Posted by Todd Chambers - CMO on Thu, Sep 24, 2009
EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology, recently conducted their 10th annual EDUCAUSE Current Issues Survey. Given the tight IT (and overall) budgetary controls education institutions are facing today, along with increased data privacy laws and regulatory requirements, it's not surprising that "funding IT," "security" and "identity/access management" were among the top-ten issues IT leaders identified as the most critical to resolve in 2009.
These findings mirror the challenges and priorities we're seeing with our education and other customer segments out in the field every day. From an identity and access management - or more broadly, Access Assurance - perspective, we're helping them to approach each of these areas in new ways that deliver measurable ROI by improving risk and compliance while reducing costs:
Funding IT - our customers are facing CFOs that want concrete results in return for new IT spending. In response, we've developed a self-funding model that delivers "quick wins" through an incremental deployment scenario that helps to rationalize a larger, longer-term Access Assurance strategy. The process enables the customer to start improving Access Assurance one step at a time and to pinpoint where and when potential cost-savings come into play - right down to the exact timing of specific operational savings. One Courion customer recently implemented a significant Access Assurance initiative without spending a single budget dollar!
Security - higher ed IT staff are trying to mitigate the risks driven by the growing volume of information across multitudes of devices, web-based applications, and other network resources. One of the key pieces of this challenge is controlling user access to all of this data. By viewing users' behavior on the network as "body language," IT managers can get important clues that may signal inappropriate access or malicious intentions. For example, if an employee is about to resign, his or her network behavior during the weeks prior to giving notice often follow consistent patterns. For example, copying entire folders from file servers could be a signal that an employee is about to depart. Access Assurance technology puts safeguards in place to detect various types of network body language, more effectively and efficiently control user access, and ensure continuous compliance with privacy laws and other federal regulations.
Identity and Access Management (IAM) - as campuses attempt to deal with restricted access systems, such as databases and intellectual property, and the emergence of cloud or software-as-a-service applications, setting policies and controlling user access to all of these systems and applications has become a top priority. IT staff must carefully balance a campuses' need for collaboration and information sharing with the need to protect sensitive data and meet government regulations, such as those limiting user access to non-public resources. To effectively create, manage and monitor user access, institutions need to begin looking at identity and access management as more than just password management. A holistic approach to IAM - one that incorporates on-premise and cloud-based systems as well as processes such as automated user provisioning, role management and access certification, and credentialing, among other elements - can help higher ed IT staff increase campus-wide IT security and compliance as well as user productivity while ultimately reducing costs.
We're currently conducting our own education survey looking into the IAM practices of education organizations, so stay tuned - we'll make our findings public over the coming months.
Posted by Todd Chambers - CMO on Fri, Sep 18, 2009
Last week, the Gov 2.0 Summit opened in Washington, D.C., where policy makers and industry leaders discussed how technology can make government more functional. In conjunction with the summit, 10 companies announced that they will act as digital identity providers by supporting OpenID and Information Card technologies (described in depth here) for government Web sites, in an effort to make government Web sites easier to interact with. According to InformationWeek, the pilot programs aim to make use of Web 2.0 technologies to make government Web sites more open and participatory.
OpenID and Information Card technologies are a key part of the White House's Open Government initiative, which aims to provide strong privacy protections for users in order to speed efficiency. The purpose of these pilot programs is to give visitors to government Web sites pseudonymous interaction options that don't require users to reveal personal information. This makes access quicker, and requires less authentication from the user.
We applaud this effort and look forward to the next step in the process of delivering a holistic approach to access assurance as pointed out in my recent post. The move to trusted frameworks like OpenID is an important step to foster more participation and more efficiencies within our government agencies, and given the desire by the government to make more personal information available more broadly, it is critical to ensure that Web-based data is thoroughly protected.