Identity Management in Higher Education
More than any other industry, higher education has a greater demand for Identity Management (IdM) due to its cyclical user base, temporary users, growing number of entry points, and security/privacy threats from a technically-talented user base. Identity management addresses these challenges, plus creates opportunities to increase Distance Learning enrollment and to grow revenue through extended geographic reach and improved access to university resources. IdM can also improve service and satisfaction levels to students, as well as slash registration, administrative, and IT costs. In fact, EDUCAUSE® has rated IT funding and Identity Management as the #1 and #2 issues critical for strategic success. These findings are echoed by CIOs and CISOs throughout higher education: Identity Management is a high priority, but the high up-front investment and ongoing costs associated with deploying and sustaining offerings from most of the vendors can be prohibitive. Colleges and universities need lower-cost and less resource-intensive alternatives for gaining the benefits of Identity Management.
PLACING IDENTITY MANAGEMENT WITHIN REACH
Leading analyst organizations point to the "realities" of conventional identity management deployments: higher than expected costs and deployment times, plus lower-than-expected ROI and capabilities; however, this should not deter institutions from deploying identity management, but instead motivate IT and InfoSec organizations to establish a high level of confidence not only that their chosen solutions can address the institution's objectives, but that they can be deployed on-time and in-budget. For institutions of higher learning to drive Identity Management benefits at a predictable and fair cost, they must do their homework to find the software vendor and procurement model that best fits their budgets, cultures, and overall objectives.
Institutions should demand the following key capabilities from any Identity Management solution:
- Provides rapid implementation and interoperability with all systems
- Supports existing institutional processes
- Runs on open source platforms and components (e.g., Linux, JBoss, Fedora) to minimize license costs
- Does not require programming or scripting, even for complex processes
- Conforms to the existing / planned IT infrastructure, e.g., standards-based, SOA, etc.
- Securely spans campus IT departments, universities, government agencies, research institutions, and other external enterprises
- Enables less-senior technological generalists to implement, sustain, and support the solution
- Easily accommodates changes in the university without requiring significant changes to the solution
- Provides the ability to securely manage, protect and audit high-privilege and shared resources like administrative accounts
- Can be optionally managed as a centralized or delegated solution
- Becomes increasingly cost-effective during each phase of the solution’s lifecycle
- Allows migration between software-as-a-product and outsourced services
It’s also important to look at how to best acquire a
solution like Identity Management. Where possible,select a technology that allows any procurement method and has
the flexibility to support strategic changes.
Outsourcing Identity Management: Identity as a Service™ (IaaS™)
Outsourcing is on the rise, not only for business process outsourcing, but for security infrastructure outsourcing as well. Outsourcing Identity Management has been fairly common in the context of outsourcing data centers and on-premise IT operations; however, Identity as a Service™ (IaaS™) is a new offering that follows the on-demand/SaaS (Software as a Service) software procurement model where the identity solution is hosted by a remote Service Provider while the client institution retains control of their applications. IaaS™ clients benefit from this model by significantly reducing up-front costs, eliminating capital expenses, increasing control over outcomes, having a predefined investment and expense schedule, mitigating the risk of technology selection, and eliminating the need to hire specialized resources. The IaaS™ model is ideal for higher education because it overcomes key barriers to entry (e.g., up-front cost and required resources), enables institutions to pay for only for those services they require, and can tie service-level agreements to specific institutional objectives.
IaaS™ Technology Requirements
To be effective, the IaaS™ architecture needs to easily and cost-effectively support federated provisioning across domains, firewalls and enterprises since by definition, the IaaS™ server is located at a service provider’s location while the systems and applications to be provisioned are located at client locations. Also, the service provider must deliver a “productized” service that meets the typical requirements of higher education. These can improve efficiency, speed of implementation and costs through business process standardization and simplification.
From a Service Provider perspective, for outsourcing to be a viable alternative, the outsourced technology must have several inherent characteristics that allow service providers to run a profitable line of business while offering their higher education clients affordable high-quality, high-value services. Institutions should carefully consider the service provider perspective since technologies that meet their requirements are typically the lowest cost and most flexible. Technology requirements include the ability to:
- Offer a single service platform for all delivery models
- Remotely deploy, administer, manage and change the solution
- Provide a seamless ability to securely cross domains and manage multiple organizations in a multi-tenancy model
- Simplify deployment and change management by eliminating the requirements for scripting and programming
- Scale from small organizations through large, complex enterprises
- Provide a High Availability environment that doesn’t require downtime to add or change features
- Leverage open source technologies
Deploying Identity Management in the Traditional Model: Software-as-a-Product
Deploying Identity Management in the traditional software-as-a-product model requires careful selection criteria to avoid the pitfalls common to this model. For institutions to achieve their year-over-year cost plans, they must choose solutions that drive down cost and complexity at every turn, yet provide the flexibility needed to quickly respond to institutional changes, new regulations and new opportunities.
For example, the cost of "change" can be enormous with products that require programming and scripting due to the time to understand the code, locate all sections that need to be updated, then program, test, debug, and migrate the changes. Graphical interfaces for workflow management offer hope, but should be approached cautiously as these interfaces generally have an embedded business process that requires institutions to change their existing processes to match the software. To date, Fischer International Identity delivers the only graphical workflow studio that eliminates the need for programming as well as the only graphical studio that can easily model complex processes.
CHOOSING A PROCUREMENT STRATEGY FOR IDM
A variety of factors can be used to predict the relative cost / benefit of each procurement strategy and to determine the best alternative for each institution. Of course, any product or solution considered must be able to support the desired procurement strategy.
In general, an outsourcing strategy tends to be best for institutions that are mid-size (10,000 - 50,000 users) or smaller, that have most of the same business requirements as other higher education institutions, and that have few, relatively expensive IT personnel. This is especially true when the institutions need rapid implementation, require low up-front costs, control resources in multiple locations, share resources with partner organizations, or otherwise control resources across domains or firewalls. These types of organizations can capture significant savings through the economies of scale achieved by service providers.
The following factors also point toward outsourcing as a procurement strategy:
- Need stable and predictable expenses
- Benefit from remaining current on new solution features
- The number of users varies, especially if the number of users sometimes decreases
- Need the ability to guarantee service levels and to tie costs to SLAs
- Need the lower costs afforded by open source software and the option for offshore labor
- Ability to achieve higher resource utilization and efficiencies by sharing specialized personnel and other IT resources across multiple organizations
Software as a Product
Software as a product tends to be best for extremely large organizations that have talented yet low-cost personnel who run all systems and applications internally in a centralized environment. This is especially true when the institution’s business requirements are significantly different than other higher-education institutions, so that their solutions must be highly customized. It is also the case for institutions that have no advantage in procuring solutions as operating expenses versus capital expenses. These types of organizations can effectively achieve economies of scale by efficiently specializing technical personnel and fully utilizing IT resources. In effect, these types of large institutions can achieve the same types of benefits as service providers.
Total Cost of Ownership
Figure 1 below illustrates the relative total cost of ownership for Identity Management (10,000 users, 25 connected systems) for both software-as-product and outsourced (IaaS™) procurement models. Note that TCO reflect all costs (including discounts) typically required to fully support an Identity Management initiative: e.g., software, hardware, maintenance, staff, etc.
Figure 1: IdM TCO by Procurement Model & Vendor
Figure 1 illustrates the significant cost difference between an advanced solution such as Fischer’s vs. conventional IdM products from the major vendors. Contemporary IdM architectures are designed to minimize the time, skill requirement, and, therefore, cost to deploy and maintain Identity Management.
Notice that outsourcing IdM via Fischer’s Identity as a Service™ (IaaS™) model provides the lowest entry and year-over-year costs. In general, procuring IdM in an outsourced model is the most cost-effective option as it leverages the Service Provider’s experience and best practices in IdM and compliance.
Cost-effectively implementing identity management solutions is now within easy reach of higher education; however, achieving desired results requires diligence in assessing institutional requirements vis-à-vis the abilities of leading solutions, as missteps can be extremely costly.
Identity as a Service™ is a new offering that provides desired benefits while mitigating the costs and risks commonly associated with traditional identity management deployments. While traditional deployments remain viable, institutions must exercise due care to select the right solution and to properly manage all phases of the solution’s lifecycle. Only Fischer International Identity delivers a proven solution that can be deployed using any procurement model.
© Copyright 2008 Fischer International
Identity. All rights reserved.