Five Essential K12 Identity Management & Governance Best Practices

October 10, 2019

Having worked with school districts across the nation for over ten years, Enboard is no stranger to engineering identity governance strategies. When asked to weigh in on best practices for managing risk, enabling equitable access, and reducing dependency on manual processes, we distilled our industry experience into five central principles, listed below:

 

Proactive Risk Management
When it comes to K12 cybersecurity, preparing for the worst is your best defense. Nearly all breaches involve singular users’ IDs and passwords. The weaker a district’s identity & access management systems and practices, the more likely individuals are to fall victim to cybercriminals. Add cybersecurity exercises to your regularly scheduled natural disaster drills as a way to make sure your district is prepared for a cybersecurity emergency.

 

Identity Ecosystem Mapping 
Documenting how user identities interact with your district’s data systems, workflows, staff, and processes is critical to managing risk. In particular, legacy or proprietary data platforms—whether they’re financial, HR, student information systems, or other institutional management systems—need to be evaluated for their capabilities and potential security shortcomings so that appropriate risk mitigation measures can be taken.

 

Orphaned Account Handling 
There are two areas where orphaned accounts present issues most often; user role changes (e.g., promotions) and platform changes. For user role changes, automating processes and verifying those changes against defined policies are the most effective ways to eliminate overlooked accounts. For platform changes, understanding how accounts associated with a resource rather than a person (e.g., SQL service accounts) and managing access to those resources accordingly with operations logging reduces the risk in utilizing non-identity driven accounts.

 

Centralized Identity Management
In our modern IT-enabled world, the notion of a centralized approach to lifecycle management, access, and support of identities might seem counter-intuitive. But when we consider the source of accountability, particularly for public institutions, that responsibility always rests with the organization itself, and therefore centralized management of identities and access to resources must be considered. Regulatory and legal obligations put the school districts in a unique position where they must continually evaluate the compliance of their policies, practices, and systems.

 

Zero-Trust Architecture for Identities
Stated simply, zero-trust is the concept that users should have access to only the resources they need—nothing more. Most organizations, however, in an effort to enable users to access resources, will grant access privileges without considering the resulting implications. The most significant advantage of zero-trust identity management is knowing exactly what tools users have access to at any given time and being able to document divergence from policy to support individual scenarios without compromising your district’s security.

 

K12 identity management is only getting more complex. Fortunately, we’re here to help with advice and actionable solutions. We’ll be unpacking K12 multi-factor authentication (MFA), identity and access management (IAM), identity governance (IG), and single sign-on (SSO) best practices in our upcoming webinar on October 17th, 2019 at 1 PM EST. Join us if you’re interested in learning how to reduce identity-related risks to your district.