Gluu Blog

Follow us:
Back to Blog

Top 10 Applications for Multi-Factor Authentication in Higher Education

Mike S. April 10, 2013

Strong, multi-factor authentication is one of the most cost efficient ways to reduce security threats within an organization. Although many organizations are hesitant to introduce strong authentication due to on-boarding and integration issues, we regularly advise existing and prospective customers to at the very least consider adding it to their developmental roadmaps. 

Watch how to use OX open source for strong, mutli-step, multi-factor authentication.

With the newest release of OX now available, implementing organization wide, strong authentication has never been more flexible. Not only is the OX platform vendor neutral, but it also supports multiple authentication providers if necessary and customizable business logic.

So without further ado, here are the 10 +1 most common applications for Multi-Factor Authentication in Higher ED:

1. Privileged Access (“root”, “Admin,” “System,” or similar privileged access) to large or critical system: examples of such systems include campus ERP systems with financial data or student records; identity management systems; centralized backup systems; DNS servers; DHCP servers; campus web cache boxes, etc.

  • Typical job titles of MFA user: system administrator, database administrator, DNS administrator

2. Core Network Devices: “Enable” access to core routers and similar privileged access to other key network devices (including firewalls and other network security appliances with traffic visibility)

  • Typical job titles of MFA user: network engineer, network security engineer

3. Physical access to critical facilities [e.g., machine rooms, telecom switch rooms, colo facilities, other high value assets]

  • Typical job titles of MFA user: facilities engineer, computer operator, etc.

4. Access to institutional financial accounts (commercial bank accounts, institutional brokerage access, etc.); note that this will typically use a credential specified by the bank, brokerage, etc., not by campus

  • Typical job titles of MFA user: campus business officer, portfolio administrator, financial manager

5. Access to HIPAA covered health data (teaching hospital patient records, on campus health center records, testing center records, etc.)

  • Typical job titles of MFA user: doctor, hospital/health center administrator, insurance billing specialist, etc.

6. Financial Aid data: because of the Department of Education special push in this area, Financial Aid administrators get a special call out (e.g., Department of Education is pushing 2FA hard tokens to all financial aid admins)

7. High Performance Computing Resources: many so-called supercomputer centers require 2FA after the unfortunate Stakato attacks.

8. VPN access from off campus (punching through a campus perimeter firewall, or accessing a specially sensitive internal network)

9. Campus Messaging (e.g., in an effort to preventing phishing and subsequent spam runs, resulting in widespread phishing)

10. Google (pushed by Google, rather than the campus)

Plus one more (not strictly two factor, think more “alternative factor to traditional passwords”):

Bonus:

11. Automated (machine-to-machine) connections (e.g., for things like scheduled bulk data transfers) [think ssh pre-shared key access]

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.

Reader Interactions

Trackbacks