Often Overlooked


09/01/2014  |  Dean Wiech

If you work in the IT department at a school, whether it is K-12 or higher ED, you know that educational entities face many issues with identity, access and password management. With so many types of accounts in a school—such as student, employee, teacher, parent and temp—managing accounts and access rights becomes difficult and extremely time consuming. For example, at the beginning of each school year there is a rush to get new accounts correctly provisioned. Many schools have hundreds, if not thousands, of new students coming in each year, and creating accounts for each of these students can take a full-time employee weeks to accomplish the task.

Additionally, changes to accounts happen throughout the year. Students leave or join the school, transfer to another facility and employees and teachers change positions or have their personal information change. IT department employees within an educational entity know all too well of this ongoing nightmare. It also needs to be ensured that everyone has the correct access rights. Teachers need to have admin rights to accounts and grading systems, whereas it needs to be ensured that students cannot access these systems and have access only to applications they need for learning.

Added to this is the headache of disabling accounts once students and teachers leave the school. It is often not as simple as just deleting accounts. For example, teacher accounts with important student information and grades may still need to be accessed after the teacher leaves, or students who graduate may need to be transferred to an alumni account.

Licensing issues may also occur at education entities. For example, certain educational applications cost a ton of money so schools purchase a limited number of licenses that need to be shared throughout the district. What the school has trouble keeping track of, though, is if these licenses are being used and how many they truly need to be paying for.

Not only is account management difficult at schools, they also need to deal with password management issues. Students and teachers often need access to applications after school, such as Blackboard, to complete homework. So what do they do if they forget their passwords or are locked out of their accounts? If the helpdesk is not staffed after school hours, are students simply out of luck?

Though these issues are common, solutions are often passed over since schools have tight budgets they need to meet, and they need to ensure that any type of solution implemented provides a high return on investment and solves more than just one of their issues. They also have to ensure that the solutions are not something that takes a tremendous amount of time and effort to implement since they usually only have the summer available for onboarding new systems.

How to Reduce the Costs Associated with Identity and Access Management Issues

Many schools have opted to implement Identity and Access Management solutions which solve many of their issues with just one or two solutions. For example, an automated account management solution can easily handle several issues that schools deal with for managing user accounts.

With an automated account management solution, accounts are quickly and automatically provisioned. Once a student is added to the school’s student information system (SIS), accounts are automatically provisioned for them in any connected systems and applications. This also assists with any changes that happen throughout the year. Once that change is made in the SIS, all other connected systems are automatically updated, without any manual action having to be taken. Then when it comes time to disable accounts, there can be specific criteria set up, so that for example, an entire graduating class can be transferred to alumni accounts.

An automated account management solution also helps with the issue of license costs. It allows systems admins to have an overview of exactly who is using each system and application, and how many licenses are truly being used.

To handle the password issues many schools have opted to use self-service password reset solutions. These types of solutions allow students, teachers, and employees to easily reset their own passwords after correctly answering security questions to which they previously provided answers. So, when it is eight p.m. on a weeknight and a student forgets their password, they have no excuse why they could not complete their work. This also relieves a huge headache for the help desk since they don’t have to deal with password reset requests each day.

Case examples

Waxahachie Independent School District faced many of the issues discussed. The students, staff and IT department were burdened by password reset issues. Users were unable to be productive because they needed to contact the helpdesk each time they needed to reset their passwords and were not able to do so when working after school hours. A self-service password reset solution allowed students and staff to proactively solve their own password issues without having to depend on the helpdesk.

Fitchburg State College is another example. Fitchburg State had 44,000 records in Active Directory, which in no way reflected the school’s actual environment. This was because of stale accounts that were no longer required. After several attempts to delete user accounts based on inactivity and inadvertently deleting hundreds of active users, IT leaders realized they needed help. “We weren’t able to integrate Active Directory information and the student record system to accurately report information,” said Sherry Horeanopoulos, information security officer. Fitchburg implemented an automated account management solution that reduced time spent on account management by 75 percent.

The ROI of IAM Solutions

If it isn’t already obvious, many of these solutions can save schools a tremendous amount of time and money. The return on investment (ROI) of implementing an IAM solution is substantial. Since schools have to ensure that any amount of their budget is going to produce a definite ROI, here is a bit more data about some of the money saving aspects produced by these solutions.

First off, there is often a full-time employee in charge of handling account management, since all actions have to be done manually. An automated account management solution allows this position to be eliminated or re-focused since account management becomes reduced to minutes rather than hours. This employee, who is often a highly trained IT staff member, can then focus on other more pertinent educational technology for the school.

This one solution can also provide other cost saving benefits, including being able to easily delegate account management tasks to less technical helpdesk employees. Instead of having any IT personnel dealing with account management, the task can be delegated to help desk employees. With a simple input form, help desk employees can enter the employee or student information and accounts are automatically provisioned in the correct systems and applications.

Additionally, an automated account management solution can help save on license costs by allowing the school to see exactly how many licenses are being used. For example, the school district might be paying for 10 concurrent licenses to a very expensive educational system, but only up to five are ever being used at a time.

So what about the password management software? META Group research, conducted on behalf of Price Waterhouse Cooper, concluded that help desk tickets for password resets cost $60.93, annually, per employee and up to 45 percent of all help desk calls are for password resets. A self-service password reset application can reduce that volume by two-thirds. For a school of 3,000 users, that’s an annual cost savings of $182,790. When compared to the costs of a password reset solution, the ROI can be a matter of months.

Overall, educational entities might be wary about implementing any kind of solution because of budgetary issues; however, IAM solutions can provide a significant ROI. In addition, many solutions allow students and teachers to be more productive and IT staff to focus their time on more important issues and learning technologies for the school.

Dean Wiech is the managing director of Tools4ever, a global provider of identity and access management solutions, serving hundreds of educational entities throughout the U.S.
Comments & Ratings

There is no comment.