How can institutions keep track of it all to assure IT and network security?
What Is Identity Governance and Administration’s Role?
College and university IT departments use identity and access management — and in some cases cloud identity entitlement management (CIEM) — to administer and monitor user identities. This allows IT staff to assess activities internally and in the cloud, but these technologies might not suffice in a large, diverse user environment if there isn’t an overall technology framework within which to place them.
Identity governance and administration (IGA) provides this overarching framework, along with identity policies and security solutions.
Like IAM security, IGA can track user access and activities on-premises and in the cloud. However, IGA can go further, because IAM functions can be linked to IGA software to create a complete, seamless solution that can manage all user identities across the cloud and on-premises. While this is similar to IAM, IGA additionally addresses audit needs and automates compliance requirements in a uniform way across all assets, which IAM can’t do.
DIVE DEEPER: Compare identity management solutions for your institution.
The ability to integrate identity policies, identity operations, and audit and compliance requirements in a single piece of software — with IAM and possibly CIEM fitting neatly underneath the IGA umbrella — provides greater security and gives IT administrators stronger control over user identity access and actions in both cloud and on-premises environments.
Why Is IGA a Good Fit for Institutions of Higher Learning?
The complexity of higher education environments creates a need for an all-encompassing IGA approach that can govern, administer and monitor access at all points.
The job of managing access for tens of thousands of users — ranging from instructors and professors to students, contractors and administrators — is daunting, with users frequently changing or serving in multiple roles. Students graduate or transfer to other departments, for example, and new students enroll. A student in medical school may lecture part-time in the chemistry department as a teaching assistant.
Layered over this is the decentralized nature of academic institutions, which often have multiple campuses, buildings and networks, in addition to online, remote learning.
IGA allows IT departments in higher education to address all of these complexities.
What Is the First Step to Implement Identity Governance and Administration?
The first step in a total IGA strategy has nothing to do with software. Instead, institutions of higher learning should assemble IT and key administrative and academic players to determine what the rules of identity governance and behavior should be.
DISCOVER: Get the guide to credential management in higher education.
This isn’t easy to do since many education users today move deftly between clouds with ease, with few governance limitations. Plus, people, time, resources and budgets are likely limited for a project that might not be popular.
But can educational institutions afford to look the other way?
According to an October 2024 Microsoft report, the education industry is the third-most-popular target of cyberattackers, averaging 2,507 attacks per week. Microsoft stated that it was blocking more than 15,000 emails per day that targeted education institutions with malicious QR codes.
What Is the IT Team’s Role in Creating a Roadmap to IGA?
A university’s board of regents and top administrators will understand this risk, but it’s up to IT teams to explain what IGA is, how it can achieve optimal security and what’s required to implement it. CIOs should also develop IGA roadmaps that can rightsize their IGA efforts to the budgets and operational bandwidths of the institutions they support.
To do this, CIOs should first procure support from key stakeholders by meeting with them individually to explain the need for IGA as an overarching security technology and policy platform for digital security.