Is Higher Education Doing Enough with Identity?

Higher education is the third most likely source of a data breach, trailing behind only the healthcare and financial sectors. It’s why industry IT professionals have again named cybersecurity their top concern for the third consecutive year, according to Educause. The challenge for educational institutions is to not only meet the changing threat landscape, it is also to juxtapose the need for security against the seemingly competing priority of maintaining an open collaborative culture to optimize access workflows.

This can be extremely difficult but not impossible. Properly applied, identity governance solutions securely govern user access to applications and files, whether on-premises or in the cloud. Moreover, educational institutions can achieve this while enhancing the user access experience by streamlining and automating critical processes. Unfortunately, many colleges and universities are underutilizing identity—thus leaving security and compliance gaps and under-delivering on user access experience.

In a new report based on survey data provided by higher-education research firm The Tambellini Group, we learn how educational institutions are leveraging identity and the effects of underutilizing this technology.

For instance, while 88% of survey respondents recognized identity as a cybersecurity function, the application of the technology by educational institutions appears rudimentary. Many are only leveraging this technology for single-sign-on and authentication. Critical functionalities of identity such as provisioning and access reviews are all underutilized according to this report. This is a significant matter because it suggests that many institutions are applying manual processes for provisioning to thousands of students or for ensuring appropriate access rights. Thus, when it comes to managing identities and their entitlements, the data indicates that colleges and universities are operating with unnecessary inefficiencies that burden IT departments and create less-than-optimal user access experience. Furthermore, they employ processes that are more prone to security and compliance risks.

The research also indicates that in many instances, there is minimal board and senior management involvement with cybersecurity matters. And while higher education IT professionals deem cybersecurity a top priority, the majority are spending only a fraction of their IT budget on cybersecurity, much less identity, to protect their data. This may, of course, contribute to why identity is underutilized in higher education.

Given that educational institutions are continuously on-boarding and operating numerous applications, and governing thousands of users (students, faculty, non-faculty staff, etc.), it is imperative that these critical gaps are addressed to protect sensitive information stored in systems, applications, and file storage folders.

To capture more insights from this study, download The Effects of Underutilizing Identity in Higher Education.