Access Management in Higher Ed: IAM vs. PAM vs. MFA


What Are SSO and Role-Based Access Control?

Single sign-on is an authentication process that allows a user to access multiple applications with one set of login credentials.

“SSO simplifies the user experience by reducing the number of logins required and enhances security by reducing the number of passwords users need to remember,” says Ted Kietzman, product marketing manager for Cisco’s Duo Security.

Role-based access control restricts system access to authorized users based on their role within an organization, Kietzman explains.

“Basically, your role designates what you can and can’t access,” he says.

How to Use IAM, MFA and PAM Together

The good news for higher education IT leaders, Traffanstedt says, is that these security controls are complementary practices.

“The best way to think about how they are implemented is from the perspective of what is valuable to your organization,” he adds.

That can be different for every university, but it typically includes protecting sensitive data and ensuring a frictionless experience for users.

“An effective identity security strategy starts with this and works outward to ensure that the right person has the right access at the right time,” Traffanstedt says.

RELATED: Are passkeys right for your university?

Implementing IAM, MFA and PAM in Modern Architectures

Efstathopoulos explains that modern systems have commoditized a lot of the IAM functions and capabilities, primarily as cloud services.

“The commoditization of IAM cloud services, toolkits and products enables organizations to design and implement a tailor-made system,” he says.

These include readily available components that have been designed to collaborate with one another and improve usability and security.

Kietzman says there are several benefits to moving IAM, MFA and PAM to a Software as a Service model, including reduction of management and maintenance costs, higher availability and scalability, and tooling that is updated consistently.

“However, making this choice and effort will depend on a given university’s IT stack,” he adds.

Future Trends in Identity and Access Management

Efstathopoulos says a key technological trend that will impact the future of IAM is the increasing use of AI and nonhuman agents in various industries, including higher education.

“Current systems in place are predominantly designed with the assumption that all agents involved are human,” he says, noting IAM mostly authenticates human identities.

“As the number of nonhuman agents involved in education and research increases, we would need to revisit and adjust the identification, authentication and access management strategies in order to integrate these new identities and address the additional security challenges that may arise,” Efstathopoulos says.

UP NEXT: How personhood credentials could impact higher education.

Source link

#Access #Management #Higher #IAM #PAM #MFA