result, 93% of respondents say managing the provisioning and de-provisioning of entitlements has become more challenging without automation as a result of a smaller workforce. Nearly all of these executives say that automating IAM processes that specifically handle off-boarding for the increasing number of layoffs, plus the resources privileged users can access, would help them boost their organization’s productivity and security.
For IT leaders in higher education, IAM has always presented unique challenges. The pandemic not only heightened existing difficulties, it brought to light unforeseen problems as well. The good news is, automation can help solve many of them, but it needs to be prioritized. You can learn more about how automation can streamline identity and access management (while improving governance) in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

How Higher Education Can Combat Hackers with IAM Automation

  October 15th, 2020
Written by:

It’s no secret that cybersecurity threats are on the rise for colleges and universities. With their vast wealth of personal information, extensive pools of research, and ever-growing collections of data, higher education is a tantalizing target for cyber attacks and the increase in breaches has been reported for years.

While there’s no one reason for the increase, automation has certainly played a role. We are not referring to a school using automation, but rather, hackers automating their attacks. Whether they’re slowing sifting data or breaking in with brute force, cybercriminals are taking full advantage of these technologies. Automation is accelerating these threats, putting higher education at increased risk every day. 

How can schools defend themselves against these automated attacks? The answer is in the question — fight automation with automation. Yet despite having access to the same automation advancements utilized by hackers, many colleges and universities still use manual, outdated and often homegrown IAM solutions. 

To make matters more challenging, many of the barriers to automation for higher education are built on the incorrect belief that systems need to be full of clean, organized data before implementing an automated IAM system. The truth is automation can help schools efficiently organize their systems. By automating their IAM solutions, colleges and universities can get ahead of these challenges and fortify their systems in critical ways.

Reduce Human Error

The number one cause of IAM system vulnerabilities is (and probably always will be) human error. Whether it’s incorrect access privileges, a lingering orphan account, or poor password practices, the smallest of mistakes can become a big problem. By formalizing and automating privileges, passwords, and more, schools can significantly shore up their systems. While automation won’t eliminate human error entirely, it can decrease the opportunities for those small, avoidable, yet problematic mistakes.

Adapt More Quickly to an Ever-changing Cyber Threat Landscape

Keeping pace with the rate of technological advancement is a challenge under any circumstance. When those improvements are also working against you (i.e., enabling new ways for threat actors to take advantage of system vulnerabilities) it can seem absolutely impossible. By automating critical (and otherwise tedious) tasks, schools can free up resources to combat these dynamic threats and stay a step ahead of future ones.

Make Room for Innovation

Strong cybersecurity requires time and resources — especially when most of it’s manual. Schools that still rely on homegrown IAM solutions often spend countless hours patching problems as they arise. This is inefficient, unsustainable, and leaves no room for growth or innovation. By introducing automation, colleges and universities not only shore up their systems, they also take countless maintenance tasks off their teams’ plates. This frees up time to focus on system improvements, scaling opportunities, and more.

One of the top technology challenges for colleges and universities continues to be combating cyber attacks. The barrage is on the rise, boosted in part by automation. As threats become increasingly more complex, the solution is staring schools in the face. By automating IAM systems, schools can strengthen their systems with a scalable solution to better protect their most valuable data now — and for years to come.