Skip to main content
Europe, Middle East, Africa, Asia Pacific (English)
  • North America
  • América Latina (Español)
  • Europe, Middle East, Africa, Asia Pacific (English)

Top Bar - EMEAAP

  • Resources
    • On-Demand Webinars
    • White Papers
    • Demos
  • Partners
  • Customer Centre
  • Contact
    • Our Offices
    • Contact Us
    • Schedule a Demo
  • Search
Home

Main navigation - EMEAAP

  • Solutions
      • Technologies
        • ERP & SIS
          Big or small, private or public, we have the right solution to power your institution
        • CRM
          Build lifelong relationships with students and help your institution grow
        • Integration & Analytics
          Connect your systems and gain valuable insights with our revolutionary data model
        • See All Products
      • Services
        • Build & Deploy
          Seamlessly implement Ellucian technology at your institution
        • Manage
          Strengthen your strategy and execution for improved institutional performance
        • Train
          Empower your team on Ellucian software and drive successful adoption
      • Alignment Fix
    • Cloud for Higher Ed
      The Cloud: A Smart move for Higher Education
      700+ Customers use Ellucian’s Cloud Solutions
      Find out why
    • Our Approach
      Solutions designed to power higher education
      Enable Customer Greatness
      How We're Different
  • Success Stories
      • By Solution
        • Banner
        • PowerCampus
        • Quercus
      • By Institution Type
        • University
        • Community College
        • Institute of Technology
      • By Institution Size
        • 8,500 - 15,000
        • 3,000 - 5,000
        • Under 3,000
      • See All Success Stories
    • Featured
      Loyola University Maryland
      Cloud for Higher Ed
      Leveraging IT to drive returns
      Dive deeper
      John Rathje - Kent State University
      Analytics and Data Integration
      Developing an enterprise approach to data management
      Dive deeper
  • Insights
      • Most Read Topics
        • Analytics and Data Integration
        • Cloud for Higher Ed
        • Enrolment and Retention
        • Modernising the Campus
        • Our Approach
      • See all insights
    • Featured
      The Cloud: A Smart move for Higher Education
      Cloud for Higher Ed
      The cloud: a smart move for higher education
      Dive deeper
      Integration what and why
      Analytics and Data Integration
      How systems integration helps higher education
      Dive deeper
  • Our Company
      • Who We Are
        • About us
        • Careers
        • Events
        • Executive Team
        • News
        • Resources
    • Featured
      ELIVE 2019 - New Orleans Skyline
      Events
      Ellucian Live
      Learn more
      Elms College
      News
      Elms College selects Ellucian's Colleague ERP
      Learn more
      Careers
      Careers
      We're a tech company with heart
      Learn more
  • Solutions
    • Technologies
    • ERP & SIS
    • CRM
    • Integration & Analytics
    • See All Products
    • Services
    • Build & Deploy
    • Manage
    • Train
    • Alignment Fix
  • Success Stories
    • By Solution
    • Banner
    • PowerCampus
    • Quercus
    • By Institution Type
    • University
    • Community College
    • Institute of Technology
    • By Institution Size
    • 8,500 - 15,000
    • 3,000 - 5,000
    • Under 3,000
    • See All Success Stories
  • Insights
    • Most Read Topics
    • Analytics and Data Integration
    • Cloud for Higher Ed
    • Enrolment and Retention
    • Modernising the Campus
    • Our Approach
    • See all insights
  • Our Company
    • Who We Are
    • About us
    • Careers
    • Events
    • Executive Team
    • News
    • Resources
Europe, Middle East, Africa, Asia Pacific (English)
  • North America
  • América Latina (Español)
  • Europe, Middle East, Africa, Asia Pacific (English)

Top Bar - EMEAAP

  • Resources
    • On-Demand Webinars
    • White Papers
    • Demos
  • Partners
  • Customer Centre
  • Contact
    • Our Offices
    • Contact Us
    • Schedule a Demo
  • Search
  1. Home
  2. Insights
  3. Data Security
  4. Multi-Factor Authentication: Your Belt-and-Suspenders Approach
Multi-factor Authentication: Your Belt-and-Suspenders Approach

Multi-Factor Authentication: Your Belt-and-Suspenders Approach

By Josh Sosnin
  • Share on LinkedIn
  • Share on Facebook
  • Share on Twitter
  • Share via Email

Key takeaways

  • Even strong passwords are vulnerable
  • Multi-factor authentication (MFA) adds another layer of security
  • 70% of customer institutions have considered implementing MFA

About a month ago, everyone who works at Ellucian received the same email. It was marked “external” and was seemingly sent from a customer seeking urgent review of an attached document. Thing is, the sender was made up. Her organisation was made up. And the attachment could have posed a major risk – if the email hadn’t been sent from our own information security team.

This was the latest in a series of training exercises designed to help our employees spot and report phishing attempts. The email contained a number of subtle clues that it wasn’t legit – and we’re finding that our people are getting better and better at spotting those red flags with every new faux phishing attempt we send.

But even with regular training, it’s both unfair and unrealistic to expect employees to be right 100 percent of the time. Phishing attacks are becoming more common and sophisticated every day. As such, we need to do more to ensure that inevitable slip-ups don’t end up creating an issue.

It is estimated that today’s most advanced phishing attacks boast a 30 percent open rate – and, most often, success comes in the form of a password that’s been shared by an unwitting victim. In higher education, that figure may be even higher; given that the education sector (as a whole) unfortunately ranks at the top of the list when it comes to phishing failure rates.

And it isn’t just phishing that’s a threat to password security. A large number of users set the same passwords for both work and non-work accounts. At the same time, the frequency with which they are now asked to reset their passwords has led to a proliferation of lazy password practices – so much so that the National Institute of Science and Technology (NIST) has begun recommending that organizations not reset passwords without cause.

Bottom line: even strong passwords are vulnerable – and can’t be the only line of defense protecting an institution, its people, and its reputation from the impacts of data loss and theft.

That’s where multi-factor authentication (MFA) comes into play. It’s a belt-and-suspenders approach to data security that blunts the impact of a compromised password, because the password becomes just one of several factors used to verify a user’s identity. With companies like Google reporting that they haven’t suffered a single account takeover since MFA implementation, it’s fast becoming best practice. But due to the perceived complexity and costs associated with MFA, it’s not yet a widespread practice in higher education.

That’s all about to change, for a host of good reasons.

First, today’s MFA systems are not the confusing, helpdesk-call-generating applications of the past. They are user-friendly to the point that students, staff, faculty and administrators can verify their identities with just an added tap on their smartphone, tablets, or on their smartwatches (as I do at Ellucian). At the same time, the proliferation of single sign-on technology means that the steps involved in MFA don’t need to be repeated every time a user logs on to a new system.

Second, more and more IT departments are taking the time to ensure that any inconveniences that may arise don’t create resistance to new security measures. At Cheney University of Pennsylvania (an Ellucian Managed Services customer), a new MFA solution was tested among a diverse set of campus constituents over 45 days to ensure a smooth rollout. As Chris Brown, Cheney’s executive director of technology recently told University Business, “It’s extremely important to listen to end users to understand where hurdles may exist.”

Third, MFA integration into myriad software solutions is now much easier than before. For instance, Ellucian’s suite of cloud-ready ERP, CRM, and more specialised applications are entirely MFA compatible leveraging Ellucian Ethos Identity (and we’ve developed a handy resource detailing how our products integrate with a diverse array of MFA solutions). At the same time, we are focusing on providing additional MFA capabilities through the remainder of 2019 and into 2020 (more on that to come in future posts!).

And finally, there’s also an ancillary benefit to MFA that is often overlooked: even with an added layer of protection it provides, it actually results in stronger, more vigilant password practices. With MFA in place, institutions can feel more confident following the NIST recommendation that passwords should not expire without reason. Having to create new passwords less often means users put more thought and effort into the passwords they create – and make fewer calls to the helpdesk. Coming back to the belt-and-suspenders analogy, this means the suspenders are not only a failsafe in the event of belt failure; they actually strengthen the belt itself.

Given all arguments in favor of MFA, it’s no surprise that a recent survey we conducted of 70 customer institutions found that each and every one has at least considered it. I expect to see many moving from consideration to implementation in the coming months – and not just because of decreased complexity, diminished costs, and an elevated user-experience.

At a time when even the best-trained among us can fall victim to phishing attacks, MFA helps ensure that an institution is never caught with its pants down.

Topic
Data Security
About the Author
Josh Sosnin
Josh Sosnin
Vice President and Chief Information Security Officer

Josh Sosnin is the Vice President and Chief Information Security Officer at Ellucian. He is responsible for securing Ellucian’s software products and cloud services.

Read full bio
Other articles by Josh

Products & Services

Ellucian Banner

Unify data and streamline operations with a feature rich ERP system used by 1,400 institutions around the world.

Read More
Ellucian Colleague

Provides an intuitive student experience and helps institutions serve their constituents more effectively.

Read More
Cloud models

Meet the technology demands of your constituents by choosing the cloud deployment option that’s right for your institution.

Read More

Related Content

Insights - Infosec tips
Spotlight
Infosec tips for higher education

Learn the top six security threats to college campuses and what steps you can take to mitigate the risk. 

Dive Deeper
Improving cybersecurity practices
Video
Improving cybersecurity practices from the classroom to the boardroom

How can colleges and universities engage and educate all campus stakeholders about infosec? 

Dive Deeper
Insights Article - Series infosec tips
Article
Solving cybersecurity's people problem

Building a human firewall: Eight tips to ensure cybersecurity.

Dive Deeper

Get Started Today

 Connect with us
 Schedule a demo

Footer - EMEAAP

  • Careers @ Ellucian
  • Resources
  • Training
  • Privacy
  • Cookie Declaration
  • Modern Slavery Act
  • CSR Policy
  • Sitemap

Social Media - EMEAAP

  • Twitter
  • Facebook
  • YouTube
  • LinkedIn

Subscribe to Newsletter

© 2019 Ellucian Company L.P. and its affiliates.

Home Close