EDUCAUSE Annual Conference Universities and Colleges in Need of Self-Service Security

EDUCAUSE Annual Conference Universities and Colleges in Need of Self-Service Security

EDUCAUSE Annual Conference self-service password management security

At this year’s EDUCAUSE Annual Conference approaches, information security is principal. At universities and local community colleges, ensuring student privacy is so paramount. It is now included in many institutions’ value pitch. They should. According to the 2014 Identity Theft Resource Center Breach Report, Education made up 15% of all data breaches. At the same time, colleges and universities represent the most identities. Last year breaches totaled over a million identities at just six schools. Just as alarming, the list includes an aggregation of colleges and universities. From top in academics to largest and remote, student information was breached. Compromises included systems at Harvard, Butler, North Dakota University, Indiana, and Maryland.

Password management automation represents the quickest return on an IT security investment. Password management with self-service password reset gives schools an immediate advantage in preventing many security issues. A password manager unifies disparate campus systems under a strong password policy. From faculty and staff to students, parents and alumni, users most login. For this reason, EDUCAUSE sees identity management as a top security control.

Verifying system users is as important as extensive security logs. Enforcing strong passwords is equally as critical as intrusion detection. When student or administrator accounts are spoofed, exposure ripples through an institution. Across the Internet, students come to school with more passwords than ever. On the web and mobile, passwords are everywhere. For students, news, email, e-commerce, banks and social media all require passwords. Unfortunately, students cope by reusing the same password as frequently as possible. The danger is once a password is learned it’s immediately tried elsewhere. Passwords are stolen from one source to compromise systems containing sensitive data.

Strong Passwords and Password Policy Enforcement

To protect against password reuse, must begin by strengthening user passwords. Strong passwords that expire represent a first step in boosting security. In terms of an institution’s security needs, expiring passwords eliminates password reuse. However, securing a university’s systems requires authentication in addition to strong passwords.

For starters, rather than investing in technology begin with your business priorities. As part of the process, identify the systems needed to prevent breaches. This allows you to identify your user needs, funding, and priorities. This approach leads you to your system and software access management requirements. Although necessary for applying security, the process produces additional compliance review benefits. For federal mandates like the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS), you simplify reporting. Access management also allows for immediately decommissioning access.

Access management systems work behind the scenes. They cut down on the number of passwords users need to remember. They remove users who should not be in the system. Access management systems help assign access levels and automatically deprovision terminated accounts. This is particularly important, because schools experience 25% user turn over annually.

Self-Service Security Controls

Often users fail to create and protect strong passwords. The cause often stems from the frustration of having too many passwords. For full adoption, a password management system needs to impose a minimal burden on users. This applies to creating, resetting, unlocking and synchronizing passwords. The strongest password manager cannot improve security when no one uses it.

Colleges are challenged to support account password changes without adding resources. By requiring regular password changes, users need options. These options must be provided without increasing costs. They should also offer capabilities for adding access management and authentication, controls. Once deployed, a college or university can build upon their password management solution. By taking this approach, schools can immediately lower their exposure. At the same time, they establish a foundation to further prevent risks.

Top 10 Password Management Best Practices -- The proven working guide for successful implementation.Get Your Free Top 10 Password Management Best Practices Guide

Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.

Request the Workbook

Written by Trevor Harp

Trevor Harp, currently serves as the Director of Customer Success at Avatier, an enterprise identity management and IT security company. In his role, Trevor ensures breakthrough experiences for new customers and continuous improvement for existing ones. Trevor is a top-performing sales management professional with over 17 years' experience in direct B2B and OEM enterprise software and technology sales and national account management. Previously, Trevor served as Global Business Development Director at Keyence, a leading factory automation equipment manufacturer, where he was responsible for global business development efforts with multi-national customers and emerging international markets.