Myth #2: You have to dramatically change infrastructure to accommodate identity management in the cloud
No infrastructure changes are necessary for a university to take advantage of cloud-based identity management (IdM) services. Integration with existing IT systems can be accomplished seamlessly as if the IdM solution were running on-premise.
Myth #3: Identity management solutions don’t provide security and management of cloud-based applications
While this may be true for some IdM solutions, the right solutions use the same processes and procedures to securely manage cloud-based applications while also managing on-premise applications. They also provide the same abilities to audit, control, and report compliance-related aspects, such as who has access to each resource, eliminating orphan accounts, etc.
Myth #4: Cloud-based identity management solutions are less capable than on-premise solutions
Cloud-based IdM solutions don’t have to be different from on-premise solutions and can deliver the same functionality. However, cloud-based IdM solutions have a business driver making them different. The hosting provider will want to drive down the cost of hosting to take advantage of hardware/software/technical resource consolidation. In order to do so, IdM solutions running in the cloud must have a better design and they must be easier to maintain.
Understanding the myths without an education on the actual risks will not protect any university from security threats that continue to exist. While transitioning to the cloud does not present any unique risks to sensitive university data that do not already exist in an on-premise environment, some common pitfalls include:
Risk #1: Inadequate access control policies
Failure to clearly articulate and enforce department and university-wide IT security policies and procedures creates both internal and external confusion, which can lead to ongoing threats and vulnerabilities.
Risk #2: Lack of education
When students, faculty, and staff are not educated on the “do’s and don’ts” of IT security, they are less likely to take the proper steps to secure their own information. For a CIO and his/her IT department, an uneducated user base can quickly become the university’s worst enemy.