The University of Stellenbosch is one of the oldest tertiary education institutions in South Africa, boasting a total of 10 faculties spread over five campuses. By the beginning of 2013, the university had a student population of 28 000, including more than 3 000 foreign learners, a lecturing staff complement of nearly 1 000 and 50 research and service divisions.
Controlling the identity management aspects of such a large body of people is obviously not easy, particularly when one takes into account the many and varied non-affiliated people who may be on campus at any one time. Such individuals include part-time students, visiting professors, guest lecturers and any number of civil, building and IT contractors who may have been commissioned to do a specific job on campus.
Although the university utilises a student management system for controlling learners, as well as an HR system for managing its paid employees, these are legacy systems that have been in use for many years. Furthermore, says Reghardt van der Rijst, Ubusha Senior Consultant, these systems are entirely internally-focused - the university has no way of managing the engagements of visitors, ie, visiting lecturers/students and moderators, in any way.
"Stellenbosch turned to Ubusha to assist it in solving the challenge of how to effectively identify, manage and control the engagement process for all guests, and therefore are not managed by the existing systems. We understand the importance of ensuring that external parties have their identities managed in a manner that is commensurate with the levels of access and privilege they receive, which is why we recommended our unique x-Registration System (xRS)," he says.
"Employing xRS provides the university with a registration solution that serves as the single source of truth for all visitor engagements. In other words, any visitor who requires access to the premises and internal systems can be registered using this solution, without having to go through an arduous human resources process."
The xRS solution, he adds, spoke specifically to the Stellenbosch University's audit requirements for all visitors. Following its implementation, the xRS solution was able to enable the simple, easy and secure management of the complete engagement process for all visitors.
"xRS is now the authoritative source for all visitors. What makes it so successful is that it is designed to integrate with identity and access governance solutions that will ensure that access is granted to the right people at the right time, and that such access is also taken away when a contract has expired or been terminated. The system is also ideal for verifying whether specific guests - be they contractors working on a building or visiting professors - are actually still 'active'."
According to Julian Robertson, IT Systems Architect at Stellenbosch University, access for non-payrolled individuals had always been done on an ad hoc basis.
"Obviously, we faced a challenge in educating the application owners to follow the new xRS processes. This challenge notwithstanding, the new solution has offered us a cost-effective mechanism for creating and managing engagements for non-university affiliated people," says Robertson.
"Furthermore, it has provided us with a better profile of all identities, with regard to the use of services, while revocation of access is now based on the engagement period registered on our system, and not, as in the past, on an annual basis during March. This clearly reduces our security risks and makes the university more compliant to auditors' findings."
Van der Rijst points out that the initial scope of the project for which Ubusha was commissioned was actually quite different. However, once the university witnessed the value the xRS solution offers, it actually altered the project scope.
"What makes xRS so useful is that one can not only register an identity, one can also provide a key for this identity. Then, one is able to specify an engagement which links this identity to a particular role in a particular area of the institution. This, in turn, is then linked to a sponsor, who approves the start and end dates of the specified role.
"This is particularly important in relation to new legislation such as the Protection of Personal Information (POPI) Act, since organisations are only meant to gather a certain amount of information about what the person is doing at the institution. Furthermore, they are only allowed to keep such information while it remains relevant."
Since xRS can manage both the gathering and the destruction of such information, suggests Van der Rijst, it is ideal for complying with the new legislation.
"Stellenbosch University is a very mature entity in an IT context, and the adoption of xRS continues this trend, as it means they are now not only able to effectively manage the students and employees that make up around 60% of the people on campus, but also the other 40% that traditionally fall outside of this ambit," he concludes.
xRS solution
Ubusha has designed the xRS solution to enable the simple, easy and secure registration of non-staff access to premises, systems and other security-sensitive areas of the business.
When needing to register and manage supply chain identities, xRS is the only tool available to do so successfully and in a compliant manner. Such management incorporates all aspects of a contract, including start and end dates of agreements.
In addition, xRS is designed to ensure access is granted to the right people at the right time, and that such access is also take away when a contract has expired or been terminated. This system is ideal for also verifying whether specific contractors are actually still 'active'.
Share