With increased focus on regulatory drivers such as Cyber Essentials, and an uptake in the number of cyber related attacks, the need for effective management of Identities within Higher Education (HE) institutions is now more prevalent than ever.
Turnkey Consulting, in collaboration with OpenText, held a roundtable event in January to bring together academic institutions to discuss shared challenges faced in successfully delivering Identity and Access Management (IAM).
This blog outlines the findings of the discussion and presents key areas of consideration when embarking on your IAM journey to success. The results, may surprise you…
Why IAM is important in Higher Education:
Unlike many corporate organisations, academic institutions face unique challenges when considering where to focus on IAM maturity:
- Students are Customers: Students expect a great user experience, and IAM is critical to this process. The drive for online learning places greater emphasis on the need to access resources seamlessly, from any device, from any location.
- Non-Students/Non-Staff: Access for many types of users that use University systems, such as library users, non-permanent associate lecturers, third parties research partners, etc., can be challenging without automation in place to manage these identities.
- Student Lifecycle: Identities are constantly converting through applicant, student, and alumni lifecycles, with thousands of new accounts required at peak times at the start of an academic year.
How can you address the challenges in relation to IAM:
Eight universities from across the UK provided their unique perspectives on how we can improve IAM within the sector. To support in focusing the discussion, Turnkey facilitated a series of interactive activities to foster a collaborative understanding of topics.
Turnkey asked the participants to prioritise the identified findings – let’s review the six priorities attendees wanted to see improve within IAM in Higher Education:
Primary:
- Awareness: Senior Management buy-in is paramount to delivering IAM enhancements successfully. It is common to see a lack of awareness around the necessity of IAM controls at a senior level. It can take a significant breach for the correct funding to be made available – which in some cases, can lead to extensive consequences. Consider how aware your board is of the risks associated with your current maturity, your strategy to progress IAM, and how additional support would present a Return on Investment (ROI) through a greater user experience, operational efficiencies, and a reduced attack surface.
- Perception & Visibility: Closely linked to the above point around awareness, how IAM is perceived within your institution plays a key role. IAM isn’t just about technology – it requires collaboration and understanding from multiple faculties including IT, HR, Library Services, Senior Leadership and Student Information teams to enable effectively. A common challenge discussed was a view that IAM is not seen as a key player, resulting in a lack of influence. Consider how the IAM team could be better integrated as a core function of the IT operation, how you could sell the capabilities IAM provides, and become more intertwined into the technology processes.
Interestingly, the primary focus points on how we might improve IAM in HE was unrelated to the technology itself. They centred around the need for awareness and adoption. Yes, technology plays a key role in maturity, but real success had been realised when key players understood the ‘why’.
Secondary:
- Business Change: This one is crucial and should not be overlooked. Documented processes for Joiners, Movers and Leavers, a well-executed communications strategy, appropriately enforced policies and procedures, and an overarching target operating model greatly support adoption of IAM within HE.
- Logic & Automation: When business logic effectively drives IAM processes, the benefits are far greater. Automation provides operational efficiencies and reduced costs, greater reporting, and visibility for an enhanced user experience.
- Improved Data Quality: Issues with data quality and integrity can have huge ramifications in IAM such as non-termination of accounts, mass deletions, or over privileging of access. Consider cleansing this by embarking on a review of the data within authoritative sources and implementing controls to detect and report on data validation errors.
- Privileged Access Management: With the Cyber Essentials regulation now applicable to HE institutions, Privileged Access Management (PAM) is becoming a must-have. As a minimum requirement, users who have privileged access should be recertified and an approval process should be in place to obtain new permissions.
Conclusion:
Choosing and configuring the right technology is important, but ultimately, it’s how you deliver this into the institution which achieves the best results. Senior management support and awareness is key, alongside the need for intelligent automation and improved data quality to drive operational efficiencies.
Turnkey Consulting has a vast range of expertise in supporting Higher Education customers globally and can support with strategy, advisory, and implementation, right through to managed services support. If you require any support in addressing the challenges identified, please get in touch using the contact section below.
Get involved:
If you would like to attend our next HE roundtable event, please let us know – we would love to see you there!
