Digital identities should be the central element of a higher education institution's technology strategy.
Colleges and universities are experiencing an inflection point that is leading to a seismic shift in how higher education is defined and delivered to students. While there are several competing business models and visions of the future of higher education, one thing is clear: it will be built upon digital technology.
So, how does a higher education institution set itself up to be successful in this new, digital world? While there is endless variation in the composition of an institution's technology strategy, three main pillars are needed to deliver a digital ecosystem that is both flexible and empowering for colleges and universities: automation, security, and interoperability.
The central element that enables all three of these pillars is understanding and unlocking your user base's digital identities.
Enable Automation from Cradle to Grave
Digital identities must be created and accounts must be set up for all users in your ecosystem so that they can access the applications and systems they need to function in their roles (Professor, Student, HR Specialist, etc.). Having this digital identity created, curated, and provisioned as soon as the user needs access is of utmost importance and is also the first step along the automation journey.
However, this process is easier said than done due to the unique complexities that exist within higher education. In the enterprise space, onboarding is a fairly straightforward process: someone joins the organization and receives appropriate access. That access is revoked when the person leaves the organization. In higher education, "joining" or "leaving" the organization isn't so clear-cut (you don't typically have the concept of alumni at a corporation, for example).
The higher education ecosystem comprises an incredibly diverse set of user types that all have their own onboarding and offboarding processes. For example, think about a prospective student or person of interest who needs an account upon application even though that person may or may not join the organization. There are also individuals in higher education who represent multiple user types because they have multiple affiliations with the organization (a medical graduate student who teaches courses and is also a provider at the health science center, for example). The ability to automate this level of complexity begins by viewing a user like this as a composite digital identity and not merely as a series of accounts and attributes.
Proactively Avoid Ransomware
Once the foundation of your ecosystem is set by automating the digital identities of your user population, your next step is to secure the ecosystem without compromising the productivity of the user experience.
Education is presently the most targeted industry for ransomware attacks, with phishing and account takeovers accounting for the largest number of cases. The average total cost to rectify a ransomware attack in the education sector is $2.73 million.Footnote1 This figure considers downtime, people time, device cost, network cost, lost opportunity, and ransom paid. A ransomware attack also disrupts the learning process and causes an interruption in an institution's ability to serve its students.
Cybersecurity experts have long touted that "the traditional perimeter is dead" and have advocated for a zero-trust and identity-centric approach to security. However, if identities are the most important element of your modern cybersecurity program, it is an unfortunate (but real) truth that they are also the biggest threat to your systems.
There are three points to touch on when it comes to providing a secure but productive user experience:
- Implement best practices when it comes to your base security posture by segmenting your network architecture with a cloud-first approach. Just as you keep your money in a bank, you should keep your digital identities in a secure cloud provider's platform. It's the cloud provider's lifeblood to keep them safe, and they definitely have more resources dedicated to it than you do.
- Ensure the integrity of your digital identities' credentials by actively monitoring them against what has been exposed in data breaches and made available on the dark web. In one experiment, cybersecurity researchers planted fake credentials online and discovered that 40 percent of the accounts were accessed within six hours!Footnote2 The user authentication process typically hinges on the username and password. Making sure those credentials aren't exposed is a must for minimizing the risk of your user profiles.
- Unify all your systems through a secure identity provider with universal authentication that consolidates multiple federation methods into a single sign-on experience and enforces multi-factor authentication (MFA). According to the Verizon 2020 Data Breach Investigations Report, 99.9 percent of data breaches could have been avoided simply by enforcing MFA.Footnote3 While it may not be the most popular decision with your user base, MFA has become normalized over the past few years. People now expect some form of MFA when accessing high-value systems in their everyday lives (e.g., banks, insurance, etc.), so the user disruption has greatly been minimized. Many more authentication methods are available today, so tailoring the login experience to each digital identity's needs and preferences is completely doable.
Create Consistency with Distributed Identity Management
So, you have automated and secured your ecosystem by understanding the digital identities that represent the users who are a part of your institution. It wasn't easy, but you did it! But what if you are a part of a college or university shared system or consortium? Your users may have multiple affiliations with your institution and with other institutions within the shared system. If that's the case, you basically need to take all the complexity outlined above and multiply it by the number of other institutions with which the users are associated.
This brings us to the concept of distributed identity management (DIDM). With DIDM, there is a centralized identity store that can collate and contextualize the myriad digital identities across the disparate institutions to ensure that all users have a single universal identity that empowers them across their college or university system. Whether it is a centralized (top-down) or localized (bottom-up) approach to who owns the data for these individuals, a DIDM architecture provides consistency across the entire system. This means consistency of automation, consistency of security, and consistency of governance.
If you would like to learn more about how digital identities can unlock the potential of your digitalization strategy, click here to access our e-book on this topic.
Notes
- The State of Ransomware in Education 2021, research report, (Abingdon, UK: Sophos, July 2021). Jump back to footnote 1 in the text.
- Danny Palmer, "This Is How Fast a Password Leaked on the Web Will Be Tested Out by Hackers," ZDNet (website), June 8, 2021. Jump back to footnote 2 in the text.
- Suzanne Widup, et al., 2020 Data Breach Investigations Report, research report, (New York, NY: Verizon, July 2020). Jump back to footnote 3 in the text.
Carter Dunbar is the Director of Product Marketing at Identity Automation.
© 2021 Identity Automation.