How Identity Management Helps Protect K–12 Data
Why? Because identity and access management helps to ensure compliance with state and federal privacy regulations while preventing unauthorized access to sensitive data that can lead to security breaches.
IAM supports multifactor authentication and role-based access control strategies that are “indispensable in K–12 schools for safeguarding sensitive information,” says Ed Skoudis, president of the SANS Technology Institute.
DIG DEEPER: Schools must modernize their identity and access management programs.
A strong IAM implementation “not only enhances security but also reduces administrative overhead, allowing schools to focus more on education and less on managing complex IT systems,” he says.
That’s been the case in Orange County, where Kapur is migrating and consolidating multiple IAM tools onto the Identity Automation platform. Along with end-to-end lifecycle identity management, the platform offers “extra security controls, such as multifactor authentication and high encryption around our identities,” he says.
A self-service portal enables users to reset their passwords and will even disallow a password if it’s been compromised on the dark web. The IAM solution also includes privileged access management, a form of access control designed to safeguard the credentials of the highest-level users, such as system administrators.
With all of these capabilities, Kapur says, “we have simplified and automated management” across the identity lifecycle.
This approach is necessary in today’s heightened threat environment, says Sateesh Narahari, chief product officer at ManagedMethods, which incorporates IAM into its CloudMonitor platform.
With a proliferation of devices and more complex remote access needs, “the distributed environment is increasing the attack surface,” he explains. “If you just rely on the standard username and password, your risk of attacks is much higher.”
LEARN MORE: K-12 schools implement identity and access management solutions.
In addition, IAM helps K–12 schools shift toward a zero-trust security architecture.
When using a zero-trust approach, IEEE fellow Houbing Herbert Song explains, that “every access request must be evaluated and authorized constantly based on a series of factors, such as user identity, device security posture and contextual information.”
Kapur’s IAM efforts row in this direction. “Thanks to our IAM tools, there will never be an outlier where someone may have access to something they shouldn’t,” he says. “We also have the ability to confirm the device a unique user is using, making sure that that’s an approved device.”
Schools Should Keep These IAM Best Practices at the Forefront
For schools adopting IAM solutions, several best practices can help them to make the most of those investments.
Define the landscape. For IAM to be effective, “you first have to know what systems and applications you have,” says Susan Bearden, director of product marketing at Identity Automation.
“You also must know who needs access, what level of access they need and when they need that access,” she adds. “Is it temporary or permanent? You want to be very thoughtful about all of that.”
RELATED: Break down school administration silos for cybersecurity.
Manage access by role. It also makes sense to take advantage of IAM’s ability to deliver role-based access management for both on-premises and cloud infrastructures to stop infiltration attempts.
In Orange County “we’re limiting access by roles,” so that users can only access the data and systems that are required to do their jobs, Kapur says. “Only finance people can access finance information. Only HR people can access the HR systems.”
Engage the stakeholders. Identity management touches people’s daily working lives. In order to make effective use of IAM, it’s important to understand the needs of all stakeholder groups. This helps ensure the necessary safeguards don’t become stumbling blocks to productivity.
IAM “is definitely not just an IT project,” Bearden says. “It requires the participation of a broad group of stakeholders to ensure that you get the access and the permissions right.”
80%
The percentage of data breaches that are identity-driven
Source: crowdstrike.com, “Identity Protection,” July 11, 2023
How Identity Management Helps Schools Comply with Privacy Laws
Once a K–12 school has ramped up IAM, leaders can utilize the modernized tools of access management to better meet their state and federal compliance obligations around things such as privacy and data security.
“With a solid IAM tool, we have the ability not only to put these safeguards and controls in place but to then print reports and show the auditors we are following the least-privilege policy model. We are leveling authentication policies based on the sensitivity of resources,” Kapur says.
While IAM both informs and streamlines compliance efforts, it also promises to help K–12 schools go further. It empowers IT and security leaders to look beyond compliance as they work to safeguard systems and data in an increasingly adversarial cyber environment.
