Choosing a Modern Access Management and Governance Solution

The digital disruptions caused by the coronavirus pandemic have further emphasized the need to stay current with technology. Higher education institutions that don't stay current risk falling behind peer institutions that have embraced the acceleration of digital transformation and future-facing IT strategies in the face of hybrid learning futures.

Digital transformation (Dx) in higher education is a series of deep and coordinated culture, faculty, and technology shifts that enable new educational and operating models and transform a higher education institution's operations, strategic directions, and value proposition, according to EDUCAUSE.^Footnote1 The modernization associated with Dx is driven by technology trends and changes that enable a new approach to everything from how digital architectures are incorporated to how campus leaders interact with the IT organization—all targeting improved student outcomes, more effective teaching and learning methods, new research capabilities, and an evolution in business models.^Footnote2

And currently, 38 percent of higher education IT leaders are exploring Dx, and 32 percent are in the process of developing a strategy, according to EDUCAUSE. But here's the catch: Only 13 percent are currently engaged in Dx.^Footnote3

There is a widening gap between aspiration and achievement for organizations that are attempting modernization. To remain competitive, identifying the essential elements of your organization's modernization strategy is more important than ever. Higher education institutions have a network of populations, including students, faculty, staff, affiliates, alumni, and more. This complexity calls for the advanced level of precision an access management solution delivers, making it critical to Dx. Access management modernization reduces risk (and the risk accompanying new technology implementations) with digital identity accountability, improves security, and optimizes processes with automation. Most organizations cannot make the business case to invest in identity and access management (IAM) without it being the precursor to the implementation of technology with more obvious user benefits and return on investment (ROI). So, without powerful IAM and privileged access management (PAM) implementations, which deliver these crucial modernization competencies, organizations risk compromising their whole modernization strategy.

But the roadmap to support a comprehensive and cohesive access management culture in higher education isn't always straightforward. And many institutions don't know where to start. How can your institution create an access management culture that cultivates your modernization strategy? What platforms, processes, and technologies meet the access needs of higher education institutions?

In partnership with the market-leading identity and access management consulting firm Identity Works, Hitachi ID Systems has created this article to help higher education institutions discern the processes and technology to support Dx and more. From defining IAM, PAM, and identity governance administration platforms and cyberattack solutions to achievable steps, unique challenges, and universal benefits, we'll provide a blueprint for creating your access management digital strategy and transformation.

What Is Access Management and Why Your Platform Matters

Few higher education IT leaders would argue against the critical importance of access management for colleges and universities worldwide. Access management refers to the processes and technologies used to control and monitor network access. While the higher education IT security landscape experiences many of the same access management hurdles as corporations, colleges and universities must also contend with several unique obstacles that are often more complex than those seen in other enterprise deployments.

What's even more challenging? Many higher education institutions have legacy tools and homegrown solutions in place, which simply aren't up to the task. These open-source and custom systems haven't aged well because there isn't an incentive to innovate them. They're highly manual and labor-intensive, and many weren't built with security in mind—leaving them expensive to maintain, enhance, or fix.

It's time for an upgrade.

Your access management process and technology, including IAM and PAM, are crucial components of a higher education digital strategy that must be replaced or modernized to remain viable. The problem is that many platforms are not designed with the higher education space in mind, and many vendors are unfamiliar with its unique obstacles.

Plus, an ad-hoc, custom-coded, and reworked solution can be a very costly, time-consuming, and complicated approach.

Identity governance, a subset of IAM, also plays an important part in your digital strategy. As the policy-based orchestration of user identity management and access control, identity governance helps to support higher education IT security and regulatory compliance.

Mile Markers

Many higher education institutions may not have the budget or ability to tackle complete access management programs that include IAM, PAM, and identity governance. Your organization may need to start small with high-impact projects that will get you the best ROI. These bite-sized, achievable tasks will help you steadily piece together the access management Dx puzzle.

After performing a prerequisite inventory (illustrated below), your institution can complete these initiatives in any order, but each little project will help your organization build a new access management model and begin your efforts around a comprehensive authentication and identity program. By tackling segments of both, your organization will create a foundation for future 360-degree access management success.

Prerequisite Inventories

Before executing your access management digital strategy, your higher education institution should take stock of what's in its network:

• Network security audit
  • Approved-use, communications, antivirus, identity, password, encryption, remote access policies, and more
• Inventory audit
  • Identities, groups, applications, integrations, and servers

What colleges and universities uncover during these audits will determine the next steps in authentication and identity.

Authentication Beginnings

• Password management
• Federated single sign-on (SSO) and Security Assertion Markup Language (SAML)
• Randomizing administrative accounts
• Just-in-time (JIT) access
• Multi-factor authentication (MFA)

Identity Foundations

• Accounts
• Groups
• New, added, changed, or moved identities
• Non-human (application, service accounts)
• Devices (personal and organization owned)

Your organization can "start small" with viable and high-yielding ROI projects utilizing these flexible mile markers. This work can help you overcome a common roadblock that institutions often face in gaining decision-maker support. Many leaders need a path that resonates with them before they will greenlight a modernization project.

The Challenges

Colleges and universities face unique access management challenges compared to their enterprise counterparts. However, by creating the right access management processes and pairing them with a higher education-designed solution that includes IAM and PAM, your institution can handle many of these challenges. The best part? Your institution can reclaim hundreds of hours for your IT leadership to spend on more strategic projects.

The Unique Access Management Challenges for Higher Education

1. Getting started

   The first step is always the hardest, and working to implement a new IAM solution is a steep uphill climb for higher education institutions. Building support among decision makers continues to be difficult for most colleges and universities, making it challenging to move forward with IAM, identity governance, and identity administration projects. It's a daunting task, to say the least, but with the right approach, colleges and universities can get their IAM programs up and running.

   Starting small with introductory projects (i.e., beginning automation to clean up credentials and identities) can help build some momentum. It will also give your IT team some use cases to put in front of leadership and inspire confidence to further invest in these initiatives. Implementing these new solutions and processes will take time, but with flexibility and perseverance, colleges and universities can get started on the road to stronger identity and access management.

2. Aging homegrown and legacy systems

   Many colleges and universities are often saddled with legacy and homegrown solutions that they have been using for years due to limited and constrained budgets (along with siloed structures and processes). While these systems may have met the institution's needs at one time, they have likely become inefficient over time and prone to increasing human error. All too often, the mastery of these systems is concentrated among a small group of people or one person due to their DIY nature. If or when one or more of these people leave, another vulnerability is created.

   To combat risk and reclaim hours, colleges and universities need to prioritize updating legacy access management systems and processes. With a Dx strategy that is focused on a singular approach to bringing all the critical actions of access, identity, and privilege together, higher education institutions will be better equipped to manage access and reduce the risk of unauthorized entry.

3. Blended roles and non-hierarchical structures

   It's not uncommon for someone at a higher education institution to take on several different roles simultaneously (e.g., a student who is also a teacher's assistant or a staff member who is also enrolled in classes). And when external access is included, it is common for many users to maintain more than two roles (e.g., staff, student, parent, volunteer, and donor). Privileged access systems are versatile enough to support these multi-role requirements, preventing potential exposure of confidential information while simultaneously protecting the institution's cybersecurity.

   Decentralized architecture with frequently disparate systems is also a hurdle. Each department within a college or university may have a unique structure, creating obstacles when aligning individual departments with the overarching systems. Identities may not match up, or appropriate access can be incorrectly granted or blocked. A robust IAM and identity governance solution (paired with access management best practices) can organize and automate these contrasting frameworks, minimizing misappropriation and maximizing interdepartmental access alignment.

4. Dynamic user, faculty, and student populations

   In a typical four-year structure, colleges and universities turn over thousands of graduates each spring—revoking entitlements, changing identities, and reorganizing credentials. In the fall, new entitlements must be assigned to thousands more recently enrolled students.

   For institutions with graduate programs, onboarding and off-boarding large numbers of graduate students present an even higher risk (since these individuals often are also employees or pseudo-employees). These graduate assistants and adjunct faculty have levels of access beyond the typical undergraduate population, and automatic off-boarding is crucial to maintaining the security and integrity of your system.

   This active, overlapping, and manual process is rife with human error and misappropriated accounts and profiles. It can also be time-consuming and cause delays in onboarding, sapping valuable time and limited bandwidth from IT staff and leadership. And when the process breaks down, it creates orphaned, dormant, and stray accounts that increase risk and vulnerability to bad actors if left unchecked.

   An access management solution, including IAM, identity governance, and PAM, automates and augments this process by strengthening governance and reducing vulnerability. An access management implementation cuts down on the number of inappropriate access rights and lost accounts by introducing automatic access deactivation and control processes.

   Lastly, by automating these time-consuming tasks, colleges and universities make IAM and identity administration processes more efficient, optimizing their teams, improving users' connection with the institution, and, ultimately, freeing up the institution for more innovative projects.

Sunrise to Sunset

The higher education technology paradigm is changing daily. Access management and its crucial and robust components, IAM and PAM, can help colleges and universities meet this fast-paced dynamic with evolution and capability.

Access Management Responds to Rapid Change

Growing Cyberattacks

In 2020, the education vertical saw 819 incidents and 228 breaches with confirmed data disclosure.^Footnote4 The previous year? Educational services experienced 382 incidents and ninety-nine breaches with confirmed data disclosure.^Footnote5 This represents a 114 percent increase in incidents and nearly a 57 percent increase in breaches from the year before. It's clear the move toward remote access scenarios and digital ecosystems during the coronavirus pandemic have exposed educational institutions to increased risk.

Colleges and universities can protect themselves against threats by staying a step ahead with IAM (including identity governance) and PAM. In an environment without access management and expected risk, many higher education cybersecurity strategies involve damage control from exposure. By removing many manual tasks and static passwords, higher education institutions can shift their cybersecurity strategies from reactive to proactive.

You can take another step forward by adding predictive analytics and technology. These powerful tools, at the heart of cutting-edge access management solutions, can anticipate and forecast complications before they are exploited. Higher education institutions can then further fortify these efforts with risk and threat assessment, plus resolution recommendations, completely moving away from a reactive strategy to risk to a proactive one.

Evolving Regulations and Compliance Requirements

Many colleges and universities spend a lot of time and money on certification and governance initiatives, but without automation measures in effect, their compliant state will not last. IAM automation and identity administration strategies ensure rights are assigned and removed promptly, maintaining compliance without the need for manual interventions. Modern systems also automate the role review process and provide access for auditors, saving many hours of reporting and study.

Predictive analysis of users' needs will then help reduce the number of generated requests, and an efficient workflow engine at the center of access management solutions guarantees those requiring approval are provisioned on time.

Zero Trust

The future of cybersecurity is the Zero Trust model, as IT environments have become more fluid, open, and vulnerable. More organizations are turning away from conventional methods such as VPN to keep their networks secure and moving toward implementing Zero Trust—a security approach that addresses these new network realities by trusting no one.

While colleges and universities may not yet be able to sprint toward Zero Trust architecture, taking crucial first steps, like network and inventory audits, can lay the foundation for success. Investing in IAM and PAM solutions that enable strong integration (for input and output) will allow institutions to scale more efficiently, add tools and features, and implement initiatives like Zero Trust when they're ready.

Modernization and Optimal Experience

As more higher education institutions embrace digital ecosystems, access management processes and technology can guide their digital strategies. IAM and PAM implementation creates a methodology that includes authentication, identity, privilege, and "verify" governance. This practice lays the groundwork for comprehensive and secure modernization.

The winning combination also creates access management synergy and an optimal experience for students, staff, and alumni where IAM creates identity and PAM secures it. As colleges and universities move further into modernization, this hybrid 360-degree approach is required to remain competitive in the modern higher education landscape.

Why Your Vendor Matters

You have a choice when it comes to choosing an access management solutions vendor that meets all of your higher education institution's needs. The problem is that while many modern IAM and PAM options are available, few are customizable and versatile enough to meet these higher education challenges (both micro and macro) without compromises along the way.

You need a vendor that will be with you throughout your journey. A relationship with an experienced team can help you select and sequence your IAM, identity governance, PAM implementations, and more. At each phase, they should work with you to ensure smooth execution and performance.

The right partner can help you make critical strategy decisions that move your access management culture beyond legacy systems and ever-forward. A vendor with extensive experience in higher education can help you avoid project pitfalls that are specific to colleges and universities.

Introducing Hitachi ID Bravura Security Fabric

Hitachi ID Bravura Security Fabric delivers a cutting-edge solution to identity protection, built-in threat detection, and a singular identity, privileged access, and password platform. This all-in-one platform is ready-made for colleges and universities—conquering higher education access challenges out of the box without expensive customization.

Truly framework agnostic, Hitachi ID Bravura Security Fabric integrates across various cloud, platform, and security systems with ease. Unlike many of today's commercial access management solutions, which were designed only to address corporate and enterprise business use, Hitachi ID Bravura Security Fabric brings higher education institutions versatility and adaptability. It automates the complex life cycle management of large, dynamic, and unusual higher education user bases without the need for ad hoc scripting or additional resources and staff.

The Hitachi ID Bravura Security Fabric is a singular, powerful framework and platform that brings together all the layers of Hitachi ID Bravura.

Hitachi ID Bravura Identity

Implement the best-in-class Hitachi ID solution to enforce security and cross-platform access policies and uphold the principles of least privilege.

Hitachi ID Bravura Privilege

Reduce IT security risk and enhance accountability with frictionless, time-limited privileged access through millions of daily password randomizations and authorization with a highly available, geo-redundant solution.

Hitachi ID Bravura Pass

Improve login security processes and simplify credential management for passwords, tokens, smart cards, security questions, and biometrics management across systems and applications.

Hitachi ID Bravura Group

Secure and simplify group lifecycle management and access a rich set of reports to identify problems with data quality and quickly deploy remedies with automated request feedback.

Hitachi ID Bravura Discover

Deploy automated IAM and PAM threat assessment with a discovery analysis that takes just a day to provide the most accurate data to close identity and privileged access security gaps, giving you confidence by removing the potential for human error or intervention.

A New Day

Hitachi ID Bravura Security Fabric meets all of your digital identity and access security needs with the industry-leading features and applications that higher education institutions require. It's packed with future-ready technological and architectural building blocks enhanced with decades of reliability to protect, manage, and govern your entire identity and access infrastructure for the next generation. All of this scalable capability comes bundled with Hitachi ID's global support.

The Power of One

• Implement a singular platform designed for higher education-specific IAM (including identity governance) and PAM challenges out of the box without expensive customization.
• Simplify your vendor and program deployment, streamline service-level agreements, and lower overall cost.
• Address your most urgent PAM, MFA, and federated SSO needs with the ability to turn services on and off.
• See value faster while it evolves to protect institutional research, data, finances, and reputation from cybersecurity threats.

Bonus: The solution also integrates with the latest security tools, including the internet of things (IoT), operational technology (OT), information technology service management (ITSM), and security information and event management (SIEM).

On the Horizon

Empower your digital transformation strategy and access management transformation with the industry's only single platform for multi-factor, adaptive authentication, IAM, and PAM. As a single open architecture platform and the industry's most extensive organically grown connector portfolio, Hitachi ID Bravura Security Fabric offers a robust, customizable, and versatile API platform to meet the modern and unique needs of today's higher education institutions.

• INVENTORY your identities that require secure access with our worksheet. Download the worksheet now.
• EVALUATE the state of your access management with a complimentary health check from Identity Works. Evaluate your access management now.
• VISIT our solution webpage. Visit it now.

We Are Hitachi ID

A recognized market leader, we deliver access governance and identity administration solutions to organizations globally, including many Fortune 500 companies. By leveraging decades of experience, we provide the industry's only single platform identity and privileged access solution to simplify implementation as your IAM and PAM roadmaps evolve.

We Are Identity Works

As a leading identity and access management consulting company, we partner with many preeminent access management vendor solutions in the IAM marketplace and assist institutions in achieving success with their identity governance platform and initiatives. Our expert implementation services, product advisory, health checks, upgrade support, IAM roadmap planning, and identity toolkit are what make us your partner of choice.

Notes

1. Susan Grajek and Betsy Reinitz, "Getting Ready for Digital Transformation: Change Your Culture, Workforce, and Technology," EDUCAUSE Review, July 8, 2019. Jump back to footnote 1 in the text.↩
2. Ibid. Jump back to footnote 2 in the text.↩
3. D. Christopher Brooks and Mark McCormack, EDUCAUSE Driving Digital Transformation in Higher Education, research report, (Boulder, CO: EDUCAUSE Research, June 2020). Jump back to footnote 3 in the text.↩
4. Gabriel Basset, C. David Hylender, Philippe Langlois, Alexandre Pinto, Suzanne Widup, Verizon 2020 Data Breach Investigations Report, research report, (New York, NY: Verizon Communications, May 2020). Jump back to footnote 4 in the text.↩
5. Suzanne Widup, 2019 Verizon Data Breach Investigations Report, research report, (New York: NY, Verizon Communications, October 2019). Jump back to footnote 5 in the text.↩

---

Kevin Klitzke is Vice President of Product Management at Hitachi ID Systems.