For this reason, colleges and universities have historically built their own IAM systems, relying on institutional expertise to create technologies custom-tailored for their environments.
This homegrown approach has served institutions well for decades. However, higher education’s emerging reliance on hundreds of cloud services has pushed the teams maintaining these solutions to the brink. IAM teams across higher education can struggle to keep up, as several new integrations are in demand each year.
Commercial IAM for the Cloud Environment
Many technology leaders now recognize that commercial IAM solutions can better keep pace with the cloud’s fast-changing environment. To better serve students, faculty and administrators, the time has come to adopt more efficient systems.
Technology professionals studying the IAM vendor landscape face an enormous decision. It will be a massive undertaking to implement the IAM platforms they choose. Once in place, IAM will play a pivotal role for an institution’s cybersecurity program for years to come — if not decades.
To assist university IT leaders with this decision, here’s a look at some key factors to consider when selecting an IAM platform for higher education.
Scrutinize Vendor Reliability
IAM platforms join Infrastructure as a Service providers, networking vendors, and database platforms at the heart of an institution’s technology stack. A failure in any one of these critical components could bring an institution to its knees. In fact, the instability of homegrown solutions is often one of the driving forces behind a move to adopt a commercial IAM platform. When the IAM system goes down, students, faculty and administrators find themselves unable to log in to any systems.
For this reason, teams must carefully scrutinize the operational credentials of vendors under consideration. Negotiate service-level agreements and look beyond the text at the vendor’s track record and architecture. Do the promises the vendor makes in agreements seem viable in light of the state of the technology? Does the vendor have a track record of successfully managing operational issues?
Assess the Breadth of Integrations
The rapid pace of adopting new cloud services is another critical factor that drives the adoption of commercial IAM platforms. Teams find themselves stretched beyond their limits as they keep up with the demands of integrating newly adopted services.
But commercial platforms come pre-built with hundreds of integrations for popular services. Analyze the array of existing integrations against the services used by your institution. How many of your current services are covered by the candidate out of the box? How many will require custom development work?
In addition to examining your existing services, get a sense of the pace of development for new integrations. When new services become popular, how quickly does the vendor release an integration? Is it likely that new integrations will become available before you need them? This can help IT departments avoid time-consuming manual integrations.
Consider the Ease of Use
The IAM platform resides at the core of technology infrastructures. However, in an ideal world, users should be barely aware it exists. How seamless is the IAM technology? Will users rapidly adopt it? In particular, how convenient is the multifactor authentication experience? If you continue using your existing MFA approach, will it integrate seamlessly with the new platform? If you migrate to the MFA technology offered by the IAM platform, can you accomplish that migration with minimal inconvenience for users?
Make sure you consider the ease of use for the technologists operating the IAM back end as well. Is the administrative interface intuitive? How well does the platform integrate with other components of your cybersecurity program?
Commercial IAM platforms offer educational institutions a variety of important benefits. Institutions that have not already migrated away from homegrown approaches will likely do so in the coming years. The selection of a new IAM platform is a decision that will affect an institution for years to come. Technology leaders should treat this migration with the attention that it deserves.