Key IAM Automation Policies and Controls for Stronger Governance

Kevin Nix

September 15, 2020

One of the most unique challenges of identity and access management in higher education is the complicated life cycles and overlapping roles of users. The roles of students, professors, and other staff within higher education are constantly evolving and require varied levels of access. 

To keep users secure and systems compliant with governance requirements, colleges and universities need an IAM solution that keeps up with these flexible structures. Still, many schools stick with manual homegrown, legacy systems because of the belief it’s the only way to ensure both flexibility and security. But there is a simpler solution. 

Strengthen Governance and Cybersecurity Through IAM Automation Controls

By introducing the right policies and IAM automation controls (i.e. features that reduce inappropriate access rights), colleges and universities can not only better regulate appropriate role-based access across networks but also strengthen governance and cybersecurity. 

Enforce Authentication and Password Security

Every time a user logs in, they access confidential information. Whether they are searching the library’s database or entering their home address and billing information for tuition payments, each login involves valuable details, which attracts hackers.  

The first step to protect this data is to ensure that each user is verified when logging into the system. While there are methods in place to ask the user to self-identify (such as answer a security question), a multi-factor authentication (MFA) control is the most secure way to verify a user. By replacing passwords and security questions with tokens or PINs sent to separate devices (e.g., a smartphone), MFA enables a secure, seamless process across systems. 

MFA also plays an important role when users forget their passwords because they can be automatically authenticated without the need for IT support to manually step in. Last spring when schools went virtual as a result of Covid-19, students began logging into university and college systems from all over the world. This posed the threat of not recognizing hackers based on obscure locations. Multi-factor authentication provides additional security to meet governance requirements, even with new remote and hybrid environments.

Streamline Complex System Access Requirements

In addition to managing complex roles, most universities and colleges require that information be shared between schools and departments and even third-parties (i.e. research partners at other universities and institutes). With all of these access levels to consider it can be challenging to ensure everyone has the access they need and nothing more. This is why Segregation of Duties (SoD) is crucial and especially helpful in keeping systems secure and compliant with any governance requirements. 

Put simply, SoD defines the set of entitlements that should not be assigned at the same time to any one user. Ultimately, SoD prevents conflicts of interest within overlapping roles as well as failures in the system that could expose it to a security breach. 

Automate Account Deactivation

The typical four-year structure of colleges and universities means that these institutions are turning over thousands of graduates each spring. Imagine manually terminating and migrating all of those accounts each spring. Undoubtedly, it would be a time-consuming task that’s incredibly susceptible to human error. 

By automating the deactivation of these accounts via IAM controls, schools are able to expedite the process and enforce governance and cybersecurity requirements by preventing the system from filling with orphaned or dormant accounts.

Securing IAM solutions while prioritizing security and governance has always been a complicated task for colleges and universities. Now, with the added challenge of remote and hybrid learning environments, the need for a simpler solution is even more apparent. Homegrown legacy systems are not sufficient. By incorporating these fundamental policies and automated IAM controls, schools can take tedious tasks off their to-do list while achieving governance and cybersecurity success.