Posts Tagged ‘Higher Education IAM’

Why Higher Education IAM Needs Zero Trust

  January 28th, 2021

Even though the Zero Trust model has been around for more than a decade, the term can still confound and even put off some technology teams. However, higher education’s emphasis on identity and access management (IAM) paired with the Zero Trust model’s strict controls are an ideal match for higher education.

In fact, it’s nearly impossible to build a true Zero Trust environment without a strong IAM strategy and IAM goals can only benefit from the guidelines that Zero Trust demands. Together, IAM and Zero Trust allow schools the agility they require to meet their unique cybersecurity needs while maintaining as secure a system as possible to keep the personal data of students, professors, administrators, and more protected against breaches. Many technologies such as multi-factor authentication (MFA), analytics, risk scoring and strong encryption are needed to ensure success of a Zero Trust program.

Get a Better Handle on Complex Lifecycles

A focus on the identity of users is inherently built into identity and access management for universities. With flexible, transient student and faculty populations, they’re responsible for the private data of countless individuals at any given time. This goal makes it a natural fit for Zero Trust, which relies on strict controls for each and every user.

To optimize the Zero Trust model within their user lifecycles, universities should focus on the strict provisioning of users with strong authentication and authorization. An IAM platform that allows simple management of multi factor authentications can make the most of an IAM and Zero Trust collaboration.

Optimize Automation

In many cases, introducing a Zero Trust model means exchanging the more common network-perimeter security for an access per-application method. Stricter authorization guidelines are a cornerstone of Zero Trust.

However, this case by case approach to access may seem like a non-starter for universities because of their high turnover rate as a result of student matriculation. The first step is to impose enhanced governance policies which reduce the access rights users need to an absolute minimum to accomplish their specific tasks. Then, IAM automation helps schools solve for this challenge while maintaining the restrictions required to maintain a Zero Trust architecture and secure critical data.

Mitigate the Impact of Breaches

The fact remains: Regardless of how tight restrictions are, no system is unbreachable. That being said, should the worst happen, a Zero Trust environment does help lessen the impact of a breach. Its tight authorization restrictions and strict access controls at the identity level means most breaches can be easily contained to a handful of users. That’s good news for schools as cyberattacks continue to increase in volume and complexity.

Better Together

With the continued increase in cyberthreats faced by colleges and universities (made even more critical by the spike in remote access brought on by the pandemic), rise in interest Zero Trust security architectures is certainly not surprising.

To succeed with Zero Trust and IAM, schools need a solid foundation of security technologies. For colleges and universities, that foundation is an IAM solution that truly meets all of their data privacy needs. As we prepare for Data Privacy Day, this dynamic duo is the perfect pair to keep colleges and universities a step ahead of hackers now — and well into the future.

You can learn more about how Zero Trust and IAM provide the cohesive cybersecurity solution modern organizations require in our recent webinar: Complete Your Zero Trust Mission Using a Single Pane of Glass. Join our next webinar on March 4th

UCSF Higher Education IAM Case Study

  January 12th, 2021

In higher education the challenges of identity and access management (IAM) are many, and for the University of California San Francisco (UCSF), they had the usual obstacles: ever-increasing number of users with changeable and overlapping roles to account for (students, professors, faculty), plus the need to secure all of their personal data, data related to research projects, and federally funded grants. In addition an aging mainframe system sat at the core of their IAM environment and retiring it was of utmost importance since administrators with expertise in it were retiring quickly!

However, because UCSF is both a university and a hospital (with its own interlaced medical teaching needs), the IAM security environment is even more complicated. Multiple data sources combined with loose affiliations for members including students, teachers, staff, residents, nurses, doctors, researchers, guests, volunteers and contractors made the quality of the data unreliable.

That’s why after 20 years of coping with these mounting challenges, UCSF knew it was time to modernize its decades-old IAM system. The challenge? How to replace a legacy identity system that was deeply entangled with core business processes while keeping the older systems alive and minimizing risk to the university. Of course, there’s no easy answer, but ultimately it came down to finding the right approach:

Do the Research

Understanding what the best solution for their IAM challenges was a multi-step process unto itself. UCSF knew it needed one data source to automate provisioning, synchronize systems of record, and streamline appropriate access through the identity lifecycle with a highly secure yet publicly accessible identity solution. They also knew they needed to not only solve current challenges, but also plan for the future with a system that was capable of scaling and evolving to meet them.

Kevin Dale, senior manager of identity and access management at UCSF brought the project from concept to completion and conducted thorough research of the vendor landscape before beginning this critical transformation. Casting a wide net not only allowed him to vet potential vendors, it also brought to light what capabilities are being offered in the marketplace. Demonstrations and discussions with peers and reference clients helped validate the decision, making the next step infinitely simpler.

Prioritize Projects

For colleges and universities, an IAM upgrade is an enormous, multi-faceted project that impacts nearly every department. It’s not a solution that can be simply switched on. Implementation takes time and coordination to ensure that risk was mitigated to the greatest extent possible. That’s why UCSF knew it needed to prioritize the features and technology that were most critical.

For UCSF, the prioritized must-have features included password management and good connectors, including one for Active Directory supporting group management, identity lifecycle, access management and governance. Identifying these must-haves allowed the university to more clearly map out its roadmap and assisted in the vendor selection process by eliminating those who didn’t fit those needs.

Get Everyone on Board

With multiple departments, colleges, and the hospital to coordinate, having complete buy-in was an absolute must. Nine departments worked to promote adoption across the campus. The effort was spearheaded by the IT team, which outlined concrete deliverables: replacing the mainframe, introducing Hitachi ID Bravura Identity, production deployment, automating and standardizing provisioning and deactivations, and more.

By frequently communicating prioritized outcomes linked to timelines, the stakeholders helped foster partnerships with staff and kept the project on track and on budget. That included the critical step of training everyone on how to use the new Hitachi ID solution and augmented skills as needed.

With a modern Hitachi ID identity solution, UCSF simplified and improved data protection and access while reducing security risk. Improved control has better positioned UCSF to provide access for its members today and ever growing population into the future.

Hitachi ID is the only industry leader delivering password, identity, group and privileged access management across a single platform to ease implementation as your IAM and PAM roadmaps evolve. You can learn more about the IAM challenges UCSF faced and the solutions Hitachi ID implemented to overcome them here: UCSF IAM Case Study

Why Higher Education IAM Automation Shouldn’t Forget UX

  January 7th, 2021

We recently asked IT leaders in higher education to share their thoughts on identity and access management (IAM) automation via a survey conducted with Pulse. The questions touched on their goals, progress so far, anticipated benefits, and more. For many of these questions, the results matched the trends we’re witnessing in IAM for higher education. However, a few categories had some surprises, among them, end user experience (UX).

While only 13% of higher education IT executives cited the improvement of end user
experience as a main benefit of IAM automation, two-thirds rated the influence of UX over the IAM roadmap as at least a 4 (on a scale of 1-5). End user experience isn’t driving IAM automation, but it still has plenty of pull when it comes to automation. Understanding its influence can help higher education better incorporate UX into automation plans moving forward.

Reputation Is Everything

Most end users may not be a decision maker at any colleges and universities, but they’re still certainly stakeholders when it comes to identity and access management. Whether it’s a student needing to reset their password from home or a new research project that requires specific entitlements, the process needs to be seamless, simple, and secure.

Clunky processes can create frustration for the end user (at best) and serious system vulnerabilities (at worst). It’s also worth noting that ultimately, when it comes to IAM processes, the opinions of end users can and do influence those who make the decisions.

Amplified by Remote Access

While remote access has always played a role in UX, the pandemic has made it a priority. Our survey reflected that 98% of those surveyed said UX improvement has risen in importance following the mass work-from-home migration and the broad swath of resources being accessed remotely. Remote access has also added another dimension to UX with IT teams needing to account for how remote students and faculty can reach support (for password problems or more serious issues) when the need arises.

Lighten the Load

While the end user is the focus of UX, higher education IT teams will also reap some of the benefits. Seamless, simple, secure IAM that’s easy to use and incorporates support solutions that users can access remotely, will ultimately remove many of those tasks (password resets, permission updates, etc.) from the IT team’s to-do list. Fewer user issues means less problem solving for your IT team, freeing them to focus on more strategic initiatives — further improving processes, application development, or whatever innovation is next.

User Experience Smart From the Start

UX may not be the driving force for higher education IAM automation, but IT leaders still need to keep its impact and influence in mind when plotting out their identity and access management roadmaps. When higher education IT leaders incorporate UX into IAM automation strategies from the start, they can stay ahead of any complications and ensure IAM automation benefits all stakeholders. Learn more about the many benefits of identity and access management automation in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

Top Hurdles Holding Back Higher Education IAM Automation

  December 14th, 2020

In our recent survey (conducted with Pulse) the latest trends in higher education identity access management (IAM) automation were confirmed: Nearly all IT leaders surveyed said they plan to automate (at least in part). That’s great news, since the unique IAM needs and challenges faced by colleges and universities make them a prime candidate for automation.

Unfortunately, due to obstacles faced by much of higher education, that automation panacea is still a ways off. The following hurdles are holding back critical growth for identity and access management in higher education and overcoming them will be crucial for success in the future.

Budget Constraints

Pre-pandemic, higher education was already facing budget cuts. Now, Covid-19 has only further intensified financial constraints. IT departments at colleges and universities, in particular, have been faced with unforeseen challenges as they were forced to quickly adapt for remote learning and then strengthen these swift solutions as the pandemic stretched on. Of course, this increase in internal IT demand had its own financial outlays and was simultaneously coupled with schools needing to tighten their budgets even further.

In our survey, all IT leaders agreed that budget is a primary roadblock for identity and access management automation. While there’s no easy solution for these financial hurdles, clearly communicating the full value of IAM automation (long-term cost savings, more efficient processes, fewer errors, etc.) will strengthen efforts to implement these essential processes and solutions.

Existing Infrastructure Investments

Legacy systems make those budget constraints even more challenging to overcome, as many schools have put significant amounts of time and financial investment into these systems and processes. Making the switch to a new automated system is about more than the financial cost, it’s also the time needed to onboard and implement that new technology — especially training teams and getting them up to speed with the new IAM solution.

All IT leaders we surveyed selected this as an impediment on the road to automation. Understanding that the investment — both time and cost — is worth the increase in efficiency, security, and so much more will allow colleges and universities to expedite their automation journey.

Executive Buy-in

Ultimately, automating identity and access management in higher education requires that IT leaders achieve buy-in from all decisions makers. While those in the trenches of the IT department may have a clear understanding of the benefits of automation, communicating that with the C-suite can present its own challenges.

While three-quarters of respondents identified executive buy-in as an automation hindrance, for schools struggling to convince decision makers of the value, it can be the sole roadblock to automation. As is the case with budget constraints, presenting the ROI of automation (time saved, decrease in human error, and as a result, reduced long-term costs) will be key in convincing leadership to commit to this essential evolution.

All of these challenges certainly present stumbling blocks on the path to IAM automation for colleges and universities. Clear communication of the return on this investment will be critical as higher education IAM moves forward. See the full results of our survey and learn more about IAM automation challenges and benefits for higher education in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

Unexpected Benefits of IAM Automation for Higher Education

  December 3rd, 2020

Identity and access management (IAM) automation is an undeniable game changer in higher education, with countless advantages for colleges and universities. So, when we recently worked with Pulse to survey IT leaders in higher education, we were a little surprised by the narrow scope of some of the results. When asked what automation benefits they’re most looking forward to, most of the answers centered around three categories: 

  • Reduced security risk 
  • Boosted confidence in compliance status 
  • A shift from reactive to proactive threat detection

All of these are certainly key benefits for higher education; however, the payoffs for colleges and universities go well beyond these three. Automation can increase efficiency, resiliency, and accuracy in a number of ways.

More Time for Strategic Initiatives

While just over a third of respondents showed interest in this benefit, the importance of time saved cannot be overstated. Institutions that no longer have to spend time manually managing IAM can instead dedicate those resources to more innovative projects. Whether it’s app development, streamlining processes across departments, or focusing on end user experience, removing the more time-consuming parts of identity and access management allows colleges and universities to devote more resources towards strategic thinking.

Improved End User Experience

With so many other priorities to manage, user experience can get left behind. Our recent survey certainly reflected that: only 13% of respondents noted it as an expected benefit. Overlooking this vital piece of the IAM roadmap may expedite processes in the short-term, but poor UX can create extra work (i.e., onboarding challenges and overall usage issues) down the road if neglected for too long. 

Simplified Workflows and Streamlined, Modernized Processes

Never underestimate the power of simpler processes. These automation bonuses may have only sparked excitement in around 10% of our IT leaders, but these streamlined workflows can make all the difference for universities. This is especially true for larger institutions who are tasked with identity and access management across multiple departments and colleges where automation can save countless hours.

For IT leaders in higher education, IAM automation provides a significant number of positive outcomes. Before any of them can be realized, however, automation must be prioritized. Learn more about these important benefits of identity and access management automation in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.