Universities Rethink Identity Governance Amid Digital Transformation

Australian universities are digitising and moving ever more data to the cloud, but this comes with vulnerabilities. Given the inherent sensitivity of much of that data, there’s also increasing regulatory scrutiny on them.

It also doesn’t help that a university is a particularly challenging environment to manage from a security perspective. On any given day, campuses are going to have tens of thousands of people connecting to and using the network and cloud services. Monitoring and protecting something of that scope is a substantial project.

To address this challenge, managing who has access to what systems – identity governance – is becoming a linchpin of cybersecurity and user experience.

The New Cybersecurity Landscape in Higher Education

Because it is understood that it is challenging to monitor, manage and protect a campus with tens of thousands of connections, threat actors are increasingly targeting the education sector, which caused Moody’s to rate the sectors as a “high” cyber risk.

At the same time, compliance demands are rising – from stricter privacy laws to government mandates – pressuring them to strengthen access controls and compliance. Australian universities have responded by working together through bodies like CAUDIT, yielding marked improvements in cyber readiness across the sector.

However, the challenge of balancing security with usability remains. Secure access has become a top concern for CIOs, underscoring the difficulty of keeping campus systems both secure and user-friendly​. Leading universities are adopting zero-trust security models and identity and access management solutions to meet these challenges​.

Case Study: UWA’s Digital Identity Overhaul

One institution taking a proactive stance is The University of Western Australia (UWA). UWA – a member of Australia’s Group of Eight and CAUDIT – recently overhauled its identity governance framework as part of a broader digital transformation​ in collaboration with Saviynt.

CISO Lee Patterson, who leads an ambitious security team, has made identity security a focal point of UWA’s strategy: “Identity governance is critical to UWA’s strategic objective of improving the student experience,” he said. “By standardising, simplifying, and centrally managing user identities, we are making it frictionless for our students to access applications and systems.

“Even more importantly, Saviynt’s solution will significantly enhance our security, as we will know who has access to data and whether or not that access is appropriate.”

The university was managing 40,000 identities across disparate faculty and research systems, spanning multiple directories and business applications. This siloed approach meant manual processes, inconsistent access controls, and difficulty enforcing access policies. To address these issues, UWA implemented a cloud-based identity platform (Saviynt’s Identity Cloud) to centralise and automate identity lifecycle management across campus users​.

The new system integrates previously siloed directories and uses intelligent automation to provision and de-provision accounts. This has yielded immediate benefits. The university eliminated redundant accounts and licenses, cutting licensing costs and administrative overhead.

Users also enjoy faster onboarding and fewer IT support calls for issues like password resets, improving user experience​. Critical security and compliance metrics will improve as well – with automated enforcement of role-based access rules and better visibility into who has access to which resources​.

Future-Ready: Identity as an Enabler of Innovation

UWA’s identity initiative demonstrates how universities and other educational institutions can effectively lay the groundwork for security while addressing their compliance requirements. With a modern identity governance platform in place, the university is now pursuing advanced capabilities like role-based access control (RBAC) and privileged access management (PAM) to further fortify its environment.

These steps will ensure that as UWA’s digital ecosystem grows, high-risk permissions are tightly controlled and aligned with users’ roles.

More broadly, identity governance is enabling innovation in how Australian universities deliver services. When students can seamlessly and securely access online learning tools, libraries, and labs from anywhere, universities can better advance student-centric initiatives by fully unlocking their ability to work security from anywhere, and have that secure connection “follow them” across the campus.

Resilience is another benefit. With centralised control over access, universities can respond faster to incidents or changes – for example, instantly revoking a compromised or departed user’s credentials to limit damage – a crucial capability for cyber resilience.

As Australian higher education goes digital, identity governance is evolving from a back-office IT concern to a strategic pillar. By rethinking identity management now, universities like UWA are not only bolstering security and compliance – they are unlocking student-focused and resilient digital campuses​.