Identity governance to augment WVU’s long-term security strategy

Identity governance plays an essential role for higher education institutions in their efforts to provide a seamless, reliable and secure user experience, says the IT security chief at West Virginia University, which serves more than 21,000 undergraduates.

Colleges and universities have a diverse population — applicants, students, alumni, faculty, staff and contractors — and the potential for ever-changing access privileges to resources. Therefore, IT departments need a solution that can define and manage permissions to systems, data and devices.

Having a robust identity governance solution to automate and enforce user access permissions has become increasing important to institutions, say IT leaders in a new podcast, produced by EdScoop, and underwritten by SailPoint.

Alex Jalso, chief information security officer for WVU, shares how establishing governance rules was the first step toward re-architecting his organization’s identity and access management environment. It’s also been important as he maps out WVU’s longer-term strategy of moving systems to the cloud and strengthening security compliance.

Adding to the conversation, Cullen Landrum, senior systems engineer at SailPoint, shares how identity governance adds the ability for organizations see how they are provisioning access privileges and also audit how individuals got access to the university’s resources.

The two IT veterans discuss recommendations for evaluating and implementing identity governance solutions, and how they can support broader efforts around identity and access management:

How identity governance fits into IAM strategies

Jalso explains how an identity governance strategy gave WVU a framework to implement more granular access rules. WVU is now able to determine who can and who can’t access to university resources and adjust those rules based on users’ roles and geographic locations.

“When you have all these elements put together, that helps to increase compliance, helps to lower your risk profile and all those different pieces come together for a more robust identity and access management program,” Jalso says.

Why CISOs should consider an identity governance solution

“Part of the governance is reviewing somebody’s access — from either as a manager or a data owner — looking at a user’s access and reviewing that to determine do they still need that access or not,” says Cullen.

This allows an organization to reduce its risk threshold and get closer to the least privilege model – where a user may not have all the privileges they need, but they have the least privileges to get everything done.

How to make sure you have the right features

“At WVU, we have a teaching hospital we’re affiliated with. We have a unique situation with them, and it was good to get them involved right away,” Jalso says.

With all stakeholders at the same table, they were able to answer questions regarding the benefits and functionality the campus needed for certain requirements, “not just for the IAM program as it exists today … you have to see what you will need to do three, five years down the road,” Jalso says.

Alex Jalso has worked for 26 years in IT at WVU and the last 10 years in information security.

Cullen Landrum is an IT veteran with two decades of system engineering and identity and access management consulting experience at enterprises like Sun Microsystems, Oracle, Aegis Identity Software and most recently with Sailpoint.

Listen to the podcast for the full conversation on the importance of identity and access governance in streamlining the user experience. You can hear more coverage of “IT Modernization in Higher Education” on our EdScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.

This podcast was produced by EdScoop and underwritten by SailPoint.