In higher education the challenges of identity and access management (IAM) are many, and for the University of California San Francisco (UCSF), they had the usual obstacles: ever-increasing number of users with changeable and overlapping roles to account for (students, professors, faculty), plus the need to secure all of their personal data, data related to research projects, and federally funded grants. In addition an aging mainframe system sat at the core of their IAM environment and retiring it was of utmost importance since administrators with expertise in it were retiring quickly!
However, because UCSF is both a university and a hospital (with its own interlaced medical teaching needs), the IAM security environment is even more complicated. Multiple data sources combined with loose affiliations for members including students, teachers, staff, residents, nurses, doctors, researchers, guests, volunteers and contractors made the quality of the data unreliable.
That’s why after 20 years of coping with these mounting challenges, UCSF knew it was time to modernize its decades-old IAM system. The challenge? How to replace a legacy identity system that was deeply entangled with core business processes while keeping the older systems alive and minimizing risk to the university. Of course, there’s no easy answer, but ultimately it came down to finding the right approach:
Do the Research
Understanding what the best solution for their IAM challenges was a multi-step process unto itself. UCSF knew it needed one data source to automate provisioning, synchronize systems of record, and streamline appropriate access through the identity lifecycle with a highly secure yet publicly accessible identity solution. They also knew they needed to not only solve current challenges, but also plan for the future with a system that was capable of scaling and evolving to meet them.
Kevin Dale, senior manager of identity and access management at UCSF brought the project from concept to completion and conducted thorough research of the vendor landscape before beginning this critical transformation. Casting a wide net not only allowed him to vet potential vendors, it also brought to light what capabilities are being offered in the marketplace. Demonstrations and discussions with peers and reference clients helped validate the decision, making the next step infinitely simpler.
For colleges and universities, an IAM upgrade is an enormous, multi-faceted project that impacts nearly every department. It’s not a solution that can be simply switched on. Implementation takes time and coordination to ensure that risk was mitigated to the greatest extent possible. That’s why UCSF knew it needed to prioritize the features and technology that were most critical.
For UCSF, the prioritized must-have features included password management and good connectors, including one for Active Directory supporting group management, identity lifecycle, access management and governance. Identifying these must-haves allowed the university to more clearly map out its roadmap and assisted in the vendor selection process by eliminating those who didn’t fit those needs.
Get Everyone on Board
With multiple departments, colleges, and the hospital to coordinate, having complete buy-in was an absolute must. Nine departments worked to promote adoption across the campus. The effort was spearheaded by the IT team, which outlined concrete deliverables: replacing the mainframe, introducing Hitachi ID Bravura Identity, production deployment, automating and standardizing provisioning and deactivations, and more.
By frequently communicating prioritized outcomes linked to timelines, the stakeholders helped foster partnerships with staff and kept the project on track and on budget. That included the critical step of training everyone on how to use the new Hitachi ID solution and augmented skills as needed.
With a modern Hitachi ID identity solution, UCSF simplified and improved data protection and access while reducing security risk. Improved control has better positioned UCSF to provide access for its members today and ever growing population into the future.
Hitachi ID is the only industry leader delivering password, identity, group and privileged access management across a single platform to ease implementation as your IAM and PAM roadmaps evolve. You can learn more about the IAM challenges UCSF faced and the solutions Hitachi ID implemented to overcome them here: UCSF IAM Case Study
Most organizations continue to employ user accounts that indefinitely retain elevated privileges, despite increasing evidence that utilizing standing privileged accounts...
Many organizations need to make sweeping changes to their security mindset in the face of evolving challenges, open configuration, and new paradigms. In a traditional...