Since establishment of an Information Security team four years ago, the Flinders University has executed a rapid continuous improvement program to not only reduce risk, but also improve the usability and resilience of the University’s IT services to enhance the Student and Staff experience. The centerpiece of this work has been to implement an identity management capability to support the needs of the University and its users into the future. In August the University completed the implementation of its hybrid identity technology platform, with the cutover of 30,000 users with minimal impact. This presentation will provide an overview of the approach taken and the key lessons learnt.
Information Security presents a significant challenge to higher education. Educational institutions operate outside of traditional organisational boundaries, brought on by the need to facilitate and support a highly collaborative, innovative, research and teaching environment. Security is traditionally perimeter focused, however, this approach isn’t practical in higher education as it doesn’t enable users to function as required. Security must be an organisational enabler, and must be geared at solving usability challenges whilst reducing risk.
Flinders University in South Australia has undergone significant change over that past four years to improve its IT services. This included the establishment of the University’s first ever IT security team to drive improvements in culture and the technical security environment. A core component of the University’s security strategy has been to improve management and visibility of the University’s 30,000 users. The University’s unique approach to implementing a hybrid identity architecture has enabled significant improvements in this area whilst minimising disruption to users.
This presentation will provide an overview of:
• Existing higher education security challenges and threat landscape;
• The University’s unique approach to implementing a hybrid identity architecture to support the automated provisioning, 2-step account activation, single sign-on of users and self-service functions and implement these capabilities with minimal user impact;
• How identity fits into the University’s user-centric security strategy including how it integrates with the existing monitoring systems to enhance incident identification and resolution;
• How the technology choices in implementing identity management enabled the University to rapidly integrate with cloud and on premise applications;
• How the University has implemented contextual security notifications for Students and Staff that inform them of potential compromise of their accounts to allow them to take action.