Posts Tagged ‘Automation’

IAM Implementations Meet the Challenges of the New Higher Education Paradigm

  January 19th, 2021

In the current climate, higher education institutions face numerous extraordinary challenges in managing identity and crisis. Remote access has become the norm, introducing new variables to the higher education equation as students, staff, and alumni have unprecedented access to a growing number of resources that are also open to attack.

Furthermore, higher education budgets continue to be in flux forcing IT and security teams to reduce risk and operate with fewer resources. Automation has become necessary to make this new educational organization equation add up. It is the vital business enabler that empowers your organization to do more with less and is paramount to identity and access management’s (IAM) success in this new remote access paradigm.

Many higher education IT leaders acknowledge this emerging need for IAM, consistently implementing it across their organizations. However, a recent survey from Hitachi ID and Pulse uncovers a discrepancy between the IAM processes currently in place and what best practices genuinely are — especially when it comes to the benefits of IAM automation. Across a large sampling of higher education institutions, IT decision-makers have implemented IAM but are conflicted between the benefits of governance and automation.

The Conflict: IAM Implementation vs. IAM Best Practice

When asked if a governance-first initiative is the most effective way to initiate and manage an ongoing IAM program, almost all of the surveyed IT leaders at higher education institutions claim that access governance is the best approach to IAM. In fact, of the 98% who have implemented an IAM program, almost two-thirds have invested in IAM governance, including 52% who have also implemented IAM automation.

When higher education IT leaders were asked if their organization had made investments in access governance or identity and access automation, however, the results demonstrated a disconnect between IAM beliefs and action:

  • 52% had invested in both access governance and automation
  • 33% had invested in just access automation
  • 13% had invested in only access governance
  • 2% had invested in neither governance nor automation

Moreover, while these leaders say governance is the best approach, 97% also claim that IAM automation is necessary to maintain compliance. This statistic further reiterates the clash between what respondents have implemented today and what best practices truly are for IAM processes.

The Resolution: Automation Benefits and Goals Drive Convergence on IAM Implementation

Despite this divide between beliefs and practices, the data demonstrates that higher education IT leaders are looking to complement access governance with automation. Most institutions are planning to automate their IAM completely. This best-practice combination has been recognized by IT leadership as a way forward in this digital and remote access-first environment to boost the productivity and security of their organizations.

Already, 64% of IT leaders at higher education institutions have automated IAM processes like provisioning and deprovisioning of students, faculty, and alumni, but there are still many recognized areas of opportunity, including:

  • Life cycle management
  • Self-service requests
  • Risk score assignment

However, they admit that the only thing holding back further implementation are budget and existing infrastructure investments. Despite these barriers, approximately two-thirds of higher education IT decision-makers see it as an opportunity to reduce security risk, boost confidence in compliance status, and make a conscious shift from reactive to proactive threat detection. Moreover, almost all IT leaders see IAM implementation as an opportunity to improve the end-user experience in the wake of a year of mass work-from-home migrations, rising layoffs, and an ever-growing list of remotely accessed resources.

In a year filled with so many of these unforeseen changes and a new dynamic digital-first higher education paradigm, IAM automation and governance are the best-practice methods to meet these challenges with a proactive and future-focused strategy.

Review additional results of our survey and learn more about IAM automation for higher education in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.


How to Complete Your Zero Trust Mission With a Single Pane of Glass

  January 14th, 2021

Since it was first coined by Forrester more than a decade ago, the Zero Trust model has proven its strength in identity and access management (IAM), relying on strict controls and not trusting anything by default. The events of 2020 have made Zero Trust (ZT) a priority once again as remote working requirements expanded every organizations’ networks well beyond the office walls.

The flexibility of the cloud made the swift shift to remote work possible, but it also introduced more than a few challenges for IAM and ZT. The challenges are compounded by the hybrid situations most companies find themselves in: still unable to move everything to the cloud while simultaneously in search of solutions that can better integrate with their on-premise and legacy systems. Unfortunately, this has often resulted in a disconnected patchwork of not quite connected quick fixes.

Piecemeal solutions are not sustainable. Businesses need one source of truth — one pane of glass — that brings all of these otherwise disparate technologies together in one platform. This saves organizations time and resources, keeps costs down, and seriously simplifies processes for IT teams.

The Hitachi ID Bravura Security Fabric gets organizations over these hurdles by bringing all of these critical needs into one solution and framework including Pass, Identity, Group, Privilege, and Discover. By shifting to a single pane of glass for IAM, organizations are able to better see the big picture and conquer even the most persistent challenges to achieve ZT success.

Bridge the Gaps

For many businesses, moving to the cloud is not a simple migration. It’s likely done in stages. Some businesses may even have highly regulated data that can’t be stored in the cloud at all and need to find hybrid solutions. On-premise and legacy problems don’t just go away when cloud services are introduced. Having a solution that can seamlessly integrate the cloud with existing architectures is a critical success factor.

The Hitachi Bravura Security Fabric and its extensive set of connectors significantly simplifies the integration of disparate systems. These connector capabilities are also core to the offerings within Hitachi ID Bravura Security Fabric, allowing organizations to easily turn on or off services (Pass, Identity, Group, Privilege, and Discover) as their business needs change.

Get a Handle on Groups

Across most industries, groups reign supreme as the primary access granting system for organizations. Keeping group access organized is a crucial aspect of maintaining a ZT model. All too often this is where wires get crossed — either by human error or a lack of access to controls beyond the IT team. Granting incorrect permissions via groups can spell disaster.

Organizations can avoid catastrophe with a few simple best practices: allow users group management access, automate where possible, create business friendly names for groups, etc. Hitachi ID Bravura Group can help your IT team easily oversee all of these group activities to maintain visibility and control over these critical access points. By balancing user access with IT oversight, organizations can maintain IAM and ZT success.

Increase Resiliency With Adaptive Authentication

As our recent survey uncovered, remote access remains a top IAM challenge and priority for many organizations. User authentication and password management is a critical component of remote access strategies and the ZT model. With remote access, IT teams face challenges caused by overly simple, misplaced, and generally compromised passwords and credentials. Remote working environments have only increased the risk surrounding these vulnerabilities, especially with insufficient support access.

Hitachi ID Bravura Pass helps businesses tackle these risks by providing resources to help users better manage their own credentials, including:

  • Strong authentication (MFA) and federated access (Security Assertions Markup Language (SAML) 2.0 identity provider (IdP) )
  • Self-service password and PIN reset
  • Self-service unlock of encrypted drives
  • Password synchronization
  • Managed enrollment of security questions, mobile phone numbers, personal e-mail addresses and biometrics

The Future of Zero Trust in the Cloud

Cloud environments present a fresh host of IAM and ZT challenges and the fact is siloed technologies cannot address these issues. By bringing together the tools to manage all of these business-critical pieces in one place, companies have a comprehensive collection of tools and resources that streamlines IAM in a single, secure, scalable solution.

We covered all of this and more in our recent webinar with Hitachi ID partner IntiGrow. As a leading global enterprise information security company and one of our channel partners, IntiGrow delivers comprehensive security solutions empowering enterprises to proactively detect and prevent security threats to their computing infrastructure, data, and applications.

Learn more about IntiGrow and the rest of our channel partners here and see the full webinar now available on demand by following this link: Complete Your Zero Trust Mission Using a Single Pane of Glass


Key IAM Automation Policies and Controls for Stronger Governance

  September 15th, 2020

One of the most unique challenges of identity and access management in higher education is the complicated life cycles and overlapping roles of users. The roles of students, professors, and other staff within higher education are constantly evolving and require varied levels of access. 

To keep users secure and systems compliant with governance requirements, colleges and universities need an IAM solution that keeps up with these flexible structures. Still, many schools stick with manual homegrown, legacy systems because of the belief it’s the only way to ensure both flexibility and security. But there is a simpler solution. 

By introducing the right policies and IAM automation controls (i.e. features that reduce inappropriate access rights), colleges and universities can not only better regulate appropriate role-based access across networks but also strengthen governance and cybersecurity. 

Enforce Authentication and Password Security

Every time a user logs in, they access confidential information. Whether they are searching the library’s database or entering their home address and billing information for tuition payments, each login involves valuable details, which attracts hackers.  

The first step to protect this data is to ensure that each user is verified when logging into the system. While there are methods in place to ask the user to self-identify (such as answer a security question), a multi-factor authentication (MFA) control is the most secure way to verify a user. By replacing passwords and security questions with tokens or PINs sent to separate devices (e.g., a smartphone), MFA enables a secure, seamless process across systems. 

MFA also plays an important role when users forget their passwords because they can be automatically authenticated without the need for IT support to manually step in. Last spring when schools went virtual as a result of Covid-19, students began logging into university and college systems from all over the world. This posed the threat of not recognizing hackers based on obscure locations. Multi-factor authentication provides additional security to meet governance requirements, even with new remote and hybrid environments.

Streamline Complex System Access Requirements

In addition to managing complex roles, most universities and colleges require that information be shared between schools and departments and even third-parties (i.e. research partners at other universities and institutes). With all of these access levels to consider it can be challenging to ensure everyone has the access they need and nothing more. This is why Segregation of Duties (SoD) is crucial and especially helpful in keeping systems secure and compliant with any governance requirements. 

Put simply, SoD defines the set of entitlements that should not be assigned at the same time to any one user. Ultimately, SoD prevents conflicts of interest within overlapping roles as well as failures in the system that could expose it to a security breach. 

Automate Account Deactivation

The typical four-year structure of colleges and universities means that these institutions are turning over thousands of graduates each spring. Imagine manually terminating and migrating all of those accounts each spring. Undoubtedly, it would be a time-consuming task that’s incredibly susceptible to human error. 

By automating the deactivation of these accounts via IAM controls, schools are able to expedite the process and enforce governance and cybersecurity requirements by preventing the system from filling with orphaned or dormant accounts.

Securing IAM solutions while prioritizing security and governance has always been a complicated task for colleges and universities. Now, with the added challenge of remote and hybrid learning environments, the need for a simpler solution is even more apparent. Homegrown legacy systems are not sufficient. By incorporating these fundamental policies and automated IAM controls, schools can take tedious tasks off their to-do list while achieving governance and cybersecurity success.


IAM Automation: The Secret to Governance and Cybersecurity Success in Higher Ed

  September 8th, 2020

For colleges and universities, governance and cybersecurity can get quite complicated. These institutions of higher learning are entrusted with an enormous amount of personal data (emails, transcripts, test scores, salaries, etc.), from students, teachers, alumni, and more. The safety and security of it is of the utmost importance, but due to the complexity of higher ed organizational structures, many schools are still operating with manual legacy and homegrown solutions for identity and access management (IAM).

When the Covid-19 pandemic forced schools to shift to remote and hybrid learning, the importance of strong policies and protocols for cybersecurity and governance only increased, as did the degree of difficulty. With increased remote access, universities have to contend with a slew of unknowns as students and staff who once primarily accessed systems via internal networks are now signing in from countless external sources.

The solution? Automation. It’s a core value of IAM solutions and can help schools meet and maintain governance and cybersecurity goals by simplifying critical IAM processes:

Better Define and Manage Roles

Lifecycle management, particularly properly assigning user roles, is a critical piece of higher ed IAM and governance. It’s complicated because of the unique organizational structure of colleges and universities — roles can overlap (professors who are also students, for example), change frequently (active students become alums), and new users are a near-constant (welcome, freshmen!). Because of these complexities, a manual approach is both time-consuming and prone to human error. 

To assign roles effectively and efficiently, higher ed IAM requires flexibility and customization. By automating and integrating the IAM solution, the system is able to both discover and define roles based on the parameters provided, saving time and avoiding costly, potentially disastrous mistakes.

Improve Data Cleaning Capabilities

Given the sheer volume of data processed in higher education, it’s inevitable some bad data will exist in the system. Unfortunately, there’s a persistent myth that this data needs to be cleaned before any automation can be implemented. That simply isn’t true. 

Automation supports data cleanup, not the inverse. Automated processes and workflows can be used to quickly flag inappropriate access and deal with orphan and dormant accounts and profiles, eliminating potential cybersecurity risks before they begin.

Strengthen Controls

Preventing inappropriate access either by internal users or outside threats is a core piece of cybersecurity and governance for colleges and universities. It’s important that schools not only have the right controls in place but that they’re able to quickly react to any potential threats to the system.

From automatic access deactivation to risk scores to password security, controls are key to tighten access procedures (a crucial part of cybersecurity). Automation exponentially improves these processes to quickly spot and solve any potential breaches before they happen.

Institutions of higher learning are dealing with an exponential amount of personal data at any given moment, and manual solutions simply won’t cut it anymore. The transition to IAM automation is by no means a challenge that’s unique to the higher ed world, but when it comes to governance and data privacy, the stakes are high and complicated. Getting it right is critical not only for governance and cybersecurity success, it benefits the whole IT ecosystem from admin to end-user.