April 24, 2018

Second Phase: Identity & Access Management

  • Challenge: Ensuring university computer systems, and the information they contain, are secure
  • Solution: Managing access to data and leveraging better cloud security and storage

Enterprise Transformation is WPI’s multi-year and multi-department transition to better processes, systems, and structures in areas that will affect almost every person on campus. The changes will bring improvements that will be easily seen and used—easier access and management of eProjects and other student information, improved financial management and human resources information, and universal standards. A web presence for Enterprise Transformation offers additional information and updates about the project.

A significant part of Enterprise Transformation addresses underlying issues that won’t be as visible to users, but will impact everything they do. Increased security around data, identity, and access will dovetail with improved data quality measures to strengthen WPI’s secure systems, allow relevant access when needed, and provide a central hub for data.

Enterprise Transformation will strengthen WPI’s security and will take into consideration who needs access, why they need it, and grant access when it’s appropriate. With a global increase in hacker activity, educating users and securing WPI’s assets is crucial.

But more security shouldn’t mean that employees are going to have to navigate a maze to get where they need to be in WPI’s systems. “The goal of our Identity & Access Management initiative is to streamline the way faculty, staff, and students access systems, and to ensure that access is secure, “ says Patty Patria, CIO and vice president for Information Technology.

At universities like WPI, where cutting-edge research leads to breakthroughs in everything from medical devices to fire protection, one breach could lead to innovative lab research disappearing or a faculty member’s extensive notes being stolen. Hackers who gain access to WPI systems could capture private information. Even details about MQPs and IQPs could land in the wrong hands. Most people don’t think about that kind of damage when they log into their laptop at the local coffee shop, but that’s what can happen.

Diptam Chatterjee takes notes during training sessions for Enterprise Transformation.

With WPI faculty and students travelling all over the world, the potential for problems is great, says Tracy LaMantia, program manager, identity & access management for Information Technology. “We have to put protective layers around the university,” she says. “Someone can track you and capture your credentials and you won’t even know it. Once they have that, they can get into the systems, get access, and can authenticate as you.”

At other times, granting access is a complicated process. For instance, right now, a student loses all access to most of WPI’s online resources upon graduation. To gain any access back, the student must navigate several levels of approval. With the new processes, students will have access to more targeted information like the specific faculty and exact resources they need.

And outside organizations might find these new security measures answer pertinent questions. As grants are often based on the potential for transformative research, many granting institutions want to know how universities will protect the work before they funnel millions of dollars that way.

The access piece of Enterprise Transformation is based on two pillars: SSO (single sign-on) consolidation and identity governance. SSO consolidation is a different way of accessing certain applications and will be most obvious to employees during the secure login process. They may have additional layers of security clearance before they are able to use specific applications. Identity governance helps pare down who has access to specific information. On-boarding and off-boarding will be changed, so employees can gain entry to various other applications (like Workday, for instance) when they are hired and will lose it when they are no longer employed at WPI. “This is not a judgment call on people,” says LaMantia. “It’s to help you and to help us secure what needs to be secured.”

As with other areas of Enterprise Transformation, training opportunities will abound so people will understand how to protect their ideas while they continue to work from far-flung corners of the globe. “This,” says LaMantia, “is about protecting WPI’s assets.”

- By Julia Quinn-Szcesuil

What is Enterprise Transformation?

Editor's note: This is the second of a four-part series to help employees understand the four main projects associated with Enterprise Transformation, WPI’s organization-wide implementation of new computer systems. New installments will run on Tuesdays until May 8.