As universities and colleges continue to navigate the digital era, it's crucial that we anticipate the trajectory of fundamental security technologies such as Identity and Access Management (IAM) and Privileged Access Management (PAM). These technologies are important for IT Directors and Chief Information Security Officers (CISOs) in post-secondary institutions as they manage an extensive array of user identities and access rights while keeping their institution’s intellectual property and data safe.
IAM and PAM will play an increasingly crucial role within higher education institutions in 2024. For many institutions, this landscape hasn’t changed much for five or more years. But key regulatory shifts, plus the inevitable impacts of Artificial Intelligence (AI), including Bring-Your-Own-AI (BYOAI), will trigger notable change including:
- Guidance from Federal Student Loan Program to adopt National Institute of Standards and Technology (NIST) 800-171 to help follow Gramm-Leach-Bliley (GLBA) Act so institutions can take part in Federal Student Loan Programs.
2. The explosive growth in AI, the myriad of areas it can be applied to, and the need to govern and control the data and access the AIs are given.
3. Cybersecurity insurance coverage and premiums, including their technological requirements, will become major points of concern.
a. The rise in premiums is reaching a plateau but demand for stricter controls increases
b. Zero-trust becomes elevated to boardroom or cabinet status
c. Insurance requirements start to include IAM
4. Continually growing attack landscape with increasingly remote learning and coordination between institutions for research.
Navigating the Shift from On-Premises to Cloud-Based IAM and PAM Solutions
More compliance regulations combined with an increase in the threat of cyberattacks have triggered an interest in cloud-based IAM solutions. Being able to adopt solutions that help universities and colleges solve today’s challenges cost-effectively is of paramount importance. The rapid evolution of needs seen in the last five years means long and complex upgrade cycles experienced with on-premises solutions are no longer acceptable. Efficient deployment, scalability, accessibility, and automatic updates are key elements in the drive, from legacy or bespoke IAM and PAM systems to cloud-native solutions. This transition is expected to enhance the security and flexibility of IAM solutions while simultaneously reducing maintenance costs.
Some institutions may find that shifting to cloud-based solutions is not necessarily easy. Many cloud IAM and PAM solutions are not designed to handle the unique challenges within higher education like complex affiliations, provisioning and de-provisioning at scale, or automating updates to maintain compliance. Key questions many institutions have include:
1. How can secrets and data be shared securely across federated institutions?
2. What does federation and access control look like with AI actors taking part in research?
3. How can access be granted and governed to small bespoke systems used by 5-200 people?
4. How can people cost-effectively integrate with, assess, and manage the true scope of systems at institutions?
5. How can I now handle this with AI’s needing to be provisioned, de-provisioned, and cover all of the above questions? Do I need to model AIs just like a person?
6. How can all this be integrated into a robust SIRTFI program so you can have confidence nothing falls through the cracks?
Integrating AI with Identity Access Management (IAM) in University and College IT Infrastructure
Getting back to basics and ensuring they are fundamentally in place is going to be even more critical in the age of AI. AI can be revolutionary for research, student learning, and driving operational efficiencies. Introducing AI assistants for employees will increase efficiency. Multi-AI research teams will break new boundaries of learning. AI tutors for students are only just now being conceptualized to empower students in ways we’ve yet to experience. All those AI use cases will have access to sensitive, personal, and confidential information. AI offers many potential benefits, it also raises new challenges, particularly in terms of data privacy and security.
Embracing AI in the Institutional IT Landscape
Universities should incorporate AI in their institutional IT landscape by investing in necessary infrastructure, fostering AI literacy among staff and students, and ensuring ethical and responsible use of AI technology. Within the IAM and PAM landscape, key considerations institutions will need to examine are:
1. How will universities and colleges handle the information responsibly?
2. How do you know when AIs need to be provisioned? Deprovisioned? Or transferred to someone else to own?
3. Should AI’s checkout privileged access only when needed?
4. Without a comprehensive system wide view of identities and access, your AIs are rapidly going to become your new “Service Accounts”. A dark and mysterious part of most institutions.
Prepare for IAM and PAM Digital Transformation with Identity Analytics
It's crucial for universities to navigate the shift to cloud identity security and implement AI in a thoughtful and controlled manner. Being proactive with planning with help ensures you can tackle the challenges we are all going to be tasked with handling in 2024 and going forward. A practical approach is to first focus on the fundamentals:
1. Universities and colleges will need to navigate the shift to cloud identity security and implement AI in a thoughtful and controlled manner. Being proactive with planning with help ensures you can tackle the challenges we are all going to be tasked with handling in 2024 and going forward. A practical approach is to first focus on the fundamentals.
2. Do a little house cleaning. Remove orphaned accounts. Remove convenient but inappropriate group memberships. Fix important identity attributes that may have been right in the past but no longer reflect reality.
3. Build up an inventory of your systems, user accounts, groups, people that you can have confidence in.
4. Build up a set of compliance rules that allow policy violations to be surfaced.
Platforms that focus only on Employees, or Students, or Suppliers and others will create security gaps. It's going to be critical that Higher Education Institutions choose a holistic cloud platform. Auditors are starting to dig deeper and ask questions such as “Why is this service account there?” and "Why isn't this user account in scope for your PAM solution?”. Being able to take a system-wide perspective will be critical going forward to ensure identities of all types are not falling through the cracks of your program. Identity Analytics tools, like Bravura Cloud, can help you assess your starting state in an afternoon and begin to develop a plan from which you can build a modern identity program.
One of the biggest roadblocks for universities and colleges to start an IAM program is often a lack of resources, including budget constraints and limited IT staff. Working with industry experts can help you strategize the readiness work you need to complete before budgets are approved, and also help you prepare a plan that will help you secure the budget you need to move forward.
By the end of 2024, the landscape of IAM and PAM within higher education will be influenced by several trends, including adherence to changing scope of federal funding programs, the proliferation of AI identities, the shift towards cloud-based solutions, and the union of IAM and PAM. To prepare for these changes, IT directors and CISOs in higher education must begin strategizing and investing in the right technologies and practices today. While it can seem overwhelming, many universities and colleges are already well down their digital transformation journeys and have proven success to their teams. With the help of industry experts and learning from peer institutions, starting an IAM program can begin with a holistic scan of your environment with Identity Analytics tools like Bravura Cloud and a consultation. The future of IAM and PAM with the addition of AI and more efficient cloud solutions promises more secure and efficient management of identities and access in our colleges and universities, protecting your data and integrity.
The digital landscape has changed and the authentication techniques we've relied on for years have given way to faster and more secure solutions. Still, one thing...
Identity-related cybersecurity breaches are on the rise. If you're in a position where you need to know how to communicate identity security to your boss, you've seen...