Overview
ProofID is a specialist provider of fully managed identity management solutions. It has unrivaled depth of experience in delivering identity management solutions across multiple industries and sectors, with major clients across the UK, Ireland and Asia. One of its major focus areas is academia as universities present a uniquely challenging environment for identity management.
Challenge
Universities typically manage extremely large user bases (up to 50,000 students, sometimes higher if there is a requirement for ongoing management of alumni) with a high user churn rate.
The modern process of learning and teaching makes heavy use of technology, so multiple applications, often with different integration points, require automatic provisioning of staff and student users.
Universities typically run a heterogeneous operating environment, supporting most operating systems, devices, and applications. Any identity management platform must be able to interoperate with a wide variety of technologies and platforms, both on-premise and increasingly for hosted/SaaS applications.
IT is expected to support differentiation in the student experience, for instance through an effective BYOD strategy, increased use of cloud applications and ensuring that login to multiple systems is seamless.
Tom Eggleston, Managing Director at ProofID, comments: “Universities face unique identity management challenges, with highly complex and diverse operating environments combined with extremely high user churn rates.”
Solution
It is essential that universities develop an identity management strategy and enterprise architecture that will provide a complete solution in a secure and convenient manner.
With wide experience across multiple identity management vendors, ProofID recommends NetIQ Identity Manager. Identity Manager provides features such as rule-based automated user provisioning, password management and basic self-service, current state reporting, role-based enterprise-level provisioning, automated approval workflows for business policy enforcement, robust user application for advanced self-service, connected systems reporting and Role Mapping Administrator.
NetIQ Identity Manager often works in conjunction with ProofID’s user lifecycle management system, ARMS. Widely deployed in UK higher education institutions, ARMS provides end-toend user lifecycle management, including delegated approval workflows, for external users.
Eggleston comments: “With its highly scalable, event-driven architecture and unrivaled integration features, NetIQ Identity Manager has long been proven to be the best-of-breed technology for modern universities, and was therefore the ideal choice for us. It is also recognized as a leader by major analyst firms including Forrester and Gartner.”
Results
There are significant benefits for universities using identity management technology to capture and model the user lifecycle, ranging from enhanced security and compliance, the automated ID provisioning and de-provisioning, and improved student engagement and retention.
Heriot-Watt University is a great example. Identity Manager is used to automatically create and remove IDs for its 20,000 students and 2,000 university staff. For the 2,000 staff members in particular, Identity Manager has revolutionized the provisioning process. Whereas the previous manual paper process would take a minimum of 24 hours to activate a new account, the NetIQ system is integrated into the University’s HR system, giving immediate and automated feedback and account activation. When a new staff member starts, everything is ready for them with all communication between the system and the line manager automatically generated. Closing down user accounts is also easier as the HR system notifies Identity Manager of the end-date and so de-provisioning takes place automatically.
Queen’s University Belfast is another satisfied client. Identity Manager synchronizes user records and passwords from the authoritative source systems, HR system and student information systems, into core business applications including Microsoft Active Directory and Exchange. The system is configured to modify users’ access privileges and group assignments based on their role during their association with the university, and to automatically de-provision user accounts when they leave. The identity management system is a vital element of the university’s enterprise IT infrastructure, providing both significant efficiencies through automation and enhanced security and compliance.
Eggleston concludes: “One of the reasons we value our partnership with NetIQ so much is that the quality of the software speaks for itself; we can recommend it to our customers with absolute certainty that it will get the job done and deliver the benefits our customers need.
“Consumers and retailers will adopt multifactor authentication mechanisms as long as they do not unnecessarily encumber the purchasing process or if they are applied evenly across the entire sector. Building on this collaboration with the business community and vendors of cybersecurity solutions, the NCCoE will explore methods to effectively identify and authenticate purchasers during e-commerce transactions and develop an example solution composed of open-source and commercially available components.”
Reaffirming the importance of creating a process which accommodates a simple customer journey, the NCCoE understands that retailers will be reluctant to employ any anti-fraud measures which may potentially deter customers from using their online services. The increased security and improved identity management process must not compromise the e-commerce experience, with all online retailers unwilling to jeopardise their stake in the $400bn industry.
The end goal of the project is to produce an NIST (National Institute of Standards and Technology) Cybersecurity Practice Guide for all e-commerce retailers, detailing the steps to securely and accurately identify and authenticate online purchasers. It will then be the decision of stakeholders how to implement the steps and suggestions, aligning them within the structure of the e-commerce site’s existing customer journey and retail portal.
A secondary purpose of the practice guide is to demonstrate the existence of current multi-factor authentication technologies and products which effectively manage identity authentication.