Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Dec 24 2024
Security

Access Management in Higher Education: IAM vs. PAM vs. MFA

Protecting personal data is critical for colleges and universities. Identity and access management, privileged access management and multifactor authentication tools can help.

Higher education institutions — entrusted with students’ personal information and sensitive research data, and charged with ensuring regulatory compliance — require comprehensive access management strategies.

To achieve this, modern IT solutions such as identity and access management (IAM), multifactor authentication (MFA) and privileged access management (PAM) can be combined to provide robust, layered security.

Once a college or university decides to implement an access management strategy, it must address each of the three functions holistically, considering the size of the organization, the number of roles involved, and the types of data in question as well as access to it.

A small college may have only a few user identities and a limited number of faculty and staff, while a large university would require a more sophisticated approach involving multiple departments and locations, a diverse set of student, faculty and staff data, and remote access considerations.

Click the banner to discover more ways IAM can untangle higher ed’s complex IT environments.

 

What Is Identity and Access Management (IAM)?

Petros Efstathopoulos, vice president of research at RSAC, explains that IAM is an umbrella term that refers to the set of policies, technologies and processes that manage users’ identities and control their access to resources within an organization.

“IAM is crucial for ensuring secure interaction with web applications and cloud services, as it allows administrators to grant permissions to users and applications, thereby defining how these entities can interact with specific resources,” he says.

For example, in a higher education environment, IAM can be used to assign faculty, staff or student permissions to ongoing research, faculty calendars and a variety of other on-campus resources.

In other words, IAM is a broad term, and a fundamental concept in security, that refers to three major tasks: identifying users, authenticating them and managing their privileges.

Understanding Multifactor Authentication (MFA)

Brandon Traffanstedt, senior director for CyberArk’s global technology office, describes MFA as a capability of IAM.

“It makes sure that users are properly authenticated in this process by enforcing the use of several controls, or factors, of proof when the user is trying to access something,” he says.

Users might be asked for a password alongside a biometric authentication, for instance, or a password and a ‘push’ to an authentication app or code on a physical device.

What Is Privileged Access Management (PAM)?

PAM can be thought of as a subset of IAM that is focused on powerful or sensitive access and normally used in scenarios whereby an individual (or machine) needs access to systems or services requiring stronger permissions than a standard user.

PAM is used to ensure that this highly sought-after access is hardened with extensive security controls.

“Privileged access can be associated with human users as well as nonhuman users, such as applications and machine identities,” Traffanstedt says.

Likewise, the definitions of privileged access and standard access continue to expand as more users and machines are given additional high-level access.

Petros Efstathopoulos headshot
The commoditization of IAM cloud services, toolkits and products enables organizations to design and implement a tailor-made system.”

Petros Efstathopoulos Vice President of Research, RSA Conference

What Are SSO and Role-Based Access Control?

Single sign-on is an authentication process that allows a user to access multiple applications with one set of login credentials.

“SSO simplifies the user experience by reducing the number of logins required and enhances security by reducing the number of passwords users need to remember,” says Ted Kietzman, product marketing manager for Cisco’s Duo Security.

Role-based access control restricts system access to authorized users based on their role within an organization, Kietzman explains.

“Basically, your role designates what you can and can’t access,” he says.

How to Use IAM, MFA and PAM Together

The good news for higher education IT leaders, Traffanstedt says, is that these security controls are complementary practices.

“The best way to think about how they are implemented is from the perspective of what is valuable to your organization,” he adds.

That can be different for every university, but it typically includes protecting sensitive data and ensuring a frictionless experience for users.

“An effective identity security strategy starts with this and works outward to ensure that the right person has the right access at the right time,” Traffanstedt says.

RELATED: Are passkeys right for your university?

Implementing IAM, MFA and PAM in Modern Architectures

Efstathopoulos explains that modern systems have commoditized a lot of the IAM functions and capabilities, primarily as cloud services.

“The commoditization of IAM cloud services, toolkits and products enables organizations to design and implement a tailor-made system,” he says.

These include readily available components that have been designed to collaborate with one another and improve usability and security.

Kietzman says there are several benefits to moving IAM, MFA and PAM to a Software as a Service model, including reduction of management and maintenance costs, higher availability and scalability, and tooling that is updated consistently.

“However, making this choice and effort will depend on a given university’s IT stack,” he adds.

Future Trends in Identity and Access Management

Efstathopoulos says a key technological trend that will impact the future of IAM is the increasing use of AI and nonhuman agents in various industries, including higher education.

“Current systems in place are predominantly designed with the assumption that all agents involved are human,” he says, noting IAM mostly authenticates human identities.

“As the number of nonhuman agents involved in education and research increases, we would need to revisit and adjust the identification, authentication and access management strategies in order to integrate these new identities and address the additional security challenges that may arise,” Efstathopoulos says.

UP NEXT: How personhood credentials could impact higher education.

Vertigo3d/Getty Images