May 20 2019

Why It’s Time to Replace Your On-Premises IAM with a Cloud Solution

Cloud-based identity and access management systems provide greater savings, scalability, reliability and more must-have features.

What could your IT staff do with an extra 875 hours per year? In a recent Okta survey, that’s how much one large university said it spends fielding 3,500 password resets annually.

The password pain point isn’t new, of course, but it’s consuming more time and patience than ever as more applications migrate to the cloud. The same Okta survey found that within two years, 62 percent of higher education applications will be in the cloud, up from 39 percent today. 

Identity and access management systems are a convenient, effective way to balance security and user experience. That’s why many colleges and universities have been using IAM for years. The catch is many of their IAM solutions are outdated and lack features that IT staff and users want.

For example, consumer experiences have conditioned faculty and students to expect self-service password recovery. So, they’re understandably frustrated when their college’s applications don’t provide that option. 

In fact, that’s the case at the aforementioned large university that gets 3,500 password-reset calls each year. Okta’s study found that IT staff typically spend 15 minutes on each password reset. By enabling self-service, a modern IAM solution can free staff to spend time on more important tasks. 

MORE FROM EDTECH: Check out how adopting zero trust networks can improve universities' security postures.

Reliability and Ease of Management Stand Out for Cloud IAM

Nearly half of the institutions in Okta’s survey said IAM solution reliability is a major challenge. One reason: Although many colleges have cloud-first strategies, their IAM solutions are on-premises. This requires features to support disaster recovery and upgrades that do not require taking the entire IAM platform offline. 

A cloud IAM solution eliminates the need for — and expense of — those features. And, as with manual password resets, the time staff spent managing those features now can be repurposed.

On-premises IAM also requires a custom connector for each target system. Building a connector for a new app costs $50,000 to $100,000, plus another 15 percent annually to maintain it, Okta says. With a cloud IAM, that development cost drops to $15,000-$25,000

MORE FROM EDTECH: See how universities can use identity and access management to approach common pain points in cloud security.

Cloud IAM Offers Scalability to Support the Student Lifecycle

Scalability is another pain point. For example, when students graduate each spring, IT doesn’t have several hundred or thousand fewer students to support. As alumni, those graduates may receive services such as lifetime email access or a year’s access to files in their college’s cloud storage. 

Either way, the IAM system will have to manage these post-graduate identities for an extended period in addition to the identities of new students. A cloud IAM system helps colleges scale up gracefully and cost-effectively. 

For incoming students, a solution such as Okta’s lifecycle management option can enable self-service registration. And as their college careers progress, this solution automatically detects profile attributes across multiple applications and makes updates accordingly. That frees IT staff from manual tasks such as provisioning requests. 

Another common challenge is the common practice of storing alumni, student, faculty and staff identities in multiple Active Directory and Lightweight Directory Access Protocol domains. A cloud IAM solution eliminates that inefficiency by providing a single, centralized place to manage all those identities. That’s one more reason to why a cloud-first strategy should make IAM a key component.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.

CrispyPork/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT