Posts Tagged ‘Governance’

IAM Implementations Meet the Challenges of the New Higher Education Paradigm

  January 19th, 2021

In the current climate, higher education institutions face numerous extraordinary challenges in managing identity and crisis. Remote access has become the norm, introducing new variables to the higher education equation as students, staff, and alumni have unprecedented access to a growing number of resources that are also open to attack.

Furthermore, higher education budgets continue to be in flux forcing IT and security teams to reduce risk and operate with fewer resources. Automation has become necessary to make this new educational organization equation add up. It is the vital business enabler that empowers your organization to do more with less and is paramount to identity and access management’s (IAM) success in this new remote access paradigm.

Many higher education IT leaders acknowledge this emerging need for IAM, consistently implementing it across their organizations. However, a recent survey from Hitachi ID and Pulse uncovers a discrepancy between the IAM processes currently in place and what best practices genuinely are — especially when it comes to the benefits of IAM automation. Across a large sampling of higher education institutions, IT decision-makers have implemented IAM but are conflicted between the benefits of governance and automation.

The Conflict: IAM Implementation vs. IAM Best Practice

When asked if a governance-first initiative is the most effective way to initiate and manage an ongoing IAM program, almost all of the surveyed IT leaders at higher education institutions claim that access governance is the best approach to IAM. In fact, of the 98% who have implemented an IAM program, almost two-thirds have invested in IAM governance, including 52% who have also implemented IAM automation.

When higher education IT leaders were asked if their organization had made investments in access governance or identity and access automation, however, the results demonstrated a disconnect between IAM beliefs and action:

  • 52% had invested in both access governance and automation
  • 33% had invested in just access automation
  • 13% had invested in only access governance
  • 2% had invested in neither governance nor automation

Moreover, while these leaders say governance is the best approach, 97% also claim that IAM automation is necessary to maintain compliance. This statistic further reiterates the clash between what respondents have implemented today and what best practices truly are for IAM processes.

The Resolution: Automation Benefits and Goals Drive Convergence on IAM Implementation

Despite this divide between beliefs and practices, the data demonstrates that higher education IT leaders are looking to complement access governance with automation. Most institutions are planning to automate their IAM completely. This best-practice combination has been recognized by IT leadership as a way forward in this digital and remote access-first environment to boost the productivity and security of their organizations.

Already, 64% of IT leaders at higher education institutions have automated IAM processes like provisioning and deprovisioning of students, faculty, and alumni, but there are still many recognized areas of opportunity, including:

  • Life cycle management
  • Self-service requests
  • Risk score assignment

However, they admit that the only thing holding back further implementation are budget and existing infrastructure investments. Despite these barriers, approximately two-thirds of higher education IT decision-makers see it as an opportunity to reduce security risk, boost confidence in compliance status, and make a conscious shift from reactive to proactive threat detection. Moreover, almost all IT leaders see IAM implementation as an opportunity to improve the end-user experience in the wake of a year of mass work-from-home migrations, rising layoffs, and an ever-growing list of remotely accessed resources.

In a year filled with so many of these unforeseen changes and a new dynamic digital-first higher education paradigm, IAM automation and governance are the best-practice methods to meet these challenges with a proactive and future-focused strategy.

Review additional results of our survey and learn more about IAM automation for higher education in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.


Key IAM Automation Policies and Controls for Stronger Governance

  September 15th, 2020

One of the most unique challenges of identity and access management in higher education is the complicated life cycles and overlapping roles of users. The roles of students, professors, and other staff within higher education are constantly evolving and require varied levels of access. 

To keep users secure and systems compliant with governance requirements, colleges and universities need an IAM solution that keeps up with these flexible structures. Still, many schools stick with manual homegrown, legacy systems because of the belief it’s the only way to ensure both flexibility and security. But there is a simpler solution. 

By introducing the right policies and IAM automation controls (i.e. features that reduce inappropriate access rights), colleges and universities can not only better regulate appropriate role-based access across networks but also strengthen governance and cybersecurity. 

Enforce Authentication and Password Security

Every time a user logs in, they access confidential information. Whether they are searching the library’s database or entering their home address and billing information for tuition payments, each login involves valuable details, which attracts hackers.  

The first step to protect this data is to ensure that each user is verified when logging into the system. While there are methods in place to ask the user to self-identify (such as answer a security question), a multi-factor authentication (MFA) control is the most secure way to verify a user. By replacing passwords and security questions with tokens or PINs sent to separate devices (e.g., a smartphone), MFA enables a secure, seamless process across systems. 

MFA also plays an important role when users forget their passwords because they can be automatically authenticated without the need for IT support to manually step in. Last spring when schools went virtual as a result of Covid-19, students began logging into university and college systems from all over the world. This posed the threat of not recognizing hackers based on obscure locations. Multi-factor authentication provides additional security to meet governance requirements, even with new remote and hybrid environments.

Streamline Complex System Access Requirements

In addition to managing complex roles, most universities and colleges require that information be shared between schools and departments and even third-parties (i.e. research partners at other universities and institutes). With all of these access levels to consider it can be challenging to ensure everyone has the access they need and nothing more. This is why Segregation of Duties (SoD) is crucial and especially helpful in keeping systems secure and compliant with any governance requirements. 

Put simply, SoD defines the set of entitlements that should not be assigned at the same time to any one user. Ultimately, SoD prevents conflicts of interest within overlapping roles as well as failures in the system that could expose it to a security breach. 

Automate Account Deactivation

The typical four-year structure of colleges and universities means that these institutions are turning over thousands of graduates each spring. Imagine manually terminating and migrating all of those accounts each spring. Undoubtedly, it would be a time-consuming task that’s incredibly susceptible to human error. 

By automating the deactivation of these accounts via IAM controls, schools are able to expedite the process and enforce governance and cybersecurity requirements by preventing the system from filling with orphaned or dormant accounts.

Securing IAM solutions while prioritizing security and governance has always been a complicated task for colleges and universities. Now, with the added challenge of remote and hybrid learning environments, the need for a simpler solution is even more apparent. Homegrown legacy systems are not sufficient. By incorporating these fundamental policies and automated IAM controls, schools can take tedious tasks off their to-do list while achieving governance and cybersecurity success.


IAM Automation: The Secret to Governance and Cybersecurity Success in Higher Ed

  September 8th, 2020

For colleges and universities, governance and cybersecurity can get quite complicated. These institutions of higher learning are entrusted with an enormous amount of personal data (emails, transcripts, test scores, salaries, etc.), from students, teachers, alumni, and more. The safety and security of it is of the utmost importance, but due to the complexity of higher ed organizational structures, many schools are still operating with manual legacy and homegrown solutions for identity and access management (IAM).

When the Covid-19 pandemic forced schools to shift to remote and hybrid learning, the importance of strong policies and protocols for cybersecurity and governance only increased, as did the degree of difficulty. With increased remote access, universities have to contend with a slew of unknowns as students and staff who once primarily accessed systems via internal networks are now signing in from countless external sources.

The solution? Automation. It’s a core value of IAM solutions and can help schools meet and maintain governance and cybersecurity goals by simplifying critical IAM processes:

Better Define and Manage Roles

Lifecycle management, particularly properly assigning user roles, is a critical piece of higher ed IAM and governance. It’s complicated because of the unique organizational structure of colleges and universities — roles can overlap (professors who are also students, for example), change frequently (active students become alums), and new users are a near-constant (welcome, freshmen!). Because of these complexities, a manual approach is both time-consuming and prone to human error. 

To assign roles effectively and efficiently, higher ed IAM requires flexibility and customization. By automating and integrating the IAM solution, the system is able to both discover and define roles based on the parameters provided, saving time and avoiding costly, potentially disastrous mistakes.

Improve Data Cleaning Capabilities

Given the sheer volume of data processed in higher education, it’s inevitable some bad data will exist in the system. Unfortunately, there’s a persistent myth that this data needs to be cleaned before any automation can be implemented. That simply isn’t true. 

Automation supports data cleanup, not the inverse. Automated processes and workflows can be used to quickly flag inappropriate access and deal with orphan and dormant accounts and profiles, eliminating potential cybersecurity risks before they begin.

Strengthen Controls

Preventing inappropriate access either by internal users or outside threats is a core piece of cybersecurity and governance for colleges and universities. It’s important that schools not only have the right controls in place but that they’re able to quickly react to any potential threats to the system.

From automatic access deactivation to risk scores to password security, controls are key to tighten access procedures (a crucial part of cybersecurity). Automation exponentially improves these processes to quickly spot and solve any potential breaches before they happen.

Institutions of higher learning are dealing with an exponential amount of personal data at any given moment, and manual solutions simply won’t cut it anymore. The transition to IAM automation is by no means a challenge that’s unique to the higher ed world, but when it comes to governance and data privacy, the stakes are high and complicated. Getting it right is critical not only for governance and cybersecurity success, it benefits the whole IT ecosystem from admin to end-user.