Navigating the Complexities of Higher Ed User Identities
Like other large enterprises, higher education institutions have complex directories with thousands of users with varying levels of permissions. The added challenge for colleges and universities is to identify and manage multiple identities within a single person.
For example, a graduate student who works as a teaching assistant might need a different level of access to student and learning management systems than someone who is solely a graduate student. Alumni might have basic access to their university email accounts or cloud drives, but if an alum returns to campus as a student years later, then their level of access changes.
Data systems in higher education are typically siloed, and different colleges or departments might have their own registries. When this is the case, students or faculty can appear in multiple locations, giving them more than one identity within the institution. A student with a double major could have individual identities in both the college of engineering and the college of medicine. A faculty member who teaches biology but also graduated from the school a decade earlier could have separate faculty and alum identities.
DISCOVER: Securing your multifactor authentication solution can better position you against threats.
This is not to say that a decentralized approach to IGA is the wrong one. There are logical reasons for institutions to have isolated registries across colleges and departments, especially if each registry represents a different business unit. The important factor is for IT departments to understand the different registries and what the authoritative sources are.
Identity Governance and Access Management Solution Challenges
So, why do higher education institutions have a hard time with IGA? Much like any large-scale technology initiative, these undertakings require time, money, expertise and staff. For institutions that are working with small staffs under tight budgets, it can be difficult to find the time or resources needed to get IGA under control.
Virtual directory tools can help institutions correlate and centrally aggregate identities, allowing for a unified view of all of an institution’s registries and authoritative sources. This can be instrumental in moving to the next step of implementing an IAM solution. There is an upfront cost to these virtual directories, but efficiencies gained in maintenance down the line will likely offset these costs.
CONTINUE READING: Find out what higher education institutions need to know about zero trust.
It can also be beneficial for institutions to engage a third party when adding an identity solution, which requires a level of training many university IT departments do not have. At CDW, we can work with IT departments to deploy identity solutions, then walk staff through our configuration, explain our reasoning, and leave behind materials for them to reference as they maintain the system or troubleshoot issues. We also offer managed services, where we take care of maintenance after deployment. This option can be the most cost-effective for IT departments unable to hire or train the staff needed to maintain these environments.
A comprehensive IAM strategy could be the best defense against cybercrime targeting higher ed institutions, but without proper governance and insight into users and their identities, university IT departments could leave themselves vulnerable to threats.
