By their very nature, IT network of educational/ academic institutions are used by a large number of transient users. One of the examples of a transient user is an aspiring student who fills up an application and use parent’s credit card to make the payment. Such details are stored in the institution’s system. Academic institutions keep enormous information, which includes but is not limited to research papers, student’s data, transaction details, etc. What’s more – It is not just about money, this game is also about truckloads of sensitive information that is possession of universities.
Top rated universities are at the forefront of academic, government and even defense research. For cyber criminals, educational institutions are easier to break into because the controls for access are not very rigid, the traffic is not watched out for, access is not monitored and many a time the systems are not abreast with updated technology.
Not even the best of universities are spared from this impending threat.
- On June 19, 2015 – US Ivy League University Harvard announced that it has, for the second time in four months, been the victim of a cyber-breach.
- In 2015, Pennsylvania State University and the University of Virginia found out that Chinese hackers managed to breach their systems.
- University of Connecticut leaked out student Social Security numbers and credit card data to hackers. Similar attacks were also targeted for Washington State University and Johns Hopkins University.
- Approximately 18,000 students and faculty, plus around 500 research partners are thought to have been affected by the Penn State #hack that possibly occurred two years ago.
- Rutgers University in New Brunswick announced to spend up to $3 million on cyber security in order to prevent hackers crippling the university’s computer networks.
To a CIO or an IT Director of a university, these numbers are scary!
Increasing instances of cyber-attacks are pointing at protecting students’ and researchers’ personal information – because data in possession of an enterprise (include education/academic institutions) becomes the property of that institution. Therefore the responsibility of safeguarding the data becomes an important cyber security function.
Regulations including FERPA (Family Educational Rights and Privacy Act of 1974) call for a focus on Access Rights to governs access to educational records maintained by educational institution and ensures students’ rights to privacy. Since this regulation is applicable to all elementary, secondary, and post-secondary institutions receiving federal funds, university breaches indicate need for more safeguards.
Identity and Access Management helps in achieving close knit, agile IT system that is next to impossible to break. It brings in role and identity management policies to define access (and the limit of access rights) for authenticated users. It allows for risk assessments, identify and monitor appropriate access. Any suspected access (be it from a mistrusted location or device) is flagged. This is addition to various features including Mobile based access, App integration, Federation. With the help of cloud based Identity Management model also known as IDaaS (or IDaaSG), the integration of IAM technology is simple, fast and value for money. A specialists in the field of IAM technology can make such a cloud based platform super secure.
Are you looking for a complete IT security solution for your organization? Allow us a discussion with you.

While your article raises the need for IAM in academic institution, it doesn’t provide a roadmap of how to. Going by the title of the article I was expecting little more of that and I would be looking forward from your expertise about that.
Thanks
Nish
Thank you Nish Majmudar for your suggestion. We will take your feedback as an input for our future posts.
There is a blog post (On Avancer Blog) that could be close to what you are expecting to read. It focuses on steps involved in IAM implementation. It is relevant in the backdrop of the fact that CIOs and decision makers need to gain perspective on IAM implementation and make sure that their approach is progressive to get the best out of their IAM investment. You can view it here>> https://www.avancercorp.com/blog/when-businesses-implement-iam-tech/
Hope you find it of use.
Thanks,
Team Avancer