The University of Queensland has introduced multi factor authentication (MFA) to give its staff and students secure access to its network from anywhere in the world.
The initiative began after the university began exploring the concept of zero trust, deputy director of information technology services at the university, David Stockdale, said at a virtual roundtable hosted by Cisco.
As a large institution with over 50,000 students, 6000 staff and an open campus environment, the university couldn’t just trust that people presenting the correct username and password were who they claimed to be.
“The whole layered security model is extremely important - no longer can you just rely on one piece of technology or one process for one situation,” Stockdale said.
He said the university used MFA on all services presently accessed via a single sign-on.
"But we’ve also layered it into other things like our VPN solution so we’ve got multiple layers of that zero trust idea.”
After trialling a few different MFA products, the university settled on Cisco subsidiary Duo, which was rolled out to ongoing, fixed-term and casual staff in November last year.
While most staff are able to use Duo’s mobile app to receive either passcodes or push notifications requesting login access, staff working in labs that restrict the use of mobile phones are able to obtain a token from the university’s IT department to receive passcodes.
After an initial uptake of 500 users in the first month, the university has continued to expand the program to more staff account types and research students, even as much of the workforce transitioned to remote operations due to the COVID-19 pandemic.
“We've been able to roll this out, even though we've been working out of location - so off campus - over the last few months, and it's still been a very successful, smooth transition.”
Stockdale added that the timing of the project worked out quite well given the marked increase in phishing attempts and ransomware attacks as bad actors attempt to capitalise on the sudden shift to working from home in many industries.
Australian universities have previously been the target of malicious cyber activity, in part thanks to the wealth of intellectual property they hold on the back of their research.
Monash University deployed MFA solutions last year following a spate of attacks that hit hundreds of global institutions, while Deakin University introduced the technology as part of its Deakin Shield cyber security program.
The University of Queensland particularly stands out at the moment due to its work leading the nation’s development of a potential vaccine for the novel coronavirus.
Stockdale added that the university is exploring the use of automation to counter the mounting “plague” of cyber threats as a result.
“The only way we can deal with this is through more and more automation.
“We need our smart people to deal with the very complex and difficult [threats], and the only way to do that really is to get rid of the workload for the more simplistic stuff, and way to do that is through automation.”