Password Protected: Identity Management Can Keep an IHE Safer, but Making These Systems Easy to Use Can Be Tricky
Millard, Elizabeth, University Business
ALTHOUGH IT CAUSES IT SUPPORT EMPLOYEES TO CRINGE, with reason, people sometimes recall passwords by writing them on Post-It Notes and sticking them to a computer monitor. In the past at Chippewa Valley Technical College (Wis.), that tactic would have begun to obscure the screen.
Before its identity management (IdM) strategies were made more cohesive by bringing together disparate systems on campus, faculty and staff frequently had at least seven passwords to remember. "There just wasn't a uniform system," says Chief Information Administrator Adam Stavn. "We began evaluating some of the products we had in place and integrating those with [Microsoft's] Active Directory." The college implemented "single sign-on" for about half its software and systems, which allows users to log in once to a webpage that acts as a portal to several applications.
"Mainly, it wasn't so much about the technical pieces, since there are many products available and we could always build something if we needed it," Stavn notes. "Instead, the hardest part was getting end users to understand new policies and procedures. It was more than a cultural change; it was a paradigm shift."
With more and more colleges and universities divulging security breaches, network lockdown has become a pressing concern everywhere. In its "2006 Current Issues Survey," EDUCAUSE identified security and identity management as the top IT issue for higher ed institutions. The survey report predicts that the challenge to keep information safe will become even more crucial in an increasingly digital world.
Security controls that route network traffic, create extensive logs, and do high-level intrusion detection are vital, but equally important for IHEs is the ability to verify system users. If someone can easily pose as a student or administrator and surf through sensitive databases, it puts the entire institution at risk and makes online data vulnerable to further breaches.
But meeting institutional needs can sometimes be tricky when it comes to making the user experience an easy one. As Chippewa administrators found, securing multiple systems and requiring numerous levels of authentication can be frustrating for users--and lead to more support costs in the long run.
As institutions work to keep data and networks safe, they're learning to balance user needs, implementation challenges, and funding limits, and finding there's much more to IdM than setting up a password protection scheme.
Although IdM is necessary for institution-wide security, the tactic has other benefits for IHEs as well, including compliance with federal mandates like the Health Insurance Portability and Accountability Act, the Family Educational Rights and Privacy Act, and the Gramm-Leach-Bliley Act. Most colleges and universities have already stopped using Social Security numbers to identify individuals, due in part to legislation that mandates the utilization of other identification methods.
In addition to boosting security and privacy, IdM systems can also bring more budgetary and resource efficiencies into an institution--through lowered support costs, better communication among departments, and a more cohesive on-campus system.
But seeing IdM'S benefits and putting in a crackerjack system can be two different things. According to the network infrastructure research and advisory firm Burton Group, IdM isn't just technology, but a set of business processes, policies, and supporting architecture for the creation, maintenance, and use of digital identities. In other words, an institution's CIO had better have significant openings in his or her schedule, because the meetings will be ongoing.
"In creating a workable system, you're trying to balance the needs of many people and meet goals of collaboration without sacrificing security and privacy," says Dan Nanto, software architect in the Information Technology Services department at Vanderbilt University (Tenn. …