Recently, we packed our bags and traveled to the scenic village of Lake Placid, New York for the 2019 State University of New York (SUNY) Technology Conference. Returning for our second year, we were excited to come back and continue learning about the evolving challenges faced by SUNY’s sizable technology community.
In fact, SUNY is the nation’s largest comprehensive system of public higher education, comprised of 64 campuses throughout the state and 413,000 students. The focus of the SUNY Technology Conference (STC) is to collaborate on shared initiatives, discuss best practices, and network with peers across the SUNY system.
This year’s theme was Transitions and Transformations - In Leadership and Technology, which builds upon the STC tradition of technology professionals sharing ideas, solutions, and evaluating emerging technologies that continue the expansion of SUNY’s technology usage.
For us, the highlight of the event was our presentation, Doing Less with More: Overcoming Higher Ed's Identity Management Challenges with Automation, which discussed the unique and wide variety of challenges faced by Higher Ed and why automation with modern Identity and Access Management (IAM) is the key to enabling Higher Ed to do more with less, while reducing costs and increasing flexibility.
SUNY Customers Share Personal RapidIdentity Success Stories
At the Identity Automation booth, we networked with a plethora of SUNY technology leaders, including computing professionals, educators, telecommunication professionals, and media specialists. In our conversations, it was clear what topics generated the most interest: access governance and identity lifecycle management. This came as no surprise, considering we see other Higher Ed institutions across the country facing these same challenges and the industry as a whole has traditionally struggled with handling multiple affiliations, or roles.
During our presentation, attendees gained insight on how Identity Automation is partnering with SUNY colleges and universities to deliver identity lifecycle management that greatly minimizes manual efforts, enhances the student experience, reduces risk, and simplifies compliance efforts.
What made our session more energetic and interactive was that as we discussed use cases, existing RapidIdentity users from SUNY schools chimed in with their own stories. In fact, it quickly became obvious our SUNY customers are RapidIdentity experts when it comes to communicating the benefits and use cases of the platform to their peers.
Let’s touch on two of the most common obstacles discussed in our session: managing multiple affiliations and the risks associated with homegrown IAM systems.
IAM Obstacles in Higher Ed: Multiple Roles and Access Levels
Why are multiple affiliations or roles such an obstacle in Higher Ed? Let’s use a common example to demonstrate this dilemma. Let’s say Liz is student taking continuing education classes, and she also works for the university as a TA, or teacher’s aide. While Liz is currently a student, she is simultaneously an employee. Furthermore, once she graduates, she will become an alumni, and her university account must be modified, so that only the associated access from her student affiliation is revoked.
While cases like this are extremely common in Higher Ed, unfortunately, most commercial IAM solutions are not designed to handle them— at least not in an elegant or easy manner. In fact, the majority of legacy identity management tools specifically fail to recognize that multiple ID numbers (employee and student, for example) may be assigned to a single user. Instead, these legacy solutions treat these unique IDs as different users, resulting in users having to manage multiple credentials in both Active Directory and downstream systems, and IT having to provision and manage all those credentials.
Some IAM solutions, like RapidIdentity, are able to solve this challenge in a unique way by recognizing multiple roles per individual user using multi-attribute matching and validation. This allows the system to discover whether or not a predetermined number of attributes attached to a particular ID, such as email address, phone number, home address, school address, and date of birth—match.
From there, RapidIdentity either automatically merges matching accounts or flags them for IT to consider merging, depending on pre-established business rules. By having one account for multiple roles—it’s easier on the user and far easier on help desk staff.
IAM Obstacles in Higher Ed: Homegrown and Legacy IAM Solutions
Another primary challenge in Higher Ed is frequently discovered when there is a loss of expertise to keep systems running. As new IT staff comes in and assesses the current situation, it’s realized that the entire identity program is a mix of legacy and homegrown solutions, loosely connected with archaic coding.
Built around scripts, homegrown solutions are a series of individual commands used to execute a particular task. Scripts are helpful in automating repetitive actions, such as automatically copying information from a student information system into a text file and then uploading that file into another downstream system.
While this is a quick way to get something done, scripts are not a sustainable replacement for a modern and complete IAM solution. Over time, these custom scripts lose relevance as systems are added or as policies change, or more importantly, as skill sets exit the organization.
Unfortunately, homegrown IAM systems also put colleges and universities at risk of student and staff privacy issues, as well as data theft, often perpetrated through ransomware or phishing attacks. By putting a modern IAM solution that’s purpose-built for higher education at the core of a security program, not only will colleges and universities increase their security posture, they can also automate the complex lifecycle management of a large user base—without the need for ad-hoc scripting.
Continuing to Expand our Knowledge of Higher Education’s Unique and Evolving Challenges
The 2019 STC was a fantastic opportunity to expand our knowledge of the evolving challenges faced by technology leaders in Higher Education. With complex user populations and overlapping affiliations, colleges and universities face unique challenges that home-grown and legacy identity management solutions simply cannot address.
Our interactive presentation encouraged our SUNY customers to share their experiences with RapidIdentity and how the solution has successfully streamlined their identity management, as well as enabled time and cost savings.
We can’t wait for our next opportunity to continue to share our expertise, network, and learn from other attendees. If you missed us in New York, we hope to see you at our next event, EDUCAUSE Annual Conference 2019 in Chicago, Illinois, October 14-17. Make sure to stop by booth 519 and say hello!