Modernizes Secure Access

After twenty-years it was time for the University of California San Francisco (UCSF) to strengthen security and empower greater access to knowledge by modernizing a decades-old identity system. How would UCSF replace a legacy identity system so deeply entangled with core business processes to prepare for the future?

THE CHALLENGE

UCSF is not one but two top down organizations. Both a university, with an array of education requirements, and a hospital, with its own interlaced medical teaching needs, population is broad. Like many universities, UCSF’s changing population required massive on-boarding and deactivations when classes began and ended, placing huge strain on staff.

Multiple data sources combined with loose affiliations for members including students, teachers, staff, residents, nurses, doctors, researchers, guests, volunteers and contractors made the quality of the data unreliable.

Distance learning introduced added risk. Bad actor logins plus access challenges like firewall issues in China or students in Africa connecting mainly from smartphones with slow and spotty connectivity was a concern.

Across all applications and services, UCSF needed one data source to automate provisioning, synchronize systems of record, and streamline appropriate access through the identity lifecycle with a highly secure yet publicly accessible identity solution.

THE SOLUTION

UCSF prioritized must-have features including password management, good connectors including one for Active Directory, group management, identity lifecycle, access management, and governance. Kevin Dale, Senior Manager, Identity and Access Management, University of California San Francisco, brought the project from concept to completion.

UCSF chose Hitachi ID as the best solution to modernize its identity access management and provide increased security access from anywhere. They found Hitachi ID offered the reliability, technology, extensive expertise and professional services it needed to locally deploy at a cost that met their requirements.

"Beyond a magic quadrant, an analyst like Gartner can offer in-depth insight on solutions to meet your strategic goals," says Dale. "Prior to sending out a request for proposal, cast a wide net and talk to many vendors."

Dale advises to prioritize features and technology then eliminate vendors who don’t fit your needs. Get demonstrations and talk with peers and reference clients to help validate your decision. Finally move ahead with a proof of concept to determine how the short-listed solution works for you.

"Fixing the scope and price is the only way to avoid a multi-year, multi-million-dollar white elephant project," said Dale. "Getting an accurate scope takes time and effort to capture but failing to define it will result in a project you may think is agile but really is just ruinously expensive and lengthy."

An experienced partner will help develop an efficient deployment and test plan that’s tried and true.

THE OUTCOME

With one identity system to rule them all, UCSF leveraged faster near-time processing and simplified integrations through an ecosystem of over one hundred connectors. Automation saved noteable time and effort onboarding and deactivating, and enabled appropriate access based on birthrights, roles, workflows and notifications. The team strengthened security through enhanced access control with attestation, self service requests, credential management, delegated administration and approvals. Easier support, upgrades and enhancements put UCSF in control of identity access to empower teaching and learning.

Nine departments worked to promote adoption across the campus. Spearheaded by the IT team, stakeholders worked in business and governance groups. They outlined concrete deliverables including replacing the mainframe, introducing the Hitachi ID solution, production deployment, automating and standardizing provisioning and deactivations, federation via Shibboleth and multi-factor authentication. The stakeholders frequently communicated prioritized outcomes linked to timelines to help foster partnerships with staff. They trained everyone on how to use the new Hitachi ID solution and augmented skills as needed.

"It’s a long term investment and you have to think about the future," says Dale. "With Hitachi ID as our identity provider, we significantly improved our flexibility, efficiency and governance. Our security strategy now matches our culture of innovation and excellence."

With a modern Hitachi ID identity solution, UCSF simplified and improved data protection and access while reducing security risk. Improved control has better positioned UCSF to provide access for its members today and ever growing population into the future.

Hitachi ID at a Glance

Hitachi ID is the only industry leader delivering identity and privileged access management across a single platform to ease implementation as your IAM and PAM roadmaps evolve.