FW: MFA and SIS

[Brian Kelly <bkelly () EDUCAUSE EDU>]

Cross posting from the CIO list.
Great data from CDS provided by Leah.
Further down you’ll find Bret’s initial ask, please feel free to reply to Bret if applicable.

Brian
Brian Kelly, CISSP, CISM, CEH
Director, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
Follow HEISC on 
LinkedIn<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C7197d41189e4414981ae08d69dc9670a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636869885680898966&sdata=%2FYvU%2BLTYHbPmcyL1AoksiKTSdMeFQ93qASFmTp8Emmo%3D&reserved=0>
 | Twitter: @HEISCouncil | bkelly () educause edu<mailto:bkelly () educause edu>

direct: 720.406.6757 | mobile 475.449.6440 | educause.edu<http://www.educause.edu/>
1150 18th Street, NW, Suite 900 Washington, DC 20036

From: Leah Lang <llang () EDUCAUSE EDU>
Date: Thursday, September 12, 2019 at 3:14 PM
Subject: Re: MFA and SIS

Hello!

According to the 2018 EDUCAUSE Core Data Service (CDS), multifactor authentication was most commonly used for 
business-critical systems, followed by administrative access, followed by remote access to IT services.  For all US 
institutions with a specified Carnegie Classification, use of MFA for student systems was in place at fewer than 10% of 
institutions.

CDS 2018 and new CDS 2019 participating institutions have access to this information and more through the CDS Portal.  
Complete the CDS 2019 survey by November 1 to ensure your access to our rich source of higher education IT data.  Visit 
www.educause.edu/coredata<http://www.educause.edu/coredata> to get started!

[A screenshot of a cell phone  Description automatically generated]


Leah Lang
Director of Analytics Services

EDUCAUSE<http://www.educause.edu/>
Uncommon Thinking for the Common Good
direct: 303.939.0339 | main: 202.872.4200 | fax: 202.872.4318 | educause.edu<http://www.educause.edu/>
Twitter: meahlarie

Enhance decision making with the EDUCAUSE Core Data Service (CDS)<http://www.educause.edu/coredata> and EDUCAUSE 
Technology Research in the Academic Community (ETRAC)<http://www.educause.edu/etrac> - benchmarking data to inform IT 
planning.

Become an EDUCAUSE Ambassador
Program Details<https://www.educause.edu/about/discover-membership/educause-ambassador-program> – Connect colleagues 
with resources


From: EDUCAUSE Listserv <CIO () LISTSERV EDUCAUSE EDU> on behalf of Brian Lesser <blesser () RYERSON CA>
Reply-To: EDUCAUSE Listserv <CIO () LISTSERV EDUCAUSE EDU>
Date: Monday, September 9, 2019 at 11:58 AM
To: EDUCAUSE Listserv <CIO () LISTSERV EDUCAUSE EDU>
Subject: Re: [CIO] MFA and SIS

1. Do you require MFA for access to your HR/Finance systems for employees and, if yes, does that include work-study?
Yes, including all student employees.
2. Do you currently have any systems where you require MFA for students and, if yes, which ones?
Yes, all online systems require MFA from all students with registrations after Aug 1 this year. Includes Library 
portal, LMS, Gmail/GSuite etc.
3. Do you have plans to have your students use MFA and, if yes, for which systems and on what timeline?
All new students as of August 1, 2019 have to use MFA. In a few years all students will have to use it. This is for all 
online systems provided by central IT.

Yours truly,
Brian

On Mon, Sep 9, 2019 at 11:26 AM Bret Ingerman <INGERMAB () tcc fl edu<mailto:INGERMAB () tcc fl edu>> wrote:
Colleagues:

A few years ago we started to require MFA for access to our Workday HR and Finance system using Microsoft’s MFA in 
Azure. This was to help increase our protection of employee payroll from phishing attempts.

Now that we are on the cusp of putting students into Workday as a part of Workday Student, we are in a quandary about 
what to do about MFA. Should we require MFA for all students to gain access to Workday, or just find a way to have 
student employees (including work-study) still use MFA while exempting the rest of the students?

So I wanted to ask you:

1. Do you require MFA for access to your HR/Finance systems for employees and, if yes, does that include work-study?
2. Do you currently have any systems where you require MFA for students and, if yes, which ones?
3. Do you have plans to have your students use MFA and, if yes, for which systems and on what timeline?

  —Bret


Bret Ingerman
Vice President for Information Technology
Tallahassee Community College

ingermab () tcc fl edu<mailto:ingermab () tcc fl edu>
(850) 201-6082

444 Appleyard Drive
Tallahassee, FL, 32304-2895







***Due to Florida's very broad public records law, most written communications to or from Tallahassee Community College 
employees regarding College business are public records, available to the public and media upon request. Therefore, 
this email communication and your response may be subject to public disclosure.***

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


--
___________________________________________
Brian Lesser
Chief Information Officer
Ryerson University
350 Victoria St.
Toronto, Ontario, Canada
M5B 2K3
Phone: (416) 979-5000 ext. 556835
Office: LIB-B-99

Learn about cybersecurity at Ryerson: 
https://ryerson.ca/cybersecurity<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fryerson.ca%2Fcybersecurity&data=02%7C01%7C%7Ce081bdd198cf4f3a083908d7353e8049%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637036414875493354&sdata=coW28vXVmXUgxLFhoa3uQxIDEiSmqGLL2F9mrrKexok%3D&reserved=0>

Toronto is in the 'Dish With One Spoon Territory’.  The Dish With One Spoon is a treaty between the Anishinaabe, 
Mississaugas and Haudenosaunee that bound them to share the territory and protect the land. Subsequent Indigenous 
Nations and peoples, Europeans and all newcomers have been invited into this treaty in the spirit of peace, friendship 
and respect.

http://www.ryerson.ca/aec/<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ryerson.ca%2Faec%2F&data=02%7C01%7C%7Ce081bdd198cf4f3a083908d7353e8049%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C637036414875493354&sdata=wF%2FqxsZRC8pztL5OJ3PCdJKyyUyU4Sih4ojaadZBczw%3D&reserved=0>

Notice of Confidentiality: This e-mail message including any attachments is intended for the use of the addressee and 
may contain privileged, confidential or personal information.  If you are not the intended recipient, please be advised 
that you are strictly prohibited from using, disclosing, distributing or reproducing this email or the information 
contained within.  If you have received this email in error, please notify the sender immediately by return e-mail and 
destroy the original message and any copies.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community