Why Governance Doesn't Need to Come Before IAM Automation

Governance and cybersecurity are monumental tasks for any organization, but institutions of higher education face unique challenges given the amount of personal data they manage—emails, transcripts, test scores, salaries, and more—as well as the complex, often affiliated organizational structures in which that data lives (e.g., professors who are taking classes and students who are teaching assistants).

These complicated environments lead many schools to use manual, legacy, or homegrown solutions for identity and access management (IAM). It's tedious, inefficient, and far from ideal for governance and cybersecurity success.

So why aren't more colleges and universities taking advantage of automation with their IAM solutions? The short answer is bad intel.

A common misconception among higher education institutions is that systems need immaculate data and governance best practices to be fully implemented before schools can even begin to think about IAM automation. This myth is based largely on the incorrect belief that automation won't work/isn't possible without clean data or that it will completely muddy an already disorganized data set. That simply isn't true.

Unfortunately, this misunderstanding leads many colleges and universities to launch lengthy, complicated audits as a first step toward automation. But the mere prospect of such audits leaves many schools avoiding automation altogether.

For this reason, governance and automation are often seen as adversaries, with the former preventing the latter. We've heard from more than a few institutions that they see the value of automation, but they don't think they're ready for it.

Maintain Governance State

IAM automation is an essential tool for improving governance and cybersecurity at colleges and universities. In fact, implementing automation can help schools quickly and efficiently overcome many of the governance and cybersecurity challenges that have them dragging their feet.

Without proper automation procedures in place, the best and most thorough access review is simply a point-in-time panacea. Tomorrow, the approved state of "who has access to what" will be invalidated if procedures are not implemented to maintain the state of governance.

Reduce Human Error

The greatest potential weakness and vulnerability of any IAM system is always the human factor. The fact is, people regularly make mistakes. A university can have all the best IAM practices, protocols, and training in the world, but all it takes is one misassigned role or misplaced password for a small error to become a big problem that could take days or weeks to fix (if and when it's noticed at all).

IAM automation helps schools avoid these costly, time-consuming mistakes by automating parameters for user roles, automatic access deactivation, password security protocols, and other critical controls to keep IAM systems running smoothly. Automation can make informed suggestions about access privileges for a user request based on risk factors, peer group, job/department code, and so on. Of course, mistakes still happen, but an automated system makes those missteps easier to spot (and hopefully avoid in the first place).

Prevent Data Breaches

Protecting the personal information of students, faculty, and staff is the top priority for any IAM solution. Unfortunately, all of that data also makes institutions of higher education enticing targets for hackers and other cybercriminals. And now that many schools are operating with remote or hybrid systems as a result of the coronavirus pandemic, the threats to these systems are even greater. Already this year, some of the largest ransomware attacks have cost universities significant sums—like the $1.14 million the University of California, San Francisco spent on recovery and mitigation costs when its School of Medicine servers were compromised.

The manual implementation of security protocols simply can't keep up with the volume of data and the measures needed to keep it safe. By automating IAM, schools can have some peace of mind knowing that key security processes are covered and focus their efforts on any remaining vulnerabilities (e.g., an exponential increase in remote access).

Increase Efficiency

There's no sugarcoating it: Manual identity and access management for higher education processes can be slow, tedious, and prone to human error. IAM involves a lot of repetitive tasks that require significant amounts of time that could be better spent on more strategic tasks. Just look at the mass number of student IDs that must be onboarded and offboarded every semester. These processes leads to inefficient processes and unnecessary costs. IAM automation frees your internal team from the tedium and gives them more time to focus on more innovative tasks such as finding new efficiencies, shoring up security, or refining roles and user lifecycles.

Invest in Better Processes

Many of the IAM solutions implemented by colleges and universities aren't just manual; they're also homegrown and have only a small pool of personnel who truly know the correct processes and procedures. So, when someone leaves or retires, an already complex system becomes even more complicated as administrators scramble to get a handle on new processes.

Automation eliminates many of these tasks and puts proper processes on paper to avoid knowledge gaps within colleges and universities. But even with automation in place, some tasks and ongoing processes require the support of well-trained individuals for sustainable identity and access management and successful governance and cybersecurity. Ensuring that you have the proper people in place (either in-house personnel or contractors) to support this core technology is critical to governance and cybersecurity success.

As colleges and universities navigate the new normal of remote and hybrid access, governance and cybersecurity are more critical than ever before, and schools without automation in place are already behind. It's time to leave the old myth of automation versus governance behind and shore up IAM solutions in higher education. Automated processes will save schools time and money and improve processes for better governance and cybersecurity throughout their institutions.

To learn more about how IAM automation is helping colleges and universities succeed at governance and cybersecurity, join us for our October 22 webinar on Why Automation First Should be the #1 Approach, co-hosted by the Tambellini Group.

Kevin Nix is the Chief Executive Office for Hitachi ID.