Identity Management in Higher Education

Introduction

Technology plays a crucial role in the universities and institutions where students, alumni, faculty, and staff depend on high-tech services and tools to study, live, work, and play. As these institutions embrace the Internet for student services, administrative systems, research projects, self-service, and profile management, online security is at a premium. Users must feel protected for web channels to grow and enhance the user experience. At the same time, compliance mandates have become more complex and university breaches become more numerous; both which threaten the institution’s assets and brand name. Institutions that cannot meet this security demand will suffer.

PathMaker Group can help prepare educational institutions for these challenges by developing solutions for:

– Centralizing application access control.
– Providing strong, multi-factor authentication.
– Providing sophisticated real-time risk analysis and access prevention based on events and rules.
– Automating routine account management activities.
– Meeting regulatory requirements for reporting and attestation.
– Enabling new modes of inter-campus interactions.
– Protecting user identity data with a secure, scalable and highly available infrastructure.
– Bridging islands of user identity information across a variety of infrastructures.

Challenges in a higher education environment

Identity issues have been driven by global concerns common to all industries and user communities. Still, like most technologies, IdM underscores specific concerns and constraints in higher education institutions. The following are some of the more common challenges that have been encountered by Pathmaker Group team members within the higher education vertical:

Diversity of Constituents and Infrastructures

The extremely wide range of activities that higher education institutions engage in, matched by a wide range of constituents who come and go continually, means that colleges and universities have diverse technology infrastructures and often multiple identity systems. Furthermore, since the institution doesn’t own many of the machines connecting to the network, practical and political limits restrict an IT unit’s ability to impose standards and rules. IdM systems and protocols must be able to meet these demands and constraints flexibly.

By applying a consistent model for the identification and classification of user constituent groups and their impact/role in various on/off campus infrastructures, Pathmaker group can assist in aligning your institutions user base with accepted best practices within the IdM and IT security industry.

Highly Dynamic User Population

Higher education institutions need to manage access privileges for a highly dynamic user population across a variety of systems new students enroll each year, while a large population graduates and moves over to alumni status. Understanding these relationship and how they are more accurately reflected within the framework of various vendor solutions is a key differentiator with PMG and its competitors in the IdM services landscape.

Complex & Fluid Role Model

Roles at a university can be quite fluid, e.g., a student can also be an employee and teaching assistant. Role management solutions allow users to be assigned privileges based on their affiliation with the institution, and re-assigns privileges as their affiliations within the organization change. Additionally, Pathmaker Group is experienced in implementing product features such as who-has-access-to-what reports and attestation automation, which ease the burden of regulatory requirements be they self-imposed or legally mandated.

Specialized Applications

Like all industries, higher education has its critical vertical-specific applications that must be incorporated into the identity infrastructure. Student administration, e-learning, grants management, library management, and fundraising systems are only some of the specialized applications that may require integration efforts not built into off-the-shelf IdM solutions.

PMG’s vendor neutral approach to solving the problem of integration into industry specialized applications provides us the ability to develop utilizing the most appropriate tool for the given job. As such, the Pathmaker team has effectively provided customized mechanisms to manage/control access and entitlement to specialized applications utilizing virtually every tool & vendor available today in the IT Security & IdM vendor landscape.

A Research Environment

Institutions with a research mission have additional network and identity issues. Much research requires involvement with experimental, bleeding-edge technology; specialized software and hardware; extremely high performance requirements; and compliance with regulations covering grants, contracts, and research protocols. Like many other elements of this environment, its identity infrastructure often demands capabilities beyond those built into commercial solutions and mature technology standards.

Decentralization

Many colleges and universities, especially larger or research-oriented institutions, have a decentralized culture. In such an environment, central IT often controls only a common core of services, while schools, departments, research institutes, hospitals, and other entities control their own networks and applications. Identity functions have historically been decentralized along with the rest of the infrastructure, often providing a good fit for local needs but adding redundancy, ambiguity,
and inconsistency to the overall enterprise identity capability.

Building federated user communities that span global university boundaries represents an opportunity to access and share research data with affiliated academic and commercial institutions. PMG can help your institution implements a standards- based solution that integrates with your current infrastructure that will make these kinds of interactions possible.

Regulatory Environment

U.S. higher education institutions, like organizations of all types, have been bombarded by new regulatory controls over the privacy of personal information. Familiar laws protecting student information include the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). More recently, institutions have also found themselves subject to disclosure rules for financial information and identifiers (Gramm-Leach-Bliley Act) and a wave of state laws, spearheaded by California’s SB 1386, defining protocols for the notification of anyone whose identifying information may have been compromised in a security breach. The European Union’s more comprehensive approach to data privacy, embodied in the European Data Protection Directive (EDPD), establishes protections on personal data, including limits on its transfer, and adds regulatory concerns that will affect many U.S. institutions with overseas campuses or students and personnel who are protected under the EDPD.

All too often, regulatory concerns are only addressed after IT Security and IdM services have been implemented and or designed (or worse, after an incident resulting from non-compliance). Pathmaker Group’s extensive experience in the regulatory compliance space allows us to include such considerations during requirements gathering, design, and implementation phases of a project. This not only decreases overall time redressing solutions after the fact, but also ensures that regulatory considerations are addressed during each phase of an IdM project.

Conclusion

Universities are being challenged to secure student, alumni, faculty, staff and constituent access to various information systems, strengthen user authentication, and simplify the user experiences across multiple applications running on heterogeneous environments. Pathmaker Group’s team has a proven track record of delivering highly robust solutions for providing manageable, secure, access control to all web applications based on the policies of the institution.