At this year’s EDUCAUSE Annual Conference approaches, information security is principal. At universities and local community colleges, ensuring student privacy is so paramount. It is now included in many institutions’ value pitch. They should. According to the 2014 Identity Theft Resource Center Breach Report, Education made up 15% of all data breaches. At the same time, colleges and universities represent the most identities. Last year breaches totaled over a million identities at just six schools. Just as alarming, the list includes an aggregation of colleges and universities. From top in academics to largest and remote, student information was breached. Compromises included systems at Harvard, Butler, North Dakota University, Indiana, and Maryland.
Password management automation represents the quickest return on an IT security investment. Password management with self-service password reset gives schools an immediate advantage in preventing many security issues. A password manager unifies disparate campus systems under a strong password policy. From faculty and staff to students, parents and alumni, users most login. For this reason, EDUCAUSE sees identity management as a top security control.
Verifying system users is as important as extensive security logs. Enforcing strong passwords is equally as critical as intrusion detection. When student or administrator accounts are spoofed, exposure ripples through an institution. Across the Internet, students come to school with more passwords than ever. On the web and mobile, passwords are everywhere. For students, news, email, e-commerce, banks and social media all require passwords. Unfortunately, students cope by reusing the same password as frequently as possible. The danger is once a password is learned it’s immediately tried elsewhere. Passwords are stolen from one source to compromise systems containing sensitive data.
Strong Passwords and Password Policy Enforcement
To protect against password reuse, must begin by strengthening user passwords. Strong passwords that expire represent a first step in boosting security. In terms of an institution’s security needs, expiring passwords eliminates password reuse. However, securing a university’s systems requires authentication in addition to strong passwords.
For starters, rather than investing in technology begin with your business priorities. As part of the process, identify the systems needed to prevent breaches. This allows you to identify your user needs, funding, and priorities. This approach leads you to your system and software access management requirements. Although necessary for applying security, the process produces additional compliance review benefits. For federal mandates like the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS), you simplify reporting. Access management also allows for immediately decommissioning access.
Access management systems work behind the scenes. They cut down on the number of passwords users need to remember. They remove users who should not be in the system. Access management systems help assign access levels and automatically deprovision terminated accounts. This is particularly important, because schools experience 25% user turn over annually.
Self-Service Security Controls
Often users fail to create and protect strong passwords. The cause often stems from the frustration of having too many passwords. For full adoption, a password management system needs to impose a minimal burden on users. This applies to creating, resetting, unlocking and synchronizing passwords. The strongest password manager cannot improve security when no one uses it.
Colleges are challenged to support account password changes without adding resources. By requiring regular password changes, users need options. These options must be provided without increasing costs. They should also offer capabilities for adding access management and authentication, controls. Once deployed, a college or university can build upon their password management solution. By taking this approach, schools can immediately lower their exposure. At the same time, they establish a foundation to further prevent risks.
Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.