I’ve been spending more time lately looking at information security. In Information Security Today – Has Anything Changed? I wrote about Stephen Northcutt, President of the SANS Technology Institute. I pointed out that the SANS 20 Critical Security Controls has, in broad terms, been the same for the last twenty years.
My interview with Stephen Northcutt is now available on Mich Kabay’s Security Strategies Alert newsletter on Networking World. In that interview Stephen talked about evaluating the risks of information security. For example, as we move into Cloud Computing organizations are focusing on the cost savings without looking at the change in the risk profile. In some cases, the risk goes up dramatically in a Cloud environment, because one agressive attack that wipes out disc drives can wipe data for many organizations and not just one.
Recently, I’ve been helping Birket Foster CEO of MB Foster Associates with his initiatives to greatly simply the provisioning and deprovisioning of application data for higher education institutions. This is a challenging problem. At my alma mater, the University of British Columbia, there were over 5,000 new students this fall. Institutions like UBC face enormous challenges at the start and end of each term.
Higher education institutions have numerous applications that students must interact with. These include administrative systems that track registration, fees, and payments, timetable applications, learning management systems, and the library just to start. Behind the scenes each of these applications must be provisioned with the details of each new student. MB Foster is working with Denmark-based SystemTech to help higher education institutions fully automate the provisioning of the details of all applications that a student, faculty, or staff must deal with.
There are obvious benefits to automating the provisioning of new students, such as reduced human costs, lower duplication, and a vast reduction in errors, but that’s only the start of the process. The fall term is coming to a close at UBC. Soon, student records must be removed from many of the applications that were provisioned in September. Students will remain in the administrative system, but must be removed from all the learning management systems just for a start. At a place the size of UBC, the problem is even bigger. In addition to 5000 new first year students, there are 35,000 more full- and part-time students in undergraduate and graduate courses. Professors take sabaticals, visiting professors visit, and staff come and go. Accurately keeping all applications up-to-date with the identify and roles of each individual student, staff, or faculty member is an enormous challenge that is ripe for automation.
Getting it wrong exposes the unviersity to a wide variety of security risks that stephen Northcutt and the SANS Institute make clear.
How do you provision and decommission user identities and roles throughout your organization?