University of Reading was using a combination of legacy and homegrown systems connected by scripts to provide students and almost 5,000 staff members access to systems and data. The legacy system was semi-automated and required a lot of manual effort to make changes to identity data and the result was that the data ended up in an inconsistent state. Four years ago, the University underwent an IT transformation and implemented a strategy for automating and streamlining processes across the university’s IT estate. Automating and updating their identity processes was a major component of this initiative. The University needed a modern, identity governance solution, supported by a dedicated team to replace their diverse legacy and homegrown processes.
IT Transformation Fuels Next Generation Identity Governance
Often change is met with reluctance, and there was a degree of caution in moving to new, automated approach. Due to this, Joy Charnley, Middleware Team Manager, and Anton Lawrence, Assistant Director, Operations & Development decided to deploy their next-generation identity program in a phased approach, taking their time to make the transitions as smooth as possible. As they began their journey, their overall goal was to reduce their reliance on outdated, legacy systems. Before they could transition anything, they knew they needed to take the time to improve the quality and accuracy of their data. Working with their HR and Student Records teams to improve the quality of their data enabled a smoother migration and improved the reliability of their processes.
When a student, staff or faculty enters the university, they are assigned a home group which designates entitlements for the user based on department and type of user (student, associate (guest) user, or staff). They are then provided access to file shares, websites and other tools that will aid in their experience at the university, on day one. The other side of this process includes removing access for staff and employees that leave the university. Access is now removed promptly on departure.
Charnley and Lawrence also prioritized a self-service environment to allow users to reset their own passwords. This provides an enhanced experience, while reducing the burden on IT to make these changes. This journey took them from a semi-manual world that included file checking to an automated, secure and scalable solution.
The Benefits of End-to-End Identity Governance
The University of Reading has now been a SailPoint customer for nearly four years. Prior to their automated identity journey, some types of accounts were slow to generate because there was a series of paper based approvals. With SailPoint, the approval process is automated, and once approved accounts are set up within 24 hours, compared to the four days it previously required. Before implementing SailPoint, user accounts were disabled on the first of the month. This meant someone could leave prior to that and maintain access to systems for several weeks. User accounts are now disabled immediately following termination, reducing the risk of someone gaining inappropriate access.
Charnley, who has been involved with user account access at the university for nearly 12 years has seen the dramatic transformation their identity program has undergone. “It’s been a journey, but a really satisfying one when you look at how far we’ve come,” she shared. “SailPoint was able to provide the best user interface available for our program. They have also been a fantastic partner that not only delivered the best solution, but also provided expertise for the deployment and ongoing training and support so our IT team could build the skills needed to manage it themselves,” Lawrence said.
“SailPoint has provided us with the support and solution that we needed. Their focus on identity gave us confidence that we were buying a solution that not only met our needs today – but would grow with us in the future.” Charnley explained.
The University staff have felt the biggest impact from the program thus far, by gaining a complete view of their department users and access. Charnley and Lawrence recommend other universities start their journey by cleansing their data and gaining buy-in from senior-level leadership prior to kicking off the program. Over communicating with the heads of schools so they are aware of changes, and workflows will help to set you up for success and remove potential delays.
Looking to the Future
University of Reading plans to continue improving their program by addressing recertification of access, as well as enhancing their role-based access program, both of which will further reduce security risk. With the introduction of the Global Data Protection Regulation (GDPR), they also have a keen interest in reducing data, understanding who is responsible for managing and maintaining data, and who is accessing it. Lawrence stated, “This program has brought us into the 21st century, and we look forward to further innovating it.”