The Top Three Reasons Organizations Aren’t Stepping Up Their PAM Solutions

  March 4th, 2021
Written by:

Many organizations are stuck between two unfortunate truths with their privileged access management (PAM) program. According to a recent poll of more than 150 IT professionals by Enterprise Management Associates (EMA), which was sponsored by Hitachi ID, nearly 90% of respondents experienced a privileged access policy violation in the last year, yet almost none of them are confident their PAM solutions will prevent privileged access security breaches. It is clear that currently adopted PAM processes are, in the majority of cases, insufficient to provide the level of protection they were introduced to achieve. 

That’s a real problem, especially as more organizations turn to a Zero Trust model, but the solution seems clear: organizations need new PAM approaches and solutions to meet their security goals and inspire confidence as cyber threats become more prevalent. Despite this, the poll also found many organizations seem content to continue utilizing inadequate PAM solution configurations, as evidenced by the high overall satisfaction rates. 

This begs the question: Why?

The reasons holding companies back from stronger, more resilient, scalable PAM solutions are many, but most fall into one of three distinct categories: 

Overly Centralized PAM Deployments

Traditional PAM deployments are predicated on centralized administration and configuration which is time consuming, resource intensive and oftentimes crippling to a project as IT is not empowered to make credential management decisions on behalf of business stakeholders/users. PAM user communities within the business are accustomed to having free reign with their privileged/elevated access and are not inclined to hand such over to IT overnight. This leads to political in-fighting around how credentials will be managed and ultimately the stalling out of PAM programs and momentum to where customers can end up with a glorified static spreadsheet of passwords behind a nicer user interface. 

Partnering with a PAM solution provider that can decentralize the credential lifecycle management processes and permissioning in order to enable business units and program stakeholders to take full ownership of their credentials should be the goal. This approach empowers users, reduces friction between IT/audit and business users all the while ensuring corporate security policy and standards are met and maintained. Furthermore, a provider that can deliver such in a standardized, pre-configured pattern that accelerates tedious and time-consuming delivery processes (implementation, migration, integration training, etc.) needs to be a key consideration when selecting a new solution. 

PAM Management Challenges 

Once organizations get past the challenges of getting the technology up and running, there’s the day-to-day use and expansion to consider. Customers can reduce program risk by measuring their use and system expansion carefully early on, ie. addressing key business systems and or user communities first and expanding from there. This approach demonstrates quick wins and early returns from a security/risk reduction perspective and allows you to maintain strong executive sponsorship to build further. 

The system also needs to be flexible with respect to accommodating differing user populations and their preferred tools when connecting to downstream systems with admin credentials. Users are fickle and will want to leverage their existing tools/clients rather than change their ways, so ensuring that the brokering/disclosure of privileged access works in-line with how users operate today is imperative for customer satisfaction and adoption.

Like any other new system or application, it’s crucial that your PAM system integrate seamlessly with existing identity lifecycle and governance processes. As privileged/admin user types come and go, so should their rights and permissions within a PAM system, especially so for your supply chain actors. Many user lifecycle and governance challenges within your PAM program can be avoided with strong integration into your existing identity management system, something Hitachi ID is uniquely positioned to deliver in one integrated platform with Bravura Identity and Bravura Privilege under the broader Hitachi ID Bravura Security Fabric. 

Competing Security Budget Priorities

Even before the impact of 2020, finding a budget for security and privilege programs has long been a challenge for IT teams. Organizations often prioritize funds for alternative methods of security management, such as security information and event management (SIEM) and threat detection systems. The problem is many of these solutions can’t prevent lateral movement if/when an attacker has breached your network the way that a strong PAM program can. 

In addition, organizations that have the advantage of an enterprise-class PAM solution will realize reductions in operational risk and therefore better insulate themselves from a data breach which are costing organizations $4 million on average according to industry analysts. 

Stop System Vulnerabilities Before They Start

The most effective approach to any enterprise security strategy is to prioritize solutions that address the organization’s greatest vulnerabilities first. The distribution of privileged access accounts needs to be towards the top of that list. With the right PAM solution in place, businesses can take the important step from reacting to systemic privileged policy breaches to proactively preventing them. 

As the privileged access domain evolves and grows ever closer to identity governance and administration in terms of integration and processes alignment, organizations are starting to pursue zero standing privilege models as their baseline on the journey to a Zero Trust Architecture. As a result customer requirements now include privileged account lifecycle management to better support just-in-time admin/privileged access and reduce trust.
For more information on PAM best practices and key takeaways from EMA’s report, listen on in this on-demand webinar “Modern Requirements and Solutions for Privileged Access Management (PAM).” You can also access the full report here: Advancing Privileged Access Management (PAM) to Address Modern Business Requirements.

A Winning Security Formula: Hitachi ID Bravura Discover and Automation

  February 23rd, 2021
Written by:

On average, it takes 280 days to identify and contain a data breach, according to the latest data from IBM’s “Cost of a Data Breach Report 2020.” Add the increase in malicious attacks, which now account for more than half of data breaches, plus the impact of a mostly remote workforce and it’s a recipe for a potential identity and access management (IAM) disaster. With the global average total cost of a data breach now coming in at just under $4 million, companies literally can’t afford not to modernize & evolve their access management programs.

Now, here’s the good news: security automation solutions are already responding to this problem by using AI (artificial intelligence) and ML (machine learning) to get ahead of vulnerabilities and avoid catastrophic breaches. In fact, by 2022, Gartner predicts 50% of identity governance and admin (IGA) vendors will offer predictive technologies. That’s up from less than 15% today. 

With so much at risk, organizations need a reliable solution that works for IT teams and end-users. Businesses are already avoiding and eliminating data breaches with Hitachi ID Bravura Discover, an automation first approach to identity and access. As an integral layer of the Hitachi ID Bravura Security Fabric, Hitachi ID Bravura Discover provides powerful risk and threat assessment that goes beyond surface vulnerabilities to help businesses get and stay ahead of cybersecurity threats with an arsenal of critical capabilities.

Complete Risk and Threat Assessment

To prevent system breaches, organizations need a deep & wide reaching solution. Hitachi ID Bravura Discover scans systems at-scale to discover accounts, groups, nested entitlements, and metadata beyond Windows and Linux to uncover critical and hidden vulnerabilities.

Hitachi ID Bravura Discover’s capabilities ensure security is an ongoing process that begins with identifying access risk & potential vulnerabilities. From the right business stakeholders can make informed decisions on how to modify impacted identity and access processes and remediate the discovered risks. It’s imperative that the output of Hitachi ID Bravura Discover feeds into identity process automation change or the detected risks will simply surface again as a result of bad business processes going unaddressed.

Proactive IAM and PAM Governance Reduces Risk

As ransomware attacks continue to increase, controlling who has access to critical systems and networks is a top priority for all businesses. With the most comprehensive and  in-depth risk and threat assessment, complete with resolution recommendations, Hitachi ID Bravura Discover quickly reveals identity and privileged access risks and threats. 

Its data- and metrics-driven ecosystem gives businesses proactive control with recommended automation driven fixes to solve security vulnerabilities quickly. By closing the loop between detection & automated remediation, organizations are able to respond quicker and keep systems secure.

Secure Automation That Scales

To achieve ongoing cybersecurity success, it’s crucial organizations have a solution that can easily grow with them. Hitachi ID Bravura Discover’s mature connector library simplifies scaling, allowing businesses to quickly protect and confidently expand coverage to tens of thousands of systems. When you couple Hitachi ID Bravura Discover with Hitachi ID Bravura Identity and/or Bravura Privilege to turn actionable insights into automated remediation & mitigation, you can begin to level the playing field against evasive attackers.

A Step Ahead With One Simple Solution

The ultimate goal is to provide end users seamless access to the data and resources they need without exposing the business to vulnerabilities. To achieve this, organizations need a cohesive access management ecosystem that truly covers every piece of their hybrid IT environment. The integrated Hitachi ID Bravura Security Fabric provides this required depth & reach, so no layer needs to be left unprotected.

As part of the Hitachi ID Bravura Security Fabric, Hitachi ID Bravura Discover, along with Identity, Privilege, Pass, and Group offer technological and architectural building blocks with decades of reliability to protect, manage, and protect your entire digital identity and access infrastructure from malicious attackers.

You can learn more about Hitachi ID Bravura Discover and how organizations can get ahead of hackers with automation in our recent webinar, now available on demand: A Winning Cybersecurity Formula to Reduce Risk

Managing Privileged Access on Endpoint Devices in a Zero Trust Paradigm

  February 9th, 2021
Written by:

The current approaches to privileged access management are no longer enough to protect evolving IT environments in the face of ever-changing mounting cybersecurity threats. Networks have become a dynamic landscape, and the traditional methods that focus on keeping attackers out of the network are no longer enough because they are just as susceptible to users and devices inside. Closed environments and traditional perimeter-based security lacks the finesse and control needed to restrict breaches and attacks from within. IT leadership needs to take a more evolved and comprehensive approach to secure access across applications and environments.

Many organizations have moved to zero trust models to combat open and vulnerable architectures. In short, a zero trust approach trusts no one and assumes the network is vulnerable. It challenges the user or device to prove that they are not attackers. This shift demonstrates the need for many organizations to rethink their conventional techniques to address changing network environments. Moreover, IT decision-makers should also reexamine the very composition of the systems they’re protecting.

Reevaluating Established PAM Security Modes

While much of the focus of PAM solutions has pointed towards protecting cloud and on-premise server hosting environments, it’s clear from this evolving network landscape that there are genuinely no “closed” systems. Therefore, IT decision-makers shouldn’t overlook impacts to the end user (i.e., laptops and mobile devices) because organizations that grant users privileged access to their endpoint devices expose system infrastructures to elevated security risks.

On their own, techniques such as enforcing the use of strong passwords and periodic password resets have proven to be woefully inadequate in traditional systems that don’t account for compromised users already present within the network. In fact, according to a recent poll from Enterprise Management Associates (EMA), which was sponsored by Hitachi ID, businesses that allow users to retain local administrator rights were 34% more likely to report incidents of compromised privileged account credentials. In addition, end-user device performance impacted by inappropriate privileged activity was reported twice as frequently by organizations that allow privileged device users than those that limit this access to qualified administrators.

Furthermore, even though many organizations grant end-users privileged access to reduce the day-to-day management burden on IT administrators, they often achieve the opposite outcome. One-third of surveyed organizations that allow end-users privileged access to their workstations report overall PAM processes are somewhat or very difficult to manage. Only 21% of businesses that restrict non-administrator privilege access to endpoint devices noted the same. This demonstrates more granular PAM policy enforcement requirements, such as limiting privileged access times and types, are simplified demonstrably by reducing the number of privileged users.

Managing Privileged Access On Endpoint Devices Matters

What does that mean to the management of privileged access on endpoint devices? The crucial takeaway from these findings is that modern businesses needing to grant local administrator rights to end users should adopt a PAM-specific platform that builds upon a zero trust framework. They should define and enforce policies that support “least privilege” requirements on endpoint devices, allowing access on as required basis, and the system must evaluate and establish trust in the user before granting access.

If your IT leadership is looking to implement a dynamic and capable zero trust model, Hitachi ID Bravura Privilege is a reference level solution that can revolutionize your digital identity program by leveraging the principles of least privilege. This dynamic and strictly enforced end-user authentication is the basis of zero-trust architecture that can effectively assess threats and adapt to open, changing network infrastructures and reduce management efforts while boosting security capability.

A Holistic Review

Whether your organization is considering an overhaul to its entire system or just reevaluating the management of endpoint devices within an existing PAM system, it’s clear best practices encourage moving away from perimeter based to zero trust security models. As the networks they are hoping to protect become less closed and endpoint devices become risks within the perimeter of security networks, IT leaders should look inward to protect the integrity of system infrastructures.

For more information on PAM best practices and key takeaways from EMA, you can access the full report here: Advancing Privileged Access Management (PAM) to Address Modern Business Requirements.

How a U.S. University Empowered Students and Boosted Security With Stronger Password Management

  February 4th, 2021
Written by:

The beginning of each semester at a large university in the midwest of the United States was a nightmarish experience for the IT help desk staff. (Due to our customer’s policy, Hitachi ID is unable to disclose the university’s name.) Countless requests would come pouring in from students and staff who had forgotten their passwords over the summer, inundating the support team.

Making matters worse, the password problems were piled on top of the workload of creating thousands of accounts for new students. With pressure to reduce call volume to the campus help desk and decrease problem resolution time, the school set out to find a platform that could help them quickly overcome these challenges.

The solution? Hitachi ID Bravura Pass provided precisely what this university needed to break free from their password management woes.

Empower Users and Unburden Staff With Self-Service Solutions

On the user experience end of these difficulties, students and faculty were frustrated by long delays to resolve password problems. As a workaround, many resorted to choosing trivial passwords that were easy to remember — and easy to crack. To eliminate this potential system vulnerability, the school needed a platform that would allow users to solve their own password reset problems without calling the help desk.

With Hitachi ID Bravura Pass, users who forget their passwords are now able to authenticate themselves by answering personal questions or using a hardware token and can then reset their own credentials. Remaining password-related help desk calls are resolved using a Hitachi ID Bravura Pass help desk interface, cutting resolution time to about one minute. In addition analysts do not require admin rights themselves on the connected systems they are resetting passwords.

Tighten Security Practices

Although self-service shortened support wait times, it didn’t eliminate the university’s need for stronger passwords among users. Without stricter guidelines for password selection, the school was still at risk for common password vulnerabilities. By introducing Hitachi ID Bravura Pass and its federated single sign-on, the school quickly reduced the frequency of login prompts and most importantly, enforced a strong password policy to strengthen security all around.

Keep Solutions Synchronized, Simple, and Intuitive

Before the implementation of Hitachi ID Bravura Pass, one of the key contributors to password problems was the sheer volume of passwords users had to keep track of. Synchronizing passwords would not only secure the system, it would eliminate a serious point of frustration for end users.

When students or staff change their password, Hitachi ID Bravura Pass automatically updates it on every system where they have a login ID. This allows users to remember and regularly change one strong password, rather than an assortment of static and easily guessed passwords.

Leave Room to Grow

Since implementing Hitachi ID Bravura Pass, the university has seen a substantial reduction in calls to the help desk, stronger security, and an incredible increase in student, faculty, and staff satisfaction. Hitachi ID Bravura Pass successfully reduced the burden on the IT team and the frustration of users while improving security and lowering IT support costs.

When the university’s security needs expand beyond passwords, they’ll be able to easily implement other solutions within the Hitachi ID Bravura Security Fabric. This flexible, scalable cybersecurity architecture includes Hitachi ID Bravura Identity for identity and access management (IAM) and Hitachi ID Bravura Privilege for privileged access management (PAM) and more.

Hitachi ID is the only industry leader delivering identity, privileged access and end user password management across a single platform to ease implementation as your cybersecurity needs change. You can learn more about this university’s password challenges and the solutions Hitachi ID implemented to overcome them here: University Case Study

Start Your PAM Deployment Off on the Right Foot: Spotlight These 7 Benefits

  February 2nd, 2021
Written by:

Setting yourself up for success with an upcoming privilege access management (PAM) system requires finesse. Within any organization, many system administrators might be uncomfortable with the idea of a PAM system; they may be accustomed to unrestrained administrator-level credentials. At the same time, other IT decision-makers may have concerns about the system and network-wide changes digital transformation can bring to a familiar and well understood legacy system.

The latest data supports the shift: According to a recent study from industry leading analyst firm EMA, businesses that lacked automation capabilities for auditing privileged access were seven times more likely to experience a privileged access policy violation than organizations with that capability. And one out of five businesses suffering a policy breach experienced severe impacts on overall business performance, including a direct loss of revenue, a loss of customers, or damage to its reputation.

Statistics, however, can feel intangible. Before you launch a PAM solution such as Hitachi ID Bravura Privilege, you can set yourself up for success by evangelizing a list of benefits that is comprehensive and actionable. Focus on the following with the IT decision-makers at your organization to build the foundation for a successful PAM deployment:

1. Single Sign-on

The first aspect to highlight with your IT leadership is the simplified management of administrative passwords. Whereas legacy solutions require manual control, a PAM implementation supports single sign-on, enabling authorized users to log in to the requested portal once and then launch multiple login sessions to various systems and administrative accounts throughout the day.

2. Shareable Accounts

Network decision-makers appreciate PAM solutions because administrators can define and share account sets (collections of accounts frequently checked out together). Furthermore, this capability replaces awkward administrative logins and the need for personal administrative accounts.

3. Temporary Privilege Elevation

Instead of creating an abundance of high-level accounts, a PAM system elevates a user’s privileges. It adds them to a security group only for the duration of check-out and time required to complete a task. This capability is also a great way to limit privileged access to those who need it.

4. Plausible Deniability

In the case of a system outage or discovery of a problem, individual administrators who could have caused the issue can rely on the PAM system for accountability. They can demonstrate they were not at fault since they weren’t signed in at the time that the issue occurred.

5. Simplified Troubleshooting

With this PAM-empowered accountability in place, authorized users can match the introduction of a problem to a system with administrative access to the network(s). This ability narrows the list of suspects who might have made the configuration changes that caused the problem. You can start here when you begin to ask questions and seek to remedy the situation.

6. Knowledge Sharing

Whenever an IT user performs an incredibly complex task, they can record the session. This recording can later be shared as an inexpensive-to-produce “how-to” video, proving that session monitoring lends itself to more than just forensic audits, demonstrating additional value.

7. Streamlined Collaboration

Finally, when administrative access is gated through a PAM solution, authorized users can view who has access to the system(s), is currently connected, and who was connected recently. This awareness dramatically simplifies coordination changes to the structure of the solution. Additionally, it helps avoid situations where two people are working on the same system, making overlapping changes that interfere with one another, and circumvents duplicative work.

Leveraging these seven benefits across your organization is only the beginning of your PAM deployment strategy. Learn more by downloading our ebook: Deploying a Privileged Access System: 9 Actionable Strategies to Ensure Success.

Why Higher Education IAM Needs Zero Trust

  January 28th, 2021
Written by:

Even though the Zero Trust model has been around for more than a decade, the term can still confound and even put off some technology teams. However, higher education’s emphasis on identity and access management (IAM) paired with the Zero Trust model’s strict controls are an ideal match for higher education.

In fact, it’s nearly impossible to build a true Zero Trust environment without a strong IAM strategy and IAM goals can only benefit from the guidelines that Zero Trust demands. Together, IAM and Zero Trust allow schools the agility they require to meet their unique cybersecurity needs while maintaining as secure a system as possible to keep the personal data of students, professors, administrators, and more protected against breaches. Many technologies such as multi-factor authentication (MFA), analytics, risk scoring and strong encryption are needed to ensure success of a Zero Trust program.

Get a Better Handle on Complex Lifecycles

A focus on the identity of users is inherently built into identity and access management for universities. With flexible, transient student and faculty populations, they’re responsible for the private data of countless individuals at any given time. This goal makes it a natural fit for Zero Trust, which relies on strict controls for each and every user.

To optimize the Zero Trust model within their user lifecycles, universities should focus on the strict provisioning of users with strong authentication and authorization. An IAM platform that allows simple management of multi factor authentications can make the most of an IAM and Zero Trust collaboration.

Optimize Automation

In many cases, introducing a Zero Trust model means exchanging the more common network-perimeter security for an access per-application method. Stricter authorization guidelines are a cornerstone of Zero Trust.

However, this case by case approach to access may seem like a non-starter for universities because of their high turnover rate as a result of student matriculation. The first step is to impose enhanced governance policies which reduce the access rights users need to an absolute minimum to accomplish their specific tasks. Then, IAM automation helps schools solve for this challenge while maintaining the restrictions required to maintain a Zero Trust architecture and secure critical data.

Mitigate the Impact of Breaches

The fact remains: Regardless of how tight restrictions are, no system is unbreachable. That being said, should the worst happen, a Zero Trust environment does help lessen the impact of a breach. Its tight authorization restrictions and strict access controls at the identity level means most breaches can be easily contained to a handful of users. That’s good news for schools as cyberattacks continue to increase in volume and complexity.

Better Together

With the continued increase in cyberthreats faced by colleges and universities (made even more critical by the spike in remote access brought on by the pandemic), rise in interest Zero Trust security architectures is certainly not surprising.

To succeed with Zero Trust and IAM, schools need a solid foundation of security technologies. For colleges and universities, that foundation is an IAM solution that truly meets all of their data privacy needs. As we prepare for Data Privacy Day, this dynamic duo is the perfect pair to keep colleges and universities a step ahead of hackers now — and well into the future.

You can learn more about how Zero Trust and IAM provide the cohesive cybersecurity solution modern organizations require in our recent webinar: Complete Your Zero Trust Mission Using a Single Pane of Glass. Join our next webinar on March 4th

The Starting Point: 3 Steps to Begin a PAM Implementation

  January 26th, 2021
Written by:

Modern-day privilege access and cybersecurity needs can seem daunting. Security breaches of privileged accounts and related vulnerabilities have accelerated in recent years due to increased IT infrastructure complexities and the fragmented distribution of business critical services.

Add to this data points like 80% of organizations discovered that a privileged access policy violation had occurred within the preceding 12 months, and 87% of these businesses experienced a policy violation that resulted in significant impacts to business operations, according to leading industry analyst firm EMA. The need for privileged access management (PAM) to solve contemporary business requirements is definitive.

Many IT leaders recognize these intimidating numbers, challenges, and the necessity for privilege access management, but are unsure where to start a PAM deployment within their organization. It’s not as difficult as many imagine. Creating a PAM solution that’s self-sufficient and financially advantageous begins with these three best practices, crafting a PAM program destined for success.

1. Groom champions throughout your organization.

PAM systems will impact many individuals across an organization, so it makes sense to begin by identifying individuals who are not only stakeholders but also naturally inclined to support PAM deployment on grounds such as security and benefits. These PAM ambassadors can include everyone from developers and network operations staff to database administrators.

Start by training and giving them educational materials to build a knowledge base and share with colleagues. Provide them with a forum to contribute, raise concerns, request feature enhancements and additional documentation should they need it. Supporting these champions and adjusting project priorities (as required) will transform them into program advocates.

2. Deploy incrementally.

The number of shared, privileged accounts in an organization can be as much as three times larger than the number of people. These privileged accounts are present on every IT asset with many running on different platforms. Combine this exponential reality with the sheer amount of operations for credential access and configuring them all simultaneously is infeasible.

This exponential reality can make many network administrators apprehensive about a PAM transformation. Therefore, create a realistic and workable deployment that adds capabilities one or two at a time, migrates the resulting system to production use, re-prioritizes, and delivers again. By utilizing a steady, phased, and practical implementation, organizations will set achievable goals that IT leadership and stakeholders can get behind and applaud.

3. Maintain tight restrictions initially, then relaxed conditions if required.

When defining access and control policies, start with firm systems. For example, start with short limits on maximum check-out duration, require long and complex passwords, and do not allow plaintext password disclosure.

It’s much easier to begin with sturdy controls and relax them later on if needed than starting with lax rules and tightening them later. Users are more likely to object if that’s the case.

Building the foundation for your successful PAM deployment with these three measures is only the beginning of your PAM deployment strategy. Learn more by downloading our ebook: Deploying a Privileged Access System: 9 Actionable Strategies to Ensure Success.

Building a Sturdy Foundation for Identity Access Management Implementation

  January 21st, 2021
Written by:

The biggest question many organizations need to answer: Identity and access management is constantly evolving — is yours?

In 2021, it’s estimated that businesses without formal IAM programs will spend 40% more on IAM capabilities while achieving less than those with them. Organizations with IAM programs need to continually develop and advance theirs over time, and they will need a permanent team and partnerships to continue the evolution and management of it. And, by building a successful and engaging IAM program, they will not only spend less, but achieve more in the long-term.

Each iteration of IAM implementation follows the same simple guidelines and four steps:

  • Identifying key stakeholders
  • Defining the vision
  • Building the roadmap
  • Defining the architecture

Every stage of the plan during the first round is straightforward, and each successive cycle will be more effortless than the last. By following them, you can foster repeated identity access management advancement.

Build a Foundation.

The first step of an optimization journey begins with identifying key stakeholders. Although identification is at the heart of this action, it is also about determining what drives these important process partners. A successful first step will build the foundation for every iterative cycle that follows, so it’s paramount to look at it in greater detail.

IAM leaders should recognize that enterprise IAM role management, groups, privilege access, and governance is a unique arena that requires a specialized framework and methodology. With this in mind, IT decision makers should launch the initiative in advance to provide ample time.

Due to its specialized framework and methodology, the IAM implementation requires a diverse and committed group of stakeholders and their representatives within the organization: those who influence and benefit from the IAM program. Examples of a stakeholder and stakeholder representative includes end users and a service desk manager or network security and director of security. The goal is not to create experts or IAM experts out of these representatives, but rather to empower them to evangelize and demonstrate the program deliverables — scope and priorities are important to the larger audience.

It’s also important to understand what stakeholders and their representatives’ version of success looks like. This includes establishing common goals across departments and building trust within the organization, but also working through issues such as lack of recognition, lack of interest, and conflicting needs. To keep stakeholders invested, continue to align with their goals, build consensus, and continually reassess. Success will be measured against an IT leader’s ability to adjust to change and stakeholder input.

Lastly, IT decision makers should always have a champion. This individual can work with vendors and external stakeholders to advocate for the IAM solution.

Once key stakeholders and their primary drivers have been identified, an organization is ready for the next steps in this iterative process, which involve redefining the business across its vision, roadmap, and architecture. But much like the first step, it requires a thoughtful approach to succeed.

Find Success With Your IAM Implementation

Accelerate your IAM implementation with the Hitachi ID Bravura Security Fabric. This best in class solution empowers organizations to better navigate the difficult terrain of increasingly complex threats with a resilient, flexible, single identity and access management (IAM) platform and framework. Hitachi ID Bravura Security Fabric — which brings together the layers of Identity, Pass, Privilege, Group, and Discover — is dynamic, iterative, and optimized to protect, manage, and govern digital identity and access infrastructure in today’s ever evolving landscape.

Watch the webinar from our Power of One Summit to explore the additional three stages of a successful identity access management program implementation.

IAM Implementations Meet the Challenges of the New Higher Education Paradigm

  January 19th, 2021
Written by:

In the current climate, higher education institutions face numerous extraordinary challenges in managing identity and crisis. Remote access has become the norm, introducing new variables to the higher education equation as students, staff, and alumni have unprecedented access to a growing number of resources that are also open to attack.

Furthermore, higher education budgets continue to be in flux forcing IT and security teams to reduce risk and operate with fewer resources. Automation has become necessary to make this new educational organization equation add up. It is the vital business enabler that empowers your organization to do more with less and is paramount to identity and access management’s (IAM) success in this new remote access paradigm.

Many higher education IT leaders acknowledge this emerging need for IAM, consistently implementing it across their organizations. However, a recent survey from Hitachi ID and Pulse uncovers a discrepancy between the IAM processes currently in place and what best practices genuinely are — especially when it comes to the benefits of IAM automation. Across a large sampling of higher education institutions, IT decision-makers have implemented IAM but are conflicted between the benefits of governance and automation.

The Conflict: IAM Implementation vs. IAM Best Practice

When asked if a governance-first initiative is the most effective way to initiate and manage an ongoing IAM program, almost all of the surveyed IT leaders at higher education institutions claim that access governance is the best approach to IAM. In fact, of the 98% who have implemented an IAM program, almost two-thirds have invested in IAM governance, including 52% who have also implemented IAM automation.

When higher education IT leaders were asked if their organization had made investments in access governance or identity and access automation, however, the results demonstrated a disconnect between IAM beliefs and action:

  • 52% had invested in both access governance and automation
  • 33% had invested in just access automation
  • 13% had invested in only access governance
  • 2% had invested in neither governance nor automation

Moreover, while these leaders say governance is the best approach, 97% also claim that IAM automation is necessary to maintain compliance. This statistic further reiterates the clash between what respondents have implemented today and what best practices truly are for IAM processes.

The Resolution: Automation Benefits and Goals Drive Convergence on IAM Implementation

Despite this divide between beliefs and practices, the data demonstrates that higher education IT leaders are looking to complement access governance with automation. Most institutions are planning to automate their IAM completely. This best-practice combination has been recognized by IT leadership as a way forward in this digital and remote access-first environment to boost the productivity and security of their organizations.

Already, 64% of IT leaders at higher education institutions have automated IAM processes like provisioning and deprovisioning of students, faculty, and alumni, but there are still many recognized areas of opportunity, including:

  • Life cycle management
  • Self-service requests
  • Risk score assignment

However, they admit that the only thing holding back further implementation are budget and existing infrastructure investments. Despite these barriers, approximately two-thirds of higher education IT decision-makers see it as an opportunity to reduce security risk, boost confidence in compliance status, and make a conscious shift from reactive to proactive threat detection. Moreover, almost all IT leaders see IAM implementation as an opportunity to improve the end-user experience in the wake of a year of mass work-from-home migrations, rising layoffs, and an ever-growing list of remotely accessed resources.

In a year filled with so many of these unforeseen changes and a new dynamic digital-first higher education paradigm, IAM automation and governance are the best-practice methods to meet these challenges with a proactive and future-focused strategy.

Review additional results of our survey and learn more about IAM automation for higher education in our free resource: Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

Leaders Value These Key Identity and Access Management Automation Payoffs

  January 15th, 2021
Written by:

Identity and access management (IAM) automation is an undeniable game changer in higher education, with countless advantages for colleges and universities. So, when we recently worked with Pulse to survey IT leaders in higher education, we were a little surprised by the narrow scope of some of the results. When asked what automation benefits they’re most looking forward to, most of the answers centered around three categories:

  • Reduced security risk
  • Boosted confidence in compliance status
  • A shift from reactive to proactive threat detection

All of these are certainly key benefits for higher education; however, the payoffs for colleges and universities go well beyond these three. Automation can increase efficiency, resiliency, and accuracy in a number of ways.

More Time for Strategic Initiatives

While just over a third of respondents showed interest in this benefit, the importance of time saved cannot be overstated. Institutions that no longer have to spend time manually managing IAM can instead dedicate those resources to more innovative projects. Whether it’s app development, streamlining processes across departments, or focusing on end user experience, removing the more time-consuming parts of identity and access management allows colleges and universities to devote more resources towards strategic thinking.

Improved End User Experience

With so many other priorities to manage, user experience can get left behind. Our recent survey certainly reflected that: only 13% of respondents noted it as an expected benefit. Overlooking this vital piece of the IAM roadmap may expedite processes in the short-term, but poor UX can create extra work (i.e., onboarding challenges and overall usage issues) down the road if neglected for too long.

Simplified Workflows and Streamlined, Modernized Processes

Never underestimate the power of simpler processes. These automation bonuses may have only sparked excitement in around 10% of our IT leaders, but these streamlined workflows can make all the difference for universities. This is especially true for larger institutions who are tasked with identity and access management across multiple departments and colleges where automation can save countless hours.

Hurdles That are Holding Back Critical Growth

Unfortunately, due to obstacles faced by much of higher education, that automation panacea is still a ways off. The following hurdles are holding back critical growth for identity and access management in higher education and overcoming them will be crucial for success in the future.

Budget Constraints

Pre-pandemic, higher education was already facing budget cuts. Now, Covid-19 has only further intensified financial constraints. IT departments at colleges and universities, in particular, have been faced with unforeseen challenges as they were forced to quickly adapt for remote learning and then strengthen these swift solutions as the pandemic stretched on. Of course, this increase in internal IT demand had its own financial outlays and was simultaneously coupled with schools needing to tighten their budgets even further.

In our survey, all IT leaders agreed that budget is a primary roadblock for identity and access management automation. While there’s no easy solution for these financial hurdles, clearly communicating the full value of IAM automation (long-term cost savings, more efficient processes, fewer errors, etc.) will strengthen efforts to implement these essential processes and solutions.

Existing Infrastructure Investments

Legacy systems make those budget constraints even more challenging to overcome, as many schools have put significant amounts of time and financial investment into these systems and processes. Making the switch to a new automated system is about more than the financial cost, it’s also the time needed to onboard and implement that new technology — especially training teams and getting them up to speed with the new IAM solution.

All IT leaders we surveyed selected this as an impediment on the road to automation. Understanding that the investment — both time and cost — is worth the increase in efficiency, security, and so much more will allow colleges and universities to expedite their automation journey.

Executive Buy-in

Ultimately, automating identity and access management in higher education requires that IT leaders achieve buy-in from all decisions makers. While those in the trenches of the IT department may have a clear understanding of the benefits of automation, communicating that with the C-suite can present its own challenges.

While three-quarters of respondents identified executive buy-in as an automation hindrance, for schools struggling to convince decision makers of the value, it can be the sole roadblock to automation. As is the case with budget constraints, presenting the ROI of automation (time saved, decrease in human error, and as a result, reduced long-term costs) will be key in convincing leadership to commit to this essential evolution.

All of these challenges certainly present stumbling blocks on the path to IAM automation for colleges and universities. Clear communication of the return on this investment will be critical as higher education IAM moves forward.

Reputation Is Everything

Most end users may not be a decision maker at any colleges and universities, but they’re still certainly stakeholders when it comes to identity and access management. Whether it’s a student needing to reset their password from home or a new research project that requires specific entitlements, the process needs to be seamless, simple, and secure.

Clunky processes can create frustration for the end user (at best) and serious system vulnerabilities (at worst). It’s also worth noting that ultimately, when it comes to IAM processes, the opinions of end users can and do influence those who make the decisions.

End User Experience Also Has Pull

For many of these questions, the results matched the trends we’re witnessing in IAM for higher education. However, a few categories had some surprises, among them, end user experience (UX).

While only 13% of higher education IT executives cited the improvement of end user experience as a main benefit of IAM automation, two-thirds rated the influence of UX over the IAM roadmap as at least a 4 (on a scale of 1-5). End user experience isn’t driving IAM automation, but it still has plenty of pull when it comes to automation. Understanding its influence can help higher education better incorporate UX into automation plans moving forward.

Amplified by Remote Access

While remote access has always played a role in UX, the pandemic has made it a priority. Our survey reflected that 98% of those surveyed said UX improvement has risen in importance following the mass work-from-home migration and the broad swath of resources being accessed remotely. Remote access has also added another dimension to UX with IT teams needing to account for how remote students and faculty can reach support (for password problems or more serious issues) when the need arises.

Lighten the Load

While the end user is the focus of UX, higher education IT teams will also reap some of the benefits. Seamless, simple, secure IAM that’s easy to use and incorporates support solutions that users can access remotely, will ultimately remove many of those tasks (password resets, permission updates, etc.) from the IT team’s to-do list. Fewer user issues means less problem solving for your IT team, freeing them to focus on more strategic initiatives — further improving processes, application development, or whatever innovation is next.

User Experience Smart From the Start

UX may not be the driving force for higher education IAM automation, but IT leaders still need to keep its impact and influence in mind when plotting out their identity and access management roadmaps. When higher education IT leaders incorporate UX into IAM automation strategies from the start, they can stay ahead of any complications and ensure IAM automation benefits all stakeholders.

Get our one minute whitepaper to read the full results of our survey and learn more about IAM automation challenges and benefits for higher education in our resource:

Higher Education IT Leaders Are Looking to Complement Access Governance With Automation.

Join Hitachi ID and Pulse for an upcoming webinar to learn more about how higher education is using automation to complement identity and access management governance in their zero trust strategies to protect data against cyber security attacks.