SLIDE 1
Conference 2018
Panelists
2
Contextual Access and Multi-Factor Authentication Lessons learned on - - PowerPoint PPT Presentation
Contextual Access and Multi-Factor Authentication Lessons learned on - - PowerPoint PPT Presentation
Conference 2018 Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor authentication! Panelists Corey Scholefield - Team Lead, Identity Services Wendy Blake Director, Network and Technical Services
SLIDE 2
SLIDE 3
Conference 2018 ¡
Contextual Access Control
¡
Multi-factor Authentication
What are we talking about?
3
SLIDE 4
Conference 2018 ¡
Meet your neighbour and discuss multi- factor authentication capability at your
- rganization…!
¡
Deployed or not ?
¡
Support for or not ?
Meet your neighbour!
4
SLIDE 5
Conference 2018 ¡
Business Drivers
¡
Restricting privileged access
¡
Reduce risk of ransomware/phishing
¡
PCI Compliance
Use Case - TRU
5
SLIDE 6
Conference 2018
¡ Systems in scope for
deployment
¡
Primary
¡
Password vault (thycotic)
¡
Firewall UI (Panorama)
¡
RDP to desktops (users who use VPN to access network)
¡
Secondary
¡
VPN
¡
Servers (Linux and Windows)
¡
Banner privileged accounts
¡
Root/administrator accounts
¡
BANSECURE named accounts
¡
INB accounts
Use Case - TRU
6
SLIDE 7
Conference 2018 ¡
Lessons Learned
¡
Have a well defined plan
¡
If we knew now…..?
¡
Overall we have had a good experience
Use Case - TRU
7
SLIDE 8
Conference 2018
Use Case - UCalgary
8
SLIDE 9
Conference 2018
UCalgary – Business Drivers
9
Prevent account compromise Reduce support burden Reduce costs associated with risk Reduce lost productivity Audit requirements
SLIDE 10
Conference 2018
UCalgary – Deployment
10
Deployed
Testing Pilot Technical Pilot Business Pilot All Staff All Students
SLIDE 11
Conference 2018
UCalgary – Deployment
11
Legacy Interfaces (technical) New Interfaces (technical)
SAML 2 WS-FED OpenID Connect OAuth RADIUS LDAP SecurID native RADIUS CAS (custom)
SLIDE 12
Conference 2018
UCalgary – Deployment
12
SLIDE 13
Conference 2018
UCalgary – Lessons Learned
13
SLIDE 14
Conference 2018
UCalgary – Lessons Learned
14
SLIDE 15
Conference 2018
UCalgary – Lessons Learned
15
SLIDE 16
Conference 2018
UCalgary – Lessons Learned
16
SLIDE 17
Conference 2018
UCalgary – Lessons Learned
17
SLIDE 18
Conference 2018
UCalgary – Next Steps
18
- Hardware token support and deployment strategy
- Deploy to remaining staff and students
- Expand systems protected by MFA
- Strengthen contextual access to reduce need for token authentication
SLIDE 19
Conference 2018
UVic – Business Drivers
19
AUDIT + PCI
Manage Risk
Compromised Accounts
SLIDE 20
Conference 2018
2012 • Cisco VPN – for NETS Staff 2014 • Unix Shell - for Privileged Admins 2017
- Banner 8 Forms – Finance
- On-premise Yubikey OTP Server + Key Management in IdentityIQ
2018
- VPN MFA access expanded to IT staff
- CAS 5.2 SSO + Banner 9 / AppNavigator
UVic – YubiKey MFA applications
20
SLIDE 21
Conference 2018
UVic – Lessons Learned
21
- Gartner
research
- Unicon
support
- Audit
- Info Sec
- Reputational
risk
- People
- Process
- Technology
- Leadership
- IT
- Clients
Buy-in Business Process Best- practices Driving Forces
SLIDE 22
SLIDE 23
Conference 2018
UVic – Next Steps
23
Staff desktops Web apps More factors
SLIDE 24
Conference 2018 ¡
Business Drivers
¡
Deployment
¡
Lessons Learned
¡
If we knew now…..
¡
Next Steps
Use Case
24
SLIDE 25
Conference 2018 25
SLIDE 26
Conference 2018 26
SLIDE 27
Conference 2018 27
SLIDE 28
Conference 2018 28
SLIDE 29
Conference 2018 29
SLIDE 30
Conference 2018 30
SLIDE 31
Conference 2018 31
SLIDE 32
Conference 2018 ¡
Lessons Learned.
¡
Don’t be afraid to ask for ….
¡
Some of the best support is in the communities…
¡
Set a 25 min floor to present…
¡
Test your communications not just your tech…
¡
If we knew now…..
¡
Portion Control….
Use Case
32
SLIDE 33