Managing directories for school security

Mar 13, 2006 3:23 PM

Directories play a crucial role in the security architecture of colleges and universities. The problem: there are too many of them.
Such directories contain redundant sets of user IDs and data. And they are managed separately, with different tools and commands. Administrators struggle to maintain consistency between entries and must keep track of user access rights across multiple systems and accounts.
Such synchronization of data among directories is a time-consuming, often manual, job. In addition to wasting many hours on repetitive tasks, IT administrators are hampered in their ability to identify and plug security holes as well as provision and de-provision user access rights in a timely fashion.
As a result, education institutions are increasingly using meta-directories as the basis for campuswide identity and access management (IAM) infrastructure. From a manageability standpoint, meta-directory platforms provide the umbrella infrastructure to synchronize and tie together disparate directories and allow IT managers to centrally administer identity and access management throughout all applications and security systems -- all from a single console. Meta-directories are vital for storing, maintaining and updating identities and related information. The information they house can be used for reference, user authentication and access control.
Meta-directories help strengthen an academic institution's defenses against security threats. Here's how:
* Centralized management: Administrators can monitor and control user access across all IT systems from a single console.
* Rapid provisioning and de-provisioning: Schools can provide access rights for incoming students, faculty and visitors as soon as they arrive on campus. Schools can remove access rights the moment a user leaves. The meta-directory's dynamic links to all relevant directories and security systems ensure that no resources will be overlooked. This minimizes the likelihood that a departing user will retain -- and possibly abuse -- access rights to campus systems data.
* Granular, policy-based control: Meta-directory IAM platforms use preset policies to determine who gets access to what on an increasingly granular level. This is crucial to institutions of higher learning. Administrators need to grant access privileges according to the various student, professor and visitor roles.
* Control of both logical and physical resources: More and more campus environments are working toward a "single sign-on" or single-password approach for both logical IT resources and physical facilities. This is done by connecting meta-directories to smart-card systems to control access to residence halls, computer rooms, laboratories, libraries and other restricted campus areas.
For colleges and universities, meta-directories are critical components of effective IAM solutions -- providing openness and security to myriad types of users. Characteristics to look for when choosing a meta-directory solution include: high performance; a scalable, flexible architecture; high availability and reliability; proprietary support; and interoperability.
This article is excerpted from "A Secure Balance," a story in the Feb. 2006 edition of our sister magazine, American School & University. Click here for the complete article

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue