The University of the Sunshine Coast (USC),serving over 70,000 active users across six campuses in Queensland and one in South Australia, engaged Identifly to conduct an independent assessment of their Transforming Identity and Access Management (IAM) capabilities. The objective was to define a clear identity roadmap to support the University’s efforts in maturing their identity ecosystem, strengthening security posture, and improving operational efficiency - all while enhancing the user experience for staff, students, and other stakeholders.

‍

The Challenge

The University of the Sunshine Coast (USC) recognised the need to enhance its identity governance capabilities, particularly around role-based access controls, to ensure users consistently had the right level of access at the right time.

As staff and student roles evolved, unchecked privilege creep became a growing concern, creating potential security risks across the institution. In response, USC set a strategic direction to adopt a Zero Trust architecture - a modern security model that requires robust Identity and Access Management (IAM) as a core pillar.

‍

Our Approach

Identifly took a unique approach to developing the IAM roadmap & strategy, undertaking:‍‍

‍Current State Assessment:

Workshops were held with a diverse group of University stakeholders to assess USC’s current IAM capabilities and challenges. These sessions involved a detailed analysis of existing services, platforms, and the broader application landscape, leading to a summary of key pain points and potential risk scenarios.
‍

Target State Definition:

Identifly worked with key stakeholders to develop the IAM vision and core objectives for the IAM program. The target state was designed using USC’s IAM objectives and pain points. The target state definition was aligned with the IAM controls in the NIST CyberSecurity Framework and facilitated the adoption of NIST Zero Trust Architecture(ZTA).
‍

‍Roadmap &Strategy:

‍The identified gaps were used to define a roadmap for transitioning to the recommended future state, with a focus on achieving objectives, addressing business pain points and operational issues, and delivering tangible benefits to users. This specifically included the adoption of role-based access controls, rationalisation of privileges and implementation of ZTA.

‍‍

‍Solutions & Key Activities

The roadmap was augmented by a detailed program of work which included discrete work packages and projects to be delivered over a 2-year period to provide continuous iterations adding value, de-risking deployments and realising benefits rapidly.

This enabled USC to quickly commence business case development and program delivery of initiatives to address identified risks and gaps, including engagement with University stakeholders and increased support for identity related projects.

‍

‍“Identifly provided invaluable expertise in developing our Identity & Access Management Program, engaging stakeholders across technical, research, administrative, and executive levels to ensure alignment with our cybersecurity and digital transformation goals.

Identifly’s knowledge of the higher education sector and appreciation for the unique challenges of institutions guaranteed a comprehensive assessment of our capabilities and gave us a clear program of work for strengthening our identity security.”

‍

– Niranjan Prabhu, Chief Information Officer, University of the Sunshine Coast

‍

If your organisation is seeking to enhance security, streamline operations, and elevate user experience through a strategic IAM transformation, reach out to us to explore how we can support your journey.