Frequently Asked Questions

General IAM Questions

Q. What is Identity and Access Management (IAM)?

A.  Identity Management refers to the business processes, and supporting infrastructure (policies and technologies), for the creation, maintenance, and use of digital identities (Courtesy the Burton Group). Identity Management helps higher education institutions to know who’s who. It assists in answering tough questions like:

  • Who should be admitted, based on approval from whom?
  • Who should be able to apply for financial aid?
  • Who should be able to register for a course, or change grades?
  • How can identity information be used effectively, while keeping it private and secure?

Access Management (AM) covers authentication (authN) and authorization (authZ). Authentication is the process of determining whether a person is who he or she claims to be. Authorization deals with the decision about whether to permit a known user access to resources. AM helps higher education institutions control what individuals have access to. AM helps provide access to questions like:

  • What entitlements are implied by your affiliation as student, faculty or staff?
  • What are the processes for requesting, approving, provisioning and maintaining access?
  • When do we terminate access?

Q. Why is this important?

A. The business benefits of the IAM project at the University of Illinois System are outlined at the Business Benefits page. The following are additional benefits identified by other organizations.

Operational efficiency and consistency. An effective IAM infrastructure increases institutional efficiency by reducing duplication and ensuring consistency in identity data. Even basic agreement on the definition of affiliations like “student” or “staff” goes a long way in ensuring that users are set up correctly and provided with the services they need as they move across departments and colleges within the institution.

Accessibility and the “authentication continuum”. A solid IAM program will first and foremost provide an institution with the tools and processes to quickly provide users with electronic identifiers, and access credentials for carrying out their functions. It facilitates ease of use and increases constituents’ satisfaction by facilitating such technologies as reduced sign-on and electronic signatures. An effective IAM program will also embrace the idea of an “authentication continuum”. This takes into account that different levels of identification and authentication are required depending on the type of services a user wants to access. E.g., accessing sensitive student records may warrant a high assurance level identifier and multifactor authentication, whereas an email address and a password may be sufficient for a prospective student trying to submit an application.

Increased appetite for online transactions. As higher education institutions move more and more operations online, there is an increased appetite for electronic mechanisms for providing users with access to resources and functions. Increasing online presence coupled with the sheer volume of Internet users make it a complex and difficult proposition to be able to grant access for legitimate purposes while preventing malicious access.

Security, privacy and compliance. With increased access comes the need for increased security to be able to create an audit trail of access in order to track unauthorized activities to responsible persons. Security best practices also demand expeditious deprovisioning of access upon termination of relationships. Local and Federal laws like HIPAA, FERPA, and GLBA provides sticks or carrots, depending on your vantage point, for ensuring that we are practicing due care and due diligence.

Identity Management is a hot topic in higher education. ECAR published “Identity Management in Higher Education: A Baseline Study” and found that nine out of ten higher education institutions are engaged in Identity Management efforts or projects. Clearly Identity Management is a hot topic among higher education institutions, so this is as good a time as any to formally start a program. A solid institutional IAM program will lay the foundation for federated identity, which allows multiple entities in different domains to share user attributes, providing inter-institutional access, collaboration and innovation.

Q. What are identities and why do they need to be managed?

A.
Organizations of all types assign identifiers to individuals representing rights and privileges. Individuals take on multiple personae using these identifiers as their identities when they work through different systems or access designated services. Identities are required for all users including employees, business partners, customers or citizens. As online operations becoming the norm of business model, identity is also becoming a key asset to all levels of business operations.

Organizations need to manage relationships with multiple and distinct populations of “identities.” These may include employees, customers and business collaborators. Each type of population requires identity and access management but with their own unique requirements. Too often multiple, parallel approaches to managing identities have sprung up even within a single company. But identity cannot be securely and cost effectively managed in silos. A consistent, efficient and secure method is needed to manage identities both internally and externally. The ability to manage identities and identifiers across this complex landscape is now a core organizational survival skill, requiring consistent and cost effective administration and enforcement of access privileges with end-to-end auditing of all identity-related activity.

Q. What are the primary business drivers for identity and access management?

A.  Customers have started to realize that strong security can actually help their business in many ways. The primary drivers for IAM solutions are the desire to:

  • Reduce the costs of IT administration
  • Increase the productivity of users, managers and administrators
  • Control and manage operational risk
  • Protect critical corporate IT assets
  • Enable new business opportunities
  • Enhance regulatory compliance

Q. How do IAM solutions help reduce costs?

A.  IAM allows you to manage your user identities and their access rights more efficiently than ever before. It can reduce your security administration costs, and increase overall productivity so that you utilize your people resources more efficiently. It reduces your security management costs by:

  • Reducing your system and security administration costs
  • Reducing the burden on your Help Desk
  • Reducing the costs of developing your applications
  • Reducing the costs and improving the effectiveness of monitoring and auditing your security infrastructure
  • Reducing the costs of managing vulnerabilities across all of your systems