Higher education institutions are gearing up for a long-term hybrid future, as a result of the COVID-19 pandemic. A recent Deloitte Insights report finds that a hybrid approach will allow institutions to become more resilient during future disruptions – whether pandemics or natural disasters – help institutional leaders better manage costs and pedagogical demands, and ultimately become more student-centered.
However, as connected devices across campuses and beyond continue to proliferate, networking, security (associated with a broader attack surface), and storage needs and complexity have skyrocketed.
Identity and access management (IAM) present unique challenges in hybrid environments. College and university IT teams need to authorize and authenticate users’ identities quickly, to ensure they can securely access the resources they need. In many cases, these processes require in-person interaction to verify documents. Institutions also must dedicate enough resources to ensure they can meet all reporting, certification, and privacy requirements.
In the quest to support a hybrid future, colleges and universities must tackle IAM challenges to ensure the highest levels of security while delivering a seamless learning experience, and dedicating more resources to valuable strategic work – as opposed to tedious tasks.
More Time Administrating; Less Time Modernizing
University privacy and identity authentication may be based on individual citizenship, not where the institution is located. For example, a university may have students from Europe, so they may need to consider General Data Protection Regulation (GDPR) requirements for those students. They may also have students from various U.S. states, which may have different requirements, and some of which could apply extraterritorially. IT teams have to make sure that they properly track administrators and audit logs.
Further, the proliferation of devices both on and off campus, as well as a growing roster of applications, introduces a wider attack surface and significantly greater risk and complexity.
Legacy IAM systems aren’t designed to handle remote needs. College and university IT departments are often tasked with managing a sprawling collection of on-premises systems, homegrown apps, and legacy protocols. As such, IT teams spend the majority of their time simply managing these environments. For instance, one large university counted 3,500 IT calls annually to reset passwords. On average, IT spends 15 minutes resetting a forgotten password, according to Okta. This equates to roughly 875 IT hours spent resetting passwords for this particular organization per year.
Easy, Centralized, Secure: Keys to Identity and Access Management
To support today’s student and learning environment – and optimize increasingly stressed resources – universities look to centralize and modernize their IAM environments, according to Rob Forbes, senior cloud architect at Okta.
A centralized IAM platform can include single sign-on, multi-factor authentication, and lifecycle management to securely connect the right people to the right technologies at the right time – whether they be students, staff, parents, or alumni. The environment nearly eliminates IT time spent managing the student lifecycle by automating provisioning requests and updates to profiles. And it completely eliminates service reliability/maintenance costs, connector costs (for new apps), and ongoing connector maintenance. Modern IAM solutions provide adaptive multifactor authentication, which helps protect important personal information that makes colleges and universities a target for cyberattacks.
Okta’s Forbes maintained that centralizing identities and controlling provisioning access through a central system gives IT teams better control of the dynamic, shifting environments in colleges and universities.
“The best first step to centralize your IAM solution is to look at your existing landscape and figure out where your identities live, and understand the lifecycle flows in those siloes, so you can consolidate them,” Forbes said.
For most institutions, it’s a gradual process.
Forbes recommended campuses take a migration approach, where IT teams take their well-understood applications and processes – such as getting people into Windows – and replicate those. Then, IT teams can look to the niche use cases; for example, an application that has been running untouched for more than 15 years.
Streamlining and Securing IT Processes
In addition to security and compliance, a primary goal for modernizing an institution’s IAM is to free up resources focused on help desk tickets or other repetitious tasks, Forbes explained, so IT teams can take on vital modernization efforts.
“If a student has access to the right systems in a timely fashion, they can do their work faster because they’re not waiting days to access applications or get help,” he said.
“If teams can deploy new applications to let alumni make donations easier, or allow parents to pay student bills without hassle, they can really change the dynamic inside the organization,” he added.
The care and feeding of systems now consumable through Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service can take the load off of higher education institutions. And that can free up considerable time so IT teams can focus on things like compliance, certification, governance, DevSecOps, mobile applications, and more.
“This becomes the focus – take commoditized services and leverage modern approaches, so you can focus on higher value work, processes, and procedures,” Forbes said.