How To Meet The Identity and Access Management Challenge In Education

By Andy King|6 June 2017

Schools, Colleges (FE) and Higher Education Institutions (HIEs) face unique identity and access management challenges that other sectors simply don’t encounter. Every year, hundreds or thousands of users (students) leave, and new ones join.

New students joining at the start of term, and ensuring IT services are ready is only one of the unique challenges the education sector encounters every year. The demands on IT in the sector are greater than ever before, and IAM is a key aspect of ensuring students and staff can access vital information.

IT provisions also have to facilitate guest access on a regular basis (substitute teachers, guest lecturers, events, conferences, etc.), and the identity management needs of outgoing and incoming teachers. From external providers to staff, the movement of people in this sector is more extensive than most, which presents serious identity (user) management and connectivity challenges for organisations.

Meeting these extensive demands is mission-critical. Schools, colleges and universities depend on IT services running at peak performance, which also means adapting to changing rules, such as the implementation of the General Data Protection Regulation (GDPR), which will come into effect on 25 May 2018. From May 2018 onwards, fines (up to €20 million, or 4% of annual worldwide turnover) will apply for any organisations that aren't careful with the consumer data they manage, which means education institutions will need to have identity management watertight and able to stand up to scrutiny.

For more on GDPR click here.

How to Manage Identities in Education

#1: Password Security and Access

Some of the most common challenges for those managing user identities is people forgetting passwords. It happens all the time.

While good password hygiene recommends that complex and unique passwords are used for each individual user account, is this really realistic in a school setting? Best IAM practice is to manage user access based on the information protected and access how robust the authentication process needs to be accordingly. Therefore for students logging into Google classrooms, where no sensitive information is stored, a more easily remembered and universal password might be appropriate. Whereas staff accessing student records will need more robust verification methods, with information security officers must proactively managing privileged access accounts.

This is an area of a school’s IT function that can benefit from being outsourced to an IT service desk provider – freeing up internal teams to focus on other activities.

#2: Secure Guest Connectivity

Places of education are often host to a wide range of guests during and out of term time. Providing guests with Wi-Fi access is generally expected as a basic provision for anyone attending a conference, lecture or other events at a college or universities. Those who put on events and conferences aren't always staff either, which means they may need access to the Internet, a laptop, or the audio-visual systems.

However, for security reasons, you may not want to give hundreds, probably thousands of people unfettered access to your internal networks. There is always the danger that someone has malicious intent, or is carrying a virus, which could cause a security breach.

Playing it safe, whilst also providing the basic services they expect, means you should maintain the guest Wi-Fi and Internet access as a separate system, closed off from the systems that students, teachers and other users can access.

#3: BYOD Security and Third-Party Services

IT decisions are no longer in the hands of the IT team. More than ever users - students, teachers, lecturers and professors, and other staff, are bringing their own devices to work and using third-party services for work. It is challenging to keep track who’s using a device on your network (that you are responsible for maintaining) and who is using their own device and systems.

There are several ways to manage and counteract the potential effect of the BYOD trend.

Security systems can monitor the number of devices accessing networks through Wi-Fi, which the majority of students and teachers will do when they are in the building or on campus. Once they access, you can send push notifications to suggest they download extra device security. Anyone who does is making your job easier since the extra security will reduce the risk of viruses harming the system from within.

Implementing mandatory IT policies, for anyone who uses their own device (including portable storage such as USB memory sticks) or transfers files from inside the secure network to the Internet (outside the network), would also reduce the risk of viruses and harmful agents attacking the system.

You can find out more about our public sector services and experience here.

With GDPR implementation fast approaching, it is more important than ever to ensure your security is up to scratch. For education institutions, this is always going to prove more of a challenge, especially with a high percentage of your users changing every year. You need to ensure your IT partner can support your strategic objectives and security needs.

If you would like to discuss any of the above in more detail with me or another member of the team, please get in touch. Call 0845 643 6060 or email

Further Information

Pushing the Start Button on Information Governance

Find the answers to your information Governance questions.


Subscribe to our blog notification service

and have our latest blogs emailed directly to you.
It's quick, easy and you can opt out at any time.


Our Partners

phone icon.png

Phone+44(0) 845 643 6060