Identity Stack #1 - Solutioning IGA in Higher Education

We sat down with KeyData Cyber CTO Brian Read to discuss the challenges Higher Education institutions face when attempting to safeguard the data of thousands of students, faculty, researchers, alumni and guests in a highly mutable environment while remaining compliant and dodging frequent and sophisticated cyber-attacks. Read below and make sure to listen to the audio series here.

According to Crowdstrike’s 2024 Global Threat Report, higher education is a favorite target for cyber criminals, a claim we frequently see validated in the news and in the field.

In fact, stolen academic data was by far the number one asset advertised for sale by access brokers, ranking much higher than industries we typically think of as vulnerable, such as healthcare and infrastructure.

When we think of academic data, we tend to think of student registration data or academic records, but there’s so much more. Many higher education institutions are also centers of innovation with well-funded research facilities, where new ideas are tested, and new technologies are developed. These research and development activities generate valuable intellectual property.

At the same time, many of these well-funded research facilities have a critical vulnerability – inadequate identity governance and access controls. Funding is incredibly tight for most educational organizations and competition for budget across departments is fierce.

Even with all the sensitive data that is collected and stored by these institutions, quantifying the ROI of proactive security measures can be nebulous, making it hard to secure the necessary funding. The end result is a security architecture that is under-resourced and unable to meet today’s security challenges.

Higher Ed’s Unique Security Challenges

As Brian explains, aside from the budgetary constraints and the sprawling user base, higher education institutions also tend to operate within silos, with little to no visibility across campuses or even departments. “This lack of visibility hinders your SoC’s ability to rapidly detect and react to a breach. When every second counts, the consequences of this blindspot can have devastating consequences, exposing the institution to potential lawsuits and eroding public trust”, he adds.

Rapidly-advancing technology creates another vulnerability for higher ed. While they may be centers of research, development, and innovation, these large organizations are like an oil tanker trying to defend themselves against a swarm of speedboats – they struggle to adapt and evolve as cyber criminals find new ways to exploit and infiltrate their networks.

Most colleges and universities are tied to legacy systems that were not designed to integrate seamlessly with today’s on-prem and cloud-based security tools. And, without the necessary funding to upgrade and fortify their security architecture to meet the need, they are left to operate with workarounds and quick fixes that leave them exposed.

The Business Benefits of Identity Governance and Administration

With a proper system for managing user identities and their access to sensitive data and applications (Identity Governance & Administration) in place, organizations can automate the entire lifecycle of user access, granting access when it’s needed and revoking it when it’s not.

“The first business benefit of IGA that comes to mind is a reduction in Risk. By enforcing policies of least privilege and implementing separation of duties, IGA strengthens your security perimeter where it’s needed most – at the identity level”, Brain highlights.

Higher education institutions face difficult identity security challenges, including a wide variety of personas and a user-base in constant flux. Higher Ed. SoC’s can easily get bogged down in the sheer volume of access requests coming in from students, faculty, staff, and alumni, particularly if they don’t have the tools and processes in place to manage JML functions in a timely fashion. According to Microsoft’s 2024 Digital Defense Report, abandoned or mismanaged credentials create significant vulnerabilities. Implementing a robust IGA program is essential to close these loopholes and protect your data.

Brian adds “With a mature IGA security architecture, institutions unlock other important benefits, including a better user experience, increased visibility over identities, roles, and user behavior, and a lower cost of ownership compared to security programs reliant on manual processes.”

IGA in the Real World


Brian walked us through our recent work with a major North American public research university that sought to improve their security by upgrading and enhancing their implementation of SailPoint IdentityIQ.

As a Higher Ed. institution, our client faced several challenges, including siloed security programs, resource constraints, and manual processes. Without a fully adopted and upgraded security program, they didn't have the visibility or control they needed to fully secure their institutional data.

One of the challenges they faced was multiple sources governing user access, resulting in overlapping permissions and roles. At the same time, they had some user roles given more access than was necessary. Specifically, the university needed to redefine access for applicants who had been accepted to the school but had not yet become “students”.

In line with our Best Practices, we advised the university to re-align permissions for incoming students and only activate students who manually claim their ID.

This solution effectively solved both problems by creating a new workflow for student user onboarding. During the first time registration process, students validate their name, DOB and unique barcode. This creates a University ID in the PeopleSoft system and activates it. If an onboarding student is found to already have an ID in the system, they are directed to the Forgot ID workflow, effectively preventing the creation of duplicate user accounts.

Next-gen security tools will provide an even more robust solution, with fuzzy matching to correlate disparate sources based on various inputs.

While onboarding is just one small piece of your overall security picture, correcting this problem had big benefits for the organization, from improved workflows to a more secure, seamless onboarding process for incoming students.

How CISOs and CTOs Can Finally Sleep at Night

Tired of lying awake at night, counting vulnerabilities instead of sheep? Tired of patching holes instead of repairing them? Tired of bearing all the responsibility with none of the visibility? With strong identity governance and administration, you’ll have the visibility and capability to manage users, monitor access, and defend against identity-based attacks in real-time, so you can rapidly deploy the necessary resources to prevent a damaging breach.

You know what your ideal security program looks like, but how do you get there from here? The first step is to conduct a comprehensive evaluation of your current state security architecture, assessing your organization’s unique needs, deficiencies, and limitations.

“Obviously, for your own benefit, your roadmap should be kind of tailored to the costs, the budget of your program, the types of resources that you have and their availability, and any other dependencies that you might have from other departments or other projects that are also currently underway. It does require some thought and it does require some dedicated effort to keep it up to date. Once you've got your plan in place, then you can talk about executing some of the key IGA capabilities. But so often we find that organizations jump the gun, and their plan is not complete. In short, that's what I would advise a CIO or a CISO to action when they get up tomorrow morning.” Brian advises.

As a leading IAM/IGA systems integrator, KeyData Cyber is here to help. We work with higher education institutions throughout North America, offering advisory and assessment and implementing best-of-breed solutions to help you reach your target state architecture. Contact us today to learn more.

Read More

Applying a business-driven approach to meet today’s IAM challenges
Improving IGA with a modern security architecture for a Top Ranking University
Improving Secure User Access and Streamlining Operations

Don't know
where to start?

Looking to assess your current state, map out strengths, identify gaps and design a tailored roadmap to an optimal target state IAM program?

Book your complimentary assessment workshop and get started today.

Get Started
KeyData Cyber Logo

Copyright © 2024 KeyData Cyber.
All Rights Reserved.

keydatacyber twitterkeydatacyber facebookkeydata-associates linkedinkeydatacyber instagramKeyData Cyber youtube