Brown University Takes a Multifaceted Approach to Safeguarding Private Information

Thanks to a multifaceted approach to data security, CISO David Sherry maintains an increasingly secure networking landscape at Brown University in Providence, R.I. By combining the best of technology solutions and human intellect, Brown officials are able to safeguard sensitive information.

Brown is not alone in its mission: Colleges and universities everywhere are amplifying data-security efforts as massive amounts of data are generated — and grow exponentially — through learning-management systems and the proliferation of wireless devices. Combined with the burgeoning student data collected by administrative offices, an untold amount of private information is now at risk on U.S. campuses.

Strategies to combat the security challenge vary, but many include technology solutions, such as modern identity-management systems.

At Brown, which has a student body of 8,600, Sherry and his staff of two receive nontechnical assistance with developing security strategies from a pair of multidisciplinary advisory organizations: the Brown Security Round Table, which meets every other week; and the Data, Privacy, and Records Management Steering Committee, which gathers quarterly.

“Both groups are very informative to us,” Sherry says. “Since we don’t have a huge staff, this extends our reach to different areas of the university.”

On the technology side, Brown IT officials began the process of replacing the university’s homegrown IAM (identity and access management) solution in early 2012. The existing system was developed incrementally over time and had swelled to a complex system of solutions and manual processes.

After thoroughly evaluating the available technologies, Brown chose the Oracle Identity Manager to address current demands.

“It provided the best fit for our security needs and allowed us to leverage our existing Oracle infrastructure,” Sherry says. “With the new system, our attestation and account security will be significantly improved. This provides numerous benefits, including the ability to reduce the number of affiliated accounts and boost compliance. Simultaneously, we’ll reduce complexity and enable automation of multiple identity management process.”

IAM: A Spectrum of Technologies

IDC research director Sally Hudson says today’s IAM solutions include “a spectrum of technologies that tells your system who is accessing your system, why they are accessing it, where they are coming from and how they are getting in.”

In academia especially, she says, “it’s important to relieve access barriers for students, faculty and other users while ensuring that each of these identities is assigned the correct access profile."

Modern IAM solutions accomplish the task in myriad ways, Hudson says, including fine-grained entitlements, automated provisioning/deprovisioning, single sign-on, authentication and advanced auditing and reporting for meeting regulatory compliance.

Self-service enrollment functionality also is perfectly suited to the higher education setting, Hudson says. “It saves significant amounts of time for both end users and IT.”

Hudson advises institutions to “look for a solution based on industry standards, from a reputable and proven provider, that best addresses your institution’s situation.”

Back at Brown, the next project on the security list is adoption of a solution for mobile device management (MDM).

“MDM is a huge initiative for us,” Sherry says. “We’re in the process of evaluating manufacturers and expect to begin deployment within the next year.”

Four Features

Hudson says institutions now shopping for an IAM solution should consider four features:

• Automation: Modern IAM solutions streamline and automate security processes, from provisioning end users through the lifecycle, all the way to deprovisioning, when appropriate.

• Customization: Best-of-breed solutions provide ample opportunities for IT managers to tailor solutions (i.e., alerts, challenge/response and end-user controls) to meet specific situations.

• Flexible Delivery: Many solutions offer a range of deployment choices, including cloud-based and onsite solutions that may include a purpose-built appliance or a software application.

• Self-Service: IT managers can customize solutions to enable self-service password resets or even self-provisioning for specific user types. Such features empower users and free up time for IT staff to concentrate on mission-critical projects.