Colleges and universities are preparing for a new school year amid uncertainty about when and how campuses will open. But one thing is clear — the expanded use of virtual learning environments will open up campuses to greater security risks.
Security leaders in higher education need a solution that fits current demands to authorize and authenticate users’ identities quickly and ensure they can securely access the resources they need, according to a new report.
Colleges and universities have made progress implementing a centralized login credentialing process in an effort to reduce IT friction for users and limit the burden on help desks to reset passwords. But today, more integrated cloud-based identity platforms are needed that can automate IT workflows and give administrators greater visibility into daily IAM activities and account provisioning, says the new report, produced by EdScoop and underwritten by Okta.
Multi-factor and policy-based identity
Balancing security and user experience have always been important for higher education institutions. Because they have diverse user populations, they need the ability to recognize and control segmented access rights.
Establishing identities and roles helps to define a user where access requests intersect, says Kelsey Nelson, senior product marketing manager at Okta, in the report. For example, students and faculty need different access privileges to a given class’s gradebook. And a graduate student can be a student one minute and serve in the role of an instructor in the next minute.
Robust identity authentication solutions can bypass the need for a username and password, and instead allow organizations to establish tiered policies and requirements that can prompt for a second factor for authentication.
The future of passwordless authentication
“Passwordless authentication may be one of the most impactful steps that an organization can take to manage a range of security risks,” the report says.
Passwordless authentication offers advantages in streamlining users’ experience, and redefining logins can reduce or even eliminate a majority of password-based attacks.
However, to make the system work, organizations need a robust policy management solution, coupled with an appropriate security risk framework, to designate instances when the user needs to authenticate only once using passwordless access, and other times when they need a second factor.
“For example, if a student loses their phone, a policy that requires they use the same application on their phone every time is not an effective policy,” Nelson explains. “But in that same scenario, if that student meets other authentication factors — those can be network, application, geography, the resource they are trying to access or known user behavior — the system will double check their identity because it’s a new phone, but won’t need to check it again after.”
Going passwordless is an evolutionary process and requires careful planning. The report touches on several types of solutions for a passwordless experience, depending on the use case, including:
- Email magic links with one-time password (OTP) tokens.
- Factor sequencing to give contextual awareness and intelligence to configure multiple authentication factors.
- FIDO2/WebAuthn passwordless authentication framework for web applications running on a FIDO2 supported browser.
“By 2022, Gartner predicts that 60% of large enterprises, and 90% of midsize enterprises, will implement passwordless methods in more than 50% of use cases — up from 5% in 2018,” according to Gartner’s vice president analyst, Ant Allen, cited in the report.
As colleges and universities continue to rethink how they will deliver a mixture of classroom and online learning, they will inevitably need more modern, cloud-based IAM platforms to better manage and protect their systems, resources and users.
Read more about the future of identity and access security.
This article was produced by EdScoop and sponsored by Okta.