The Koak Tech

Effective Lifecycle Management: The Stages of Keeping Data Safer

 

Automated role-based access control may be particularly helpful for schools with a small IT staff that find it challenging to provide access manually.

If IT staff members know that a user has a certain attribute, such as a job change from assistant principal to principal, they can bake in automation to give access to a specific bundle of permissions. That could save a lot of time, and IT doesn’t have to worry about it on a daily basis. That’s the advantage of having a well-oiled user lifecycle management process.

However, school technology teams should pay attention to which additional applications employees will use in a new position, as well as any they’ll no longer need.

Often, users are given more rights as they move up the chain, but it’s sometimes necessary to remove access too. People should have access only to what they need to do their job and nothing more.

REVIEW: Okta grants access to necessary apps for authorized users anywhere.

How Does User Lifecycle Management Affect Cybersecurity?

If a bad actor tries to exploit system weaknesses, such as a lack of multifactor authentication, then an active account for a user who’s no longer working at the school could provide a point of entry.

Employee departures can pose a similar risk. For example, when someone gives two weeks’ notice, a school official can designate that in the system, initiating a chain of actions that includes disabling the employee’s account on a certain date.

IT can use that as a trigger to kick off that automation. Whatever identity system they are using to manage access will disable every access capability the person has. It may also send an email to the respective parties that says “This has been done” or “Here’s a look at people who have been terminated,” and authorized parties can verify if the information is correct.

DIVE DEEPER: How to offboard K–12 IT staff members.

Well-defined, swift user lifecycle management practices are critical if an employee decides to leave suddenly or is let go without much warning — and isn’t happy about it.

There have been cases where people were fired and their companies didn’t immediately terminate their access, allowing these employees to go back into their accounts when they got home to grab or remove data.

They might then place unauthorized data on the internet or jump on the school’s messaging tool to bad-mouth people. IT needs to make sure the process is set so that after an employee’s last day working with the school, he or she can no longer access school accounts.

Generally, K–12 schools can benefit from thoroughly examining the steps in their user lifecycle management process to determine where problems may exist — such as a specific team not being told when a staff member exits — and then adjusting the plan as needed.

The biggest gap when it comes to identity management is communication. That’s why tabletop exercises are very important. They allow IT staff members to go through a test run on a process, from start to finish, to make sure it works. If it doesn’t, they should refine it and test it again.