Improved privileged account management to secure student data and meet compliance mandates.
GUEST COLUMN | by Mike Somerville
As Manager of Systems Support and Chief Cloud Evangelist, I lead the IT systems team at the University of San Diego. We’re responsible for four data centers, the network, virtualization, servers, and more—everything that needs a password for access.
Automating Privileged Account Password Security
To manage and secure our IT infrastructure, we recognized years ago that we needed to automate the process, especially in terms of how our IT staff handles passwords for privileged accounts. With the average cost of a single stolen record in the education field running as high as $300, it’s imperative that we protect our data with the most effective tools available.
Putting privileged account password management in the cloud helps the university eliminate upfront capital costs while avoiding getting locked into any single solution.
Because of the extensive access granted to IT users of privileged accounts—the proverbial keys to the kingdom—we wanted software tools that would help us to secure passwords and at the same time help us be more productive.
In 2009, we went through an extensive evaluation of password protection solutions and settled on Thycotic’s on-premise Secret Server. One of their key advantages from a business perspective was allowing everyone to log in to the same single point of access for their passwords. With its introduction, the university is able to take our privileged account password management to the next level.
Migrating to the Cloud Step by Step
The solution on premise was easy to use with excellent support, and we implemented an additional instance at another data center for extra security and redundancy. But, we were also concerned about the possibility of a catastrophic event on campus affecting our IT network. So, we installed an instance in a virtual private cloud. When the company introduced this solution this year, it offered an option we immediately appreciated. Now that our passwords are vaulted and secured in it, we no longer need to manage or maintain multiple instances on premise.
While the University of San Diego follows a cloud-first strategy for its IT systems, we still vet our cloud providers extensively. We need to be sure that our student’s data is going to be safe in their cloud. The solution-provider proved to us without reservation that we could trust the safeguards they’ve put in place and that our passwords would always be available.
The free one-month trial gave us an easy way to test out the solution with our IT systems and with our developers. Both groups were comfortable with how the solution worked and there was no retraining necessary.
Putting privileged account password management in the cloud helps the university eliminate upfront capital costs while avoiding getting locked into any single solution. It reduces IT staff time devoted to software maintenance and ensures we always have the latest updates for our solution. In short, it simplifies our professional duties, and makes it easier to securely manage thousands of passwords.
Demonstrating Compliance and Satisfying Auditors
Demonstrating compliance with FERPA certification is a must for the university to protect student’s information and gain the trust of their parents. Like many universities, USD has internal as well as an external auditor. Every year our IT operations are subject to audits that make sure all our data and processes are secure. Once the auditors know that we’re using this as a password security solution, they demand less proof and detail in satisfying their audit requirements. That saves us considerable time and effort in meeting FERPA, HIPAA and other mandates.
Facilitating the education experience
At the University of San Diego, our IT team constantly reminds itself that we are not in the data center business; or even the IT business. We’re in the higher education experience business. And as far as our students, faculty, administrators or staff are concerned, IT should be invisible to the users it serves. IT should simply be always available and secure.
We’ve found something that delivers a single point of success for our passwords. Whether our servers are online, onsite, or not, we can always go to one website for the solution.
—
Mike Somerville is Manager of Systems Support and Chief Cloud Evangelist at the University of San Diego. Follow him on Twitter @Amazingmikes