Multi-factor authentication (MFA) will be progressively rolled out at CSU during 2019, using Duo Security as the MFA solution to access sensitive and risky information and communications technology (ICT) services. Duo Security has already been trialled in the Division of Information Technology to test MFA for VPN Admin access.
What is multi-factor authentication?
MFA is one of the most effective controls that can be used to prevent an attacker from gaining access to IT services and sensitive information. It strengthens access security by requiring two or more methods – also referred to as factors – to verify your identity. These factors can include something you know – like a username and password, plus something you have – like a smartphone app to approve authentication requests.
The use of MFA is becoming common. You may be familiar with using it to access online banking, the MyGov website and other internet services, where in addition to logging in with your password, you have a second step to authenticate your identity.
The implementation of MFA at CSU reduces the risk of staff accounts being compromised, providing less opportunity for fraud. It’s an important activity in ensuring our compliance with the Audit Office of NSW and safeguarding the university’s reputation.
Which ICT services will use MFA?
The ICT services listed below have been selected to use MFA and will be progressively implemented during 2019.
- VPN Admin access “CSU-Admin-Users”
- VPN Staff access “CSU-Staff-Users”
- Non-student VDI environments
- Web Outlook
- Critical systems privileged access
- Dynamics 365 privileged admin access
A risk management approach is being used to consider other potential MFA candidates, which may result in the list of ICT services changing throughout the year.
What happens next?
If you use VPN Admin access you will receive an email to enrol in Duo Security in the coming weeks. There will be a cut-off date for enrolment which will be advised in the email. If you do not enrol for Duo Security by the advised date, your access to VPN Admin will be withdrawn.
If you have any questions about the implementation of multi-factor authentication contact Shane Meekin-Sutherland on 84140.
Subscribe to DIT News to keep updated on the progress of MFA implementation at CSU.