1 / 18

Campus Security and Identity Management in a Banner World

Campus Security and Identity Management in a Banner World. Aaron Perry November 23, 2009. Agenda. What is Identity Management? What we typically see in Higher Education institutions Challenges faced by Higher Education Institutions IAM Business Drivers & Benefits

taji
Download Presentation

Campus Security and Identity Management in a Banner World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Campus Security and Identity Management in a Banner World Aaron Perry November 23, 2009

  2. Agenda • What is Identity Management? • What we typically see in Higher Education institutions • Challenges faced by Higher Education Institutions • IAM Business Drivers & Benefits • Higher Education IAM Architecture • Banner IdM Case Studies • Q&A

  3. Setting the Stage… • What is Identity Management? • A set of processes and a supporting infrastructure for the creation, maintenance, and use of digital identity • - 80% process • - 20% supporting infrastructure • Keys to successful implementation… • Support and involvement at all levels (Provost, Registrar, Dean, CIO, Process Owners, System Administrators, etc.) • Governance and the authority to enact decisions • Identification and Management of “Sources of Truth”

  4. IAM Solutions Address Top Issues faced by Higher Education Institutions • IAM can improve security, reduce costs, and protect privacy • Security breaches / business disruptions • Operating costs / budgets • Data protection / privacy • Large and growing number of Institutions have experienced IT Security “Breaches” in last 12 months. • Unauthorized access to sensitive institutional data • Research database hacked • Breaches of Student & Faculty SSN’s • Breaches of PII Information

  5. More breaches than ever… 630% Increase Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES Total Personally Identifying Information Records Exposed (Millions) Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach Source: DataLossDB, Ponemon Institute, 2009

  6. More threats than ever… 70% attacks originate inside the firewall 90% attacks perpetrated by employees with privileged access

  7. Q & A To what extent is your institution considering or implementing an identity and access management solution? • Not considering • Currently evaluating • Planned, but won’t start within the next 12 months • Plan to start within the next 12 months • Implementation is in progress • Partially operational • Fully operational

  8. 2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Strategic Importance • Security (2) • Administrative/ERP/information systems (3) • Funding IT (1) • Infrastructure (7) • Identity/access management (4) • Disaster recovery/business continuity (5) 2007 ranking in parentheses

  9. 2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Potential to Become More Significant • Identity/access management (2) • Security (1) • Funding IT (3) • Disaster recovery/business continuity (4) • Administrative/ERP/information systems (5) • Infrastructure (8) 2007 ranking in parentheses

  10. What we typically see at Higher Education Institutions

  11. Challenges and Issues Typical HE Challenges and Issues • Supportability • Administration performed both centrally and locally • Manual, paper-driven processes work, but lack audit ability • IT staff is stretched, especially as new projects are defined and started • Infrastructure support team has a wide range of responsibility with limited means • Data • No single view of identity data across applications • Inconsistent user identity data • Multiple repositories of user identity data • Lack of defined standards for user attributes • Many identity owners & sources • Growth • Use of web-based applications continues to grow • Increasing demands for new services • Need to support within current spending levels • Affiliate community is always growing • Institutional Culture • Priorities may vary on a per school or campus basis • Varied and complex user populations • Many institutions “bend over backwards” to provide the highest levels of service to their students 11

  12. Typical Higher Education Reference Architecture – General View

  13. Banner OIM Reference Architecture

  14. IAM Business Drivers • Business Facilitation • Improve productivity through streamlined, automated processes and efficient provisioning and de-provisioning of user accounts. • Enable efficient deployment of new system-wide applications and services in a manner that provides ease of use for all constituents through use of standards and automation. • Cost Containment • Efficiently managing the growing number of users and network-accessible resources by streamlining and centralizing business processes in support of new users, end-user transfers/job changes, and user disablement. • Reduce errors and the time required to manually administer user accounts and resources through automation of tasks. • Security Effectiveness and IT Risk • Improve security and support high levels of security and privacy appropriate to specific systems and services. • Improve system audit ability and access management to ensure compliance with Federal, state, Department of Education and university regulations. • Improve audit readiness via a central audit log of accounts and privileges, as well as reporting and auditing capabilities. • Create effective monitoring and control over identity-related processes to ensure policies and practices are adhered to and security policies are consistently followed.

  15. IAM Deployment Benefits • Solid Identity Management infrastructure built on standards that can serve as the platform for supporting all future identity management services • Automated provisioning and identity origination • Clean identity data with processes in place to prevent re-corruption • Elimination of the use of SSN as the primary unique identifier for all end users • Enterprise-level auditing with ability to track events across the entire institution • Drastic reduction of risk as it relates to provisioning users to new services and the protection of those services due to all provisioning and access control events being audited • Drastic reduction of cost and overhead due to further automation of manual administration process and introduction of delegated administration models enterprise-wide • Self-service services benefit the user by offering the ability to update information from a central location for use throughout the enterprise • Reduction of costs associated with manual provisioning and manual data cleansing processes

  16. Higher Education Banner Case Studies • Yale University • Oracle Identity Manager • 300,000 Identities – Students, Faculty, Staff, Affiliates, Alumni • SunGard Banner Student & Oracle eBusiness HR • 15+ Resources Managed • Lehigh University • Oracle Identity Manager • 25,000 Identities – Students, Faculty, Staff, Affiliates • Replacement of current home grown system • SunGard Banner HR & Student • AD, LDAP, AFS, BlackBoard, Luminis Portal • Wellesley College • Oracle Identity Manager & Virtual Directory • 10,000 Identities – Students, Faculty, Staff, Affiliates, Alumni • SunGard Banner HR & Student • AD & OID

  17. Higher Ed IAM Clients

  18. Questions Aaron Perry President Mobile 917.696.1450 Email aaron@aptecllc.com Web www.aptecllc.com

More Related