Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multifactor Authentication

Published byLynette McCormick Modified over 7 years ago

Similar presentations

Presentation on theme: "Multifactor Authentication"— Presentation transcript:

1 Multifactor Authentication
Report From the Field

2 Why Multifactor? Passwords are not enough
User education about phishing and other social engineering attacks - not completely effective Consequences of breaches becoming more severe (fines, ID protection costs, reputation damage, legal and forensic costs) Multifactor is currently the most effective defense against compromised accounts

3 Multifactor Requirements
Secure Easy to use Platform agnostic Flexibility regarding second factor (not everyone has a smart phone) Administrative and support overhead can be managed with current staff

4 The Real Challenge How to sell multifactor to your institution…
Get buy-in from the top Know your selected product inside and out Have a communications plan and create opportunities to give presentations in front of as many campus groups as possible Be prepared with easy to use self-service documentation as well as knowledgeable phone support backup

5 Field Report: Medical University of South Carolina
Academic medical center 2,500 students and 10,000 faculty and staff Relentless phishing attacks were resulting in compromised accounts ( and VPN) Initial focus on increasing user awareness, and on early detection and containment Spring 2012: two-factor evaluation and feasibility testing

6 Strategy and Policy Summer 2012: Proposed new policies
Two-factor authentication required for remote access to sensitive systems Mobile device management Including BYOD devices if used to access institutional systems (including via ActiveSync) Policy vetting: Presidents Council, Deans, Faculty Senate, Medical Center leadership…

7 Oct 2012: SC Department of Revenue Breach

8 Leadership: Make It Happen
Draft policies and standards approved Vendor selection consummated Two-factor: PhoneFactor MDM: Zenprise Project teams organized Joint project communications

9 MUSC: 2 Factor Rollout Plan
April 2013: 250-person Pilot for IT Staff What we learned: more communications! August: Hire 5 interns/temp personnel Support/Enrollment Tables August-­‐October: Massive Communications Push October 1: “Cut-­‐off” date Post Go‐Live: Support Minimal

10 Communications 1000 Signs across campus Focus Groups Catalyst Article
Facebook Page MUSC Website Page Tech Fairs/ Student Fairs MDM/2FA Websites All Staff s Over 100 presentations to different on‐campus groups iPad Mini Giveaway

11 Posters & Banners

12 Help Tables

13 Newspaper Articles

14 Surveys & Focus Groups Surveys Focus Groups
Random survey to 10 students on campus: Do you know what Mobile Device Management is? 0 out of 10 knew what it was. Do you know what 2 Factor Authentication is? 1 our of 10 knew what it was. Focus Groups Non-­‐Technical Users Started with 35 Page Instructions Ended with 1 Page Front and Back After Focus Groups

15 Email Campaign All-Staff Email Targeted Emails
From President of MUSC All-Staff s every week for 4 weeks Targeted s To Non-­‐compliant users 5 per week for 4 weeks All Staff for Final Days Non‐compliance s: Auto-­‐Generated

16 Presentations Over 100 Presentations Lots of push back at first
Individual Administrators Department Heads All-Staff Meetings Town Hall Meetings “VIP” One-­‐on-­‐one Sessions Lots of push back at first “This isn’t going to happen” “No way I’m doing this” “Why do we have to do this?” Use Compliance in these cases

17 Lessons Learned KNOW the products. Inside and Out
Have Focus Groups Before You Start Have examples Ready 2 Factor Demo Make sure they know, they can’t get out of this Train your Support Staff

18 Lessons Learned: Continued
Make sure you get approval at the top first. Plan on backlash. Prep Legal and Compliance and give them form s for responses. Be readily accessible through dedicated address, phone, etc. Get it done. Don’t put off deadline. Users will sign up if they have to.

19 Field Report: Northern Arizona University
26,000 students, 3,500 faculty and staff Previous two-factor limited to small number of sys admins and developers (using RSA fobs or software tokens) Direct Deposit attack fall of 2013 led to approval for broader multi-factor use Review of available products led to selection of DUO as multifactor solution

20 Progress Test instance of DUO up and running
VPN replacement project launched (switching from MS PPTP to Cisco AnyConnect) Project buy-in from President and Cabinet Information Security Committee selected as Stakeholder group representing all areas, students, faculty, and staff Currently defining levels of assurance (including vetting strategies for each level) and identifying which resources will be protected

21 Poster Child for Project Management
Push to establish a PMO within ITS – currently have two staff members Multifactor project one of our first projects to take advantage of the new PM structure Hoping to avoid mistakes of the past including communication problems and neglecting to get input from campus stakeholders

22 Hoped-for End Result

23 Let’s Hear from You Anyone Have Words of Wisdom from a Multifactor implementation to share? Questions/Comments?

Download ppt "Multifactor Authentication"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.
INDIVIDUAL ACHIEVEMENT. EDUCATIONAL EXCELLENCE. ADMINISTRATIVE INNOVATION. INSTITUTIONAL PERFORMANCE. Banner Training and Help Desk Post Go-Live Becky.

INDIVIDUAL ACHIEVEMENT. EDUCATIONAL EXCELLENCE. ADMINISTRATIVE INNOVATION. INSTITUTIONAL PERFORMANCE. Banner Training and Help Desk Post Go-Live Becky.
Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting April 10, 2015 Information Security

Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting April 10, 2015 Information Security
Network security policy: best practices

Network security policy: best practices
SIS MODERNIZATION PROJECT INSTITUTIONAL EFFECTIVENESS & STUDENT SUCCESS NOVEMBER 20, 2013.

SIS MODERNIZATION PROJECT INSTITUTIONAL EFFECTIVENESS & STUDENT SUCCESS NOVEMBER 20, 2013.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Middle States Accreditation – update at Town Hall, 2/19/2014 Middle States Accreditation: Update at Town Hall Meeting February 19, 2014.

Middle States Accreditation – update at Town Hall, 2/19/2014 Middle States Accreditation: Update at Town Hall Meeting February 19, 2014.
After Action Review and Recommendations. Feedback Issues & Recommendations –Communication and Training –Content and Navigation –508 Compatibility –eAuthentication.

After Action Review and Recommendations. Feedback Issues & Recommendations –Communication and Training –Content and Navigation –508 Compatibility –eAuthentication.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Information Security in Laurier Grant Li Wilfrid Laurier University.

Information Security in Laurier Grant Li Wilfrid Laurier University.
BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.

BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.
Campus wide Ticketing Tool for UC Berkeley

Campus wide Ticketing Tool for UC Berkeley
ArchPass Duo Presentation

ArchPass Duo Presentation
NGSS Town Hall Meeting April 27, :00 p.m. – 4:00 p.m.

NGSS Town Hall Meeting April 27, :00 p.m. – 4:00 p.m.
Joint CIO Council and HR Deans & Directors Meeting

Joint CIO Council and HR Deans & Directors Meeting
Annual Title I Parent Orientation Meeting

Annual Title I Parent Orientation Meeting
Washington University School of Medicine

Washington University School of Medicine
Children Services Committee Project 4 Update

Children Services Committee Project 4 Update
Sean Moriarty, Oswego State CTS 2016 Cyber Security Update

Sean Moriarty, Oswego State CTS 2016 Cyber Security Update

Similar presentations

Ads by Google