University of San Diego Picks Cloud-First SecurityBy Samuel Greengard
Managing user accounts and credentials is a difficult task for any organization. For a major university—where students, staff and faculty come and go on a regular basis—it can be a daunting challenge.
One school taking aim at the challenge is the University of San Diego (USD), a Roman Catholic institution focused on the liberal arts and professional education. With more than 8,500 students and 833 faculty members using a variety of IT systems, the need to maintain visibility and control over user privileges is paramount.
In the past, "The IT services organization had individual and ad hoc efforts in place to secure passwords—typically with individual desktop solutions," says Christopher Wessells, USD's vice provost and CIO. While all of this was done with genuinely good intentions, he notes, it often resulted in complex and cumbersome processes for the IT organization. In addition, some passwords were stored in people's heads, rather than in a single secure location.
The bottom line? A heavier IT workload, along with greater security risks. In fact, "When consultants or technology vendors stepped onto the campus, there was no efficient way for the IT systems team to control access, and then modify or end access after the consulting engagement ended," Wessells explains.
To deal with this problem, the university began searching for an improved security framework. After reviewing various approaches and vendors, it turned to a Thycotic Secret Server as an on-premise solution for managing privileged account passwords.
Finding a Reliable Cloud Security Solution
In November 2016, the school adopted a cloud-first initiative aimed at continuous improvement. The Thycotic privileged account management (PAM) framework is supported by Microsoft Azure. Wessells describes the approach as "a world-class cloud option in terms of performance, security and reliability."
The system has addressed efficiency and risk issues, according to Wessells. He adds that more than 1,000 "secrets" are stored in the PAM cloud solution.
"We are using it as a trusted place for privileged account credentials," Wessells reports. "We also store SSH keys, all encryption keys to enterprise databases, USD credit card credentials and more." He says that in addition to the practical benefits, including a positive net impact on staff time and costs, he and the IT team have greater "peace of mind that our most important systems and data are more secure."
The University of San Diego now has plans to expand the use of the PAM system. For one thing, it plans to connect Active Directory to Azure, and it also is looking to use the PAM framework for a variety of other functions and tasks. "For example, we will offer it as a place for the CFO and controller to store any credentials for institutional investment accounts, bank account credentials and passwords for bond sales firms," Wessells notes.
He says that the framework has completely won over skeptics, including those who had reservations about the use of the cloud for storing and managing sensitive data.
"We now have a system that is highly secure," Wessells reports. "It offers higher reliability and availability than what most universities can provide in campus data centers."