Educause Security Discussion mailing list archives
Re: Deploying MFA
From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Wed, 5 Jul 2017 12:45:29 +0000
Hi Jim, Feel free to also ask your question on the IDM list at: IDM () listserv educause edu<mailto:IDM () listserv educause edu> For those of you that are interested, the EDUCAUSE Core Data Service captured some data on IDM practices last year. You can find the full almanac (with lots of other data snippets) here: https://library.educause.edu/resources/2017/5/the-educause-information-security-almanac-2017 The IDM highlights are: 64% -- Institutions that require authentication for wired connections from public workstations 92% -- Institutions that require authentication for wireless access for institutional users 57% -- Institutions that require authentication for wireless access for guests 1% -- Institutions using biometric authentication for students, faculty, and staff 60% -- Institutions that are members of an authentication federation (e.g., InCommon) Top uses of multifactor authentication: • Business-critical applications (e.g., financial or HR systems) (32%) • E-mail (10%) • IT administrative access (8%) • Remote access (8%) Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Attend the EDUCAUSE Metrics Mania!<https://events.educause.edu/webinar/2017/metrics-mania-using-metrics-to-bolster-your-higher-education-information-security-program> online seminar, August 9, 2017. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Monek Sent: Monday, July 3, 2017 12:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Deploying MFA We are looking to deploy MFA at Lehigh University. I’m reaching out to find out how other universities approached this project. During the initial deployment, did you target specific data classifications, at risk systems or large services such as mail. Depending on your scope, was it opt-in or mandatory? How did you capture the second factor? Did you find you had to use different solutions for different applications/services? Jim -- James Monek Director, Technology Infrastructure & Operations Lehigh University - Library and Technology Services P: 610-758-5010 E: jamesmonek () lehigh edu<mailto:jamesmonek () lehigh edu> Follow Lehigh LTS at: Facebook: https://www.facebook.com/LehighLTS Twitter: https://twitter.com/lehighlts TIO Blog: https://wordpress.lehigh.edu/jmm616/
Current thread:
- Deploying MFA James Monek (Jul 03)
- Re: Deploying MFA Reyor, William F. (Jul 03)
- Re: Deploying MFA Davis, Kevin (Jul 03)
- Re: Deploying MFA Hamer, Christian (Jul 04)
- Re: Deploying MFA Joanna Grama (Jul 05)
- Re: Deploying MFA Reyor, William F. (Jul 03)