This post is the sixth in a series of ten posts that have been created to identify the best practice found in FE colleges by the Jisc infrastructure review service. An introduction to the infrastructure review synthesis project is provided in the first post in the series.
Core enterprise services
Almost all colleges use Microsoft Active Directory as their sole directory service. Most legacy Novell directory services and other directories such as Open Directory have either been deprecated or eliminated.
Most colleges that use Office 365 undertake local directory to cloud sync to Office 365 using the AD Azure Sync tool In the most advanced IT organisations single sign on has been optimised to ensure that Active Directory is the main source of identity, meaning that users do not have to manage multiple credentials.
In order to improve security, colleges are rolling out 2FA (two-factor authentication) systems, these systems can prevent unauthorised account access even when an attacker has access to a user’s password.
The most advanced IT organisations have clear processes in place for account creation, suspension, archiving and removal, usually these processes are linked to MIS and HR systems. These processes can be automated to improve security and avoid valuable staff time being taken up by administrative tasks.
The most mature organisations make use of the UK access management federation to enable access to high quality resources.
The most secure organisations use additional DNS security measures such as DNS filtering, which provides useful protection against domains that host malware payloads or other problematic content.
College web sites are generally externally hosted by a web design company or web host and tend to be managed by the marketing team and not the IT team. This means that security, maintenance, update management and data backup etc. is not routinely done by the IT teams in colleges. In order to be as secure as possible the content management systems (CMS) being used to provide college websites, must be kept fully up to date alongside the web software stack to prevent cyber-security concerns.
How Jisc can help:
- Jisc provides a range of trust and identity services such as:
- A certificate service for SSL and email certificates enabling Jisc members to secure web services
- A domain registry service for .ac.uk domains
- The UK access management federation
- The Janet network resolver service is a useful solution to DNS filtering as it is a fully managed service that is inclusive to Jisc membership.
- Active Directory planning, inclusive of nested security group or organisational unit design and other allied work can be addressed via the infrastructure review service.