Versions Compared

Old Version 58

changes.mady.by.user Valerie Vogel

Saved on

compared with

New Version 59

changes.mady.by.user Valerie Vogel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See CommIT: Simplifying Admissions Identity Management for Georgetown University's way to leverage federated single sign-on to match electronic records for college applicants and institutions using a single set of user credentials that can be used across various services.

...

2d. Cloud Computing and Software as a Service (SaaS)

Definition: Cloud [computing] describes Cloud Computing is the use of a collection of distributed services, applications, information and infrastructure comprised of pools of compute, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned using an on-demand utility-like model of allocation and consumption.

(Cloud Security Alliance, "Security Guidelines for Critical Areas of Focus in Cloud Computing", April 2009)

network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or local computer.

Definition: Software as a Service (SaaS) is the capability provided to the consumer a user by a third party, to use a provider's applications running on a cloud infrastructure and , which is accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email).

(Cloud Security Alliance, "Security Guidelines for Critical Areas of Focus in Cloud Computing", April 2009)

For a comprehensive discussion of major identity and access management functions that are essential for successful and effective management of identities in the Cloud, see:

...

web browser or other means of remote connection such as a thin client.

For a comprehensive discussion of major identity and access management functions in the cloud, see:Identity and the Cloud - Preparing Your Campus.

Managing security and privacy is an ongoing challenge, compounded by the expanding interest in software as a service (SaaS) and cloud computing

...

. Specifically, the concept and benefits of participating in InCommon, campus policy requirements, preparing institution identity management infrastructure, choosing and installing the appropriate standards-based software, and collaborating with other institutions of higher education and with resource providers.

Challenges:

  • The decision to procure cloud computing services or SaaS may be driven mostly by individual departments instead of institutional IT strategy.
  • Integrating separately developed applications into an integrated approach.
    • How to manage access?
    • How to manage provisioning?
    • How to integrate these applications into institutional web services?
  • How to reduce the number of credentials

An Alternative Solution

...

  • Focus on four activities:
    • Develop an institutional Identity Management System
    • Create a standard set of attributes for each person (eduPerson)
    • Use a federation to enable external access
    • Require institutional developers and in RFPs that service providers support SAML and InCommon
  • InCommon provides an easy to use framework for customers and service providers that will work across higher education.

...

See Supporting High-Value, High-Risk Cloud Services with Federated Identity Management to see how campuses are using federated identity management to meet the security standards needed to provide access to services containing sensitive data and what are the security and policy considerations involved in extending federated identity management for use in higher-valued cloud servicesin the cloud.

The EDUCAUSE Cloud Computing Security page contains security, privacy, identity, and other compliance implications of moving data into the cloud as well numerous higher education and industry resources on the topic.

...

2e. Mobile Computing and Teleworking

Teleworking (i.e., telecommuting), e-commerce, use of intranets, online education, and the increase increased use of portable computing devices (e.g., such as laptops, tablets, and smartphones ) are driving the need for access to information resources from any place at any time.

Today's mobile work force or and mobile users are no longer just staff, faculty, and students trying to check e-mail from home but part and full-time , they are telecommuters, business partners, full-time students. and patients who rely on access to institutional networks to accomplish day-to-day business functions, attend classes, and follow-up on medical treatments. Information security controls specifically targeting mobile computing and remote access to information resources are becoming an increasingly critical component of any institution information security program ensuring the protection of the integrity of the institutional networks while allowing remote access to it.

Challenges of Mobile Computing:

  • User Authentication
  • Protection of Transmitted Data
  • Protection of the Institutional Network

The To enable remote access to institutional information resources, institutions of higher education are implementing Virtual Private Networks (VPN) technology to provide a secure connection to the institutional network from remote locations such hotels and airports. VPNs send data securely through a shared network. VPNs can be established between remote users and a network or between two or more networks thus using the Internet as the medium for transmitting information securely over and between networks via a process called tunneling.

The EDUCAUSE Mobile Internet Device Security Guidelines page contains helpful advice to develop mobile Internet device security policy, standards, guidelines and procedures. It is organized into easy to follow steps to define objectives,develop a plan, and answer some of the questions being asked by users and security professionals alike.

Top of page

Anchor
Resources
Resources

...