I had the pleasure of recently taking part in the Identity Today podcast with Blair Crawford discussing Identity management and higher education, we briefly touched on where to start. Beginning the journey is about identifying the why, and CAUDIT has really helped here.

CAUDIT have released their top 10 topics affecting digital strategy for 2020. The paper provides a terrific insight into the priorities for higher education in Australia and New Zealand.

“The CAUDIT Top Ten is a vital tool highlighting the most significant areas of interest and opportunity for ICT leaders in Australian and New Zealand higher education and research sectors. ” From <https://www.caudit.edu.au/caudit-top-ten>

The Top Ten also provides a  and also provides a compelling case for identity management. Looking at the top 3, the question needs to be asked if these can really be achieved  at all without a modern and effective approach to identity and access management!

Reviewing the Top 3:

#1 – Information Security

Keeping digital assets safe is a key concern for most organisations, even more so for universities facing increasing cyber threats from sophisticated threat actors targeting personal and commercial data. The Australian governmant has identified universities as part of  “critical infrastructure” with the release of the new cyber security strategy .  The ANU breach showed the sophistocation that exists with these actors and was interesting for the type of information targeted, being the networks containing staff and student information.

Information security requires the effective management of access to digital resources, this involves identify people needing access and ensuring that only these people have access. Understanding who is coming into the organisation, what they have access to, and how they get that access is necessary to ensure the digital assets are safe. Identity management is a key part of any information security practice or compliance regime, and is called out in Information Security standards for bodies including ISO, NIST, and ACSC.

To address this need for identity management, it is necessary ensure there is visibility of access and processes to enforce policies governing and reviewing the access. How do we do that?

You could… throw a lot of manpower at managing and reviewing access using existing service desk and workflow automation tools, couple with spreadsheets and other bespoke and aging capabilities to enforce access levels. This is costly, both from a people power perspective required to run it and the impact on user experience, as well as the inherent risk of human error in driving these outcomes. Many organisations take this approach and have a fractured and incomplete view of user access.

OR… you can mature the approach to managing access through the use of modern purpose built tools with a policy and process framework to utilise these tools. Identity and access management capabilities allow the automation of management of user access, reducing the human effort of enforcing access and meeting compliance needs. Done right, you have a centralised view of all user access and automation to manage the levels of access across the organisation. Effective information security is difficult without these capabilities.

#2 – Supporting Student Success

Students are the primary source of revenue for higher education, ensuring their success is key to making universities successful and profitable into the future.

“Supporting student success as an institutional priority now pivots on seamless online access to teaching and learning, library resources, trusted assessment, and remote student support services.”

The digitisation of the learning environment has been happening for some time with a greater focus on providing a range of learning modalities for students so they can learn in ways they find most effective. Digitisation for universities also opens greater opportunities to extend their reach beyond the campus, there is a great article for the Harvard Business Review on this topic here.

The pandemic has accelerated the adoption of digital learning as the physical learning environment became unavailable. Of course as the learning environment changes, new challenges emerge.

Why is this relevant to how we manage identities?

In the excerpt above from the CAUDIT top 10, universities have a need to provide seamless access to multiple applications that provide a range of services from the university. Complicating this picture is the nature of providing courses means the students are not all the same, some may be award based undergrads, some may be short course students, some may be higher degree by research students, and all of them may also be staff!!

And it is not just seamless access, maintaining the integrity of learning drives a need to ensure people are effectively identified people while they attend exams which may involve continuous authentication, and of course ensure that students don’t have too much access.

Yes, we need to provide a seamless user experience, but is that all?

The need emerges to ensure that the digital environment is secure and the integrity of the learning environment is maintained.

Applying identity and access management principals to the student environment provides a method to bring student access across all services together so we can manage their life cycle based on the course entitlements they have and provide access to the tools they need when they need it. We can focus on a user friendly sign on experience that is secure and potentially brings together digital and physical access – why not use the same login to access a earning management system, and the lab environment. Modern tools remove the friction from authentication allowing a seamless access experience and opening the possibility for continuous authentication for when it is needed.

Once the is a single view of identity and access, it becomes manageable to enforce separation of duties approaches so we can prevent a student who is also a staff member from being able to see exam results for example. Add an open framework for secure integration with identity data means resource owners can easily integrate their systems to leave them in control of who has access while maintaining centralised view of access compliance.

It is hard to imagine meeting the needs of student success without a mature identity approach!!

#3 – Business Transformation

Business transformation is key to advancing the outcomes of universities. The current environment has forced significant change in delivering education services and the impact will be felt for many years to come????

“Business transformation takes hold when opportunity is picked from the midst of disruption with ICT expertise key to successful outcome.”

Digitally enabling business process requires a view of people in the organisation and ensuring that we have the right people in the right place.

For example we might need to track research projects against booking systems for shared equipment, having a central record of people and their entitlements allows us to better identify who is part of what project and align to bookings for equipment to allow tracking of equipment costs. Or we may want to introduce new systems the integrate, and want a seamless experience for user gaining access across a complex application environment, or simply want a simpler way to introduce new SaaS applications without increasing admin load on IT and business administrators.

Effective identity management provides a single view of identities (people, service accounts, IOT, etc) and the access they have. Bringing together the identity across multiple systems allows us to easily identity people and automate processes for provisioning and granting access and reporting across the application fleet. It allows us to on board new services with confidence and support a seamless user experience for students, staff, researchers.

What does this mean?

Identity management is an impactful area of investment for any IT department and provides real transformative benefits. CAUDIT has done half the job of identifying reasons for investment in higher education with the Top 10. Building on the challenges discussed above, a business case may be developed to justify the investment and quantify the benefit.