Campus Security and Identity Management in a Banner World Aaron Perry November 23, 2009
Agenda What is Identity Management? What we typically see in Higher Education institutions Challenges faced by Higher Education Institutions IAM Business Drivers & Benefits Higher Education IAM Architecture Banner IdM Case Studies Q&A
Setting the Stage… What is Identity Management? A set of processes and a supporting infrastructure for the creation, maintenance, and use of digital identity - 80% process - 20% supporting infrastructure Keys to successful implementation… Support and involvement at all levels (Provost, Registrar, Dean, CIO, Process Owners, System Administrators, etc.) Governance and the authority to enact decisions Identification and Management of “Sources of Truth”
IAM Solutions Address Top Issues faced by Higher Education Institutions IAM can improve security, reduce costs, and protect privacy Security breaches / business disruptions Operating costs / budgets Data protection / privacy Large and growing number of Institutions have experienced IT Security “Breaches” in last 12 months. Unauthorized access to sensitive institutional data Research database hacked Breaches of Student & Faculty SSN’s Breaches of PII Information
More breaches than ever… 3/28/2017 More breaches than ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 630% Increase Total Personally Identifying Information Records Exposed (Millions) Source: DataLossDB http://datalossdb.org Note total represents cumulative number since once exposed the data is out there – the bell can’t be unrung. http://online.wsj.com/article/SB123249174099899837.html Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach Source: DataLossDB, Ponemon Institute, 2009 Oracle Confidential 5
More threats than ever… 3/28/2017 More threats than ever… 70% attacks originate inside the firewall 90% attacks perpetrated by employees with privileged access Oracle Confidential 6
Q & A To what extent is your institution considering or implementing an identity and access management solution? Not considering Currently evaluating Planned, but won’t start within the next 12 months Plan to start within the next 12 months Implementation is in progress Partially operational Fully operational
2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Strategic Importance Security (2) Administrative/ERP/information systems (3) Funding IT (1) Infrastructure (7) Identity/access management (4) Disaster recovery/business continuity (5) 2007 ranking in parentheses
2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Potential to Become More Significant Identity/access management (2) Security (1) Funding IT (3) Disaster recovery/business continuity (4) Administrative/ERP/information systems (5) Infrastructure (8) 2007 ranking in parentheses
What we typically see at Higher Education Institutions
Challenges and Issues Typical HE Challenges and Issues Data No single view of identity data across applications Inconsistent user identity data Multiple repositories of user identity data Lack of defined standards for user attributes Many identity owners & sources Supportability Administration performed both centrally and locally Manual, paper-driven processes work, but lack audit ability IT staff is stretched, especially as new projects are defined and started Infrastructure support team has a wide range of responsibility with limited means Typical HE Challenges and Issues Growth Use of web-based applications continues to grow Increasing demands for new services Need to support within current spending levels Affiliate community is always growing Institutional Culture Priorities may vary on a per school or campus basis Varied and complex user populations Many institutions “bend over backwards” to provide the highest levels of service to their students 11
Typical Higher Education Reference Architecture – General View
Banner OIM Reference Architecture
IAM Business Drivers Business Facilitation Cost Containment Improve productivity through streamlined, automated processes and efficient provisioning and de-provisioning of user accounts. Enable efficient deployment of new system-wide applications and services in a manner that provides ease of use for all constituents through use of standards and automation. Cost Containment Efficiently managing the growing number of users and network-accessible resources by streamlining and centralizing business processes in support of new users, end-user transfers/job changes, and user disablement. Reduce errors and the time required to manually administer user accounts and resources through automation of tasks. Security Effectiveness and IT Risk Improve security and support high levels of security and privacy appropriate to specific systems and services. Improve system audit ability and access management to ensure compliance with Federal, state, Department of Education and university regulations. Improve audit readiness via a central audit log of accounts and privileges, as well as reporting and auditing capabilities. Create effective monitoring and control over identity-related processes to ensure policies and practices are adhered to and security policies are consistently followed.
IAM Deployment Benefits Solid Identity Management infrastructure built on standards that can serve as the platform for supporting all future identity management services Automated provisioning and identity origination Clean identity data with processes in place to prevent re-corruption Elimination of the use of SSN as the primary unique identifier for all end users Enterprise-level auditing with ability to track events across the entire institution Drastic reduction of risk as it relates to provisioning users to new services and the protection of those services due to all provisioning and access control events being audited Drastic reduction of cost and overhead due to further automation of manual administration process and introduction of delegated administration models enterprise-wide Self-service services benefit the user by offering the ability to update information from a central location for use throughout the enterprise Reduction of costs associated with manual provisioning and manual data cleansing processes
Higher Education Banner Case Studies Yale University Oracle Identity Manager 300,000 Identities – Students, Faculty, Staff, Affiliates, Alumni SunGard Banner Student & Oracle eBusiness HR 15+ Resources Managed Lehigh University 25,000 Identities – Students, Faculty, Staff, Affiliates Replacement of current home grown system SunGard Banner HR & Student AD, LDAP, AFS, BlackBoard, Luminis Portal Wellesley College Oracle Identity Manager & Virtual Directory 10,000 Identities – Students, Faculty, Staff, Affiliates, Alumni AD & OID
Higher Ed IAM Clients
Questions Aaron Perry President Mobile 917.696.1450 Email aaron@aptecllc.com Web www.aptecllc.com