Ideas for getting Cohortium membership re-engaged with our meetings & activities

  • More presentations on various pilot efforts around the country
    • Duo can identify some potential institutions to contact
    • Cohortium members who indicated on their application that they had significant deployments in place/in the works
    • Institutions who have been in the news like Stanford
    • Some ideas
      • Viriginia (already volunteered)
      • Va Tech
      • Arizona State - Peoplesoft & MFA
      • Find an institution doing/exploring MFA with Banner
      • Hospitals & Epic: Central Michigan (question), Michigan (RSA tokens)
      • UC Davis - student health system

Things the Cohortium should be developing

  • Concise "elevator speech" as to why it is needed and the benefits it could deliver
    • One obvious tact is to "avoid the negative" of having a significant breach and not being able to show you were already being proactive on increasing your security/"defenses". I.e. help avoid public embarrassment by proactively addressing the risk/threat
    • But it would be good to also have "positives" to stress
    • Idea of a map of the U.S. highlighting institutions with MFA deployments in operation or in the works, possibly with some variation on scale of deployments. A visual way of highlighting "who is doing the right thing".
  • Marketing materials for various audiences – senior execs thru CIOs thru service/app managers thru end users
  • Synergy with the InCommon Assurance program and its effort to look at "assurance profiles" of meaningfulness to a wider range of institutions, such as one highlighting MFA was used. Check into connections with the Assurance program, and possibly InCommon Steering
    • related to that, effort to identify apps/services that will "behave differently" if MFA used vs just username/password.
  • Work on information related to "lessening the down side" of an MFA deployment, such as a strong perception that it would be expensive
    • Produce more cost info and examples
      • see what we can find/surface in the way of recent studies/estimates of costs
    • Look into Return on Investment focus
      • One thing is to highlight variations in costs of soft vs hard, particularly in the areas of support
      • ease of use, minimizing help desk costs
      • Diane of Duo mentioned "Mandit?" study
  • Tom Scavo was going to contact a "large University" that has switched, in about a 1 year timeframe, from being all about ahrd tokens to now being all about soft tokens. Would they talk to the Cohortium?
  • Develop Roadmap and best practices
  • Smaller institutions are an important market, not just the large instituions
  • Explore connections with K-12 community
  • Work on some materials around biometrics
  • No labels