Challenges with IAM Solution Analysis, Access Privileges, and Onboarding/Offboarding: Feedback from the EDUCAUSE Security Professionals Conference


This year’s Educause Security Professionals conference proved to be another exceptional learning experience. Attendance was strong, and our conversations with ed tech leaders from colleges and universities across the United States were even stronger. The theme for this year’s conference, “Data, Intelligence, Risk, and Value: Security and Privacy in Higher Ed,” was right on track with what we’ve been hearing from customers and prospects.

One of the most interesting things I learned while at the event is that many colleges are struggling with the earliest stages of choosing identity management technology. College IT staff know what the end goal should be – implementing an identity and access management solution but have no idea where to start. They aren’t where to begin their research or who from their university should be included in conversations about goals, policies, and selection of solutions. At the same time, they don’t want a vendor to come in and strongarm them into choosing a particular solution. The process for figuring out their college's needs can be daunting, and they’re looking for people who can be true partners, listening to their needs and providing input without bias.

I’ve found that most people interested in identity management have nothing in place other than some scripting, tool sets, and manual efforts. For many, this piecemeal approach ends up causing more problems than solutions. There are just too many moving parts and not enough bodies to efficiently manage identities and access through these methods. Many people I spoke with at the show said they need one central solution that combines and streamlines the functionality of these various tools into a unified identity management system, and I couldn't agree more.

IA_-_Educause_Security_Professionals.jpgAnother popular conversation with attendees was how to manage different types of users with varying access privilegesstudents, staff, and faculty. A common problem for university IT departments is changes in status among users. Maybe a staff member receives tenure and becomes faculty, or a graduate student becomes a teaching assistant and needs staff-level access. For some colleges, these types of status changes occur daily, becoming a significant issue for a school with help desk staff that manually manage this process. The other downside is that these users often end up with multiple accounts. For example, one for their staff-level access and another for their faculty-level access. When you don’t have one, central identity for each user, this can lead to forgotten accounts left open, which then serve as a potential entry point for an external attack. A best practice we discussed with attendees that resolves this issue is account merge technology that ensures that each user has only one identity and one set of privileges.

Lastly, we heard that onboarding and offboarding remains a constant issue with schools. Prospective students often need temporary accounts before they actually start as on-campus students, and new employees need user accounts before their information shows up in the ERP / HR system. When it comes to offboarding retired or inactive employees, lingering user objects may still remain, even when the employee has not been with the college or university for years. Efficient provisioning and deprovisioning can help alleviate these problems.

This conference allowed us to gain valuable insights into the struggles higher education institutions are facing, namely the path to choosing an identity management solution, managing user access levels, and onboarding and offboarding users. If you’re experiencing any of these problems, or similar ones, contact us to discuss how you can solve them.



Subscribe Here!