Ideas for getting Cohortium membership re-engaged with our meetings & activities
More presentations on various pilot efforts around the country
Duo can identify some potential institutions to contact
Cohortium members who indicated on their application that they had significant deployments in place/in the works
Institutions who have been in the news like Stanford
Some ideas
Viriginia (already volunteered)
Va Tech
Arizona State - Peoplesoft & MFA
Find an institution doing/exploring MFA with Banner
Hospitals & Epic: Central Michigan , Michigan (RSA tokens)
UC Davis - student health system
Things the Cohortium should be developing
Concise "elevator speech" as to why it is needed and the benefits it could deliver
One obvious tact is to "avoid the negative" of having a significant breach and not being able to show you were already being proactive on increasing your security/"defenses". I.e. help avoid public embarrassment by proactively addressing the risk/threat
But it would be good to also have "positives" to stress
Idea of a map of the U.S. highlighting institutions with MFA deployments in operation or in the works, possibly with some variation on scale of deployments. A visual way of highlighting "who is doing the right thing".
Marketing materials for various audiences – senior execs thru CIOs thru service/app managers thru end users
Synergy with the InCommon Assurance program and its effort to look at "assurance profiles" of meaningfulness to a wider range of institutions, such as one highlighting MFA was used. Check into connections with the Assurance program, and possibly InCommon Steering
related to that, effort to identify apps/services that will "behave differently" if MFA used vs just username/password.
Work on information related to "lessening the down side" of an MFA deployment, such as a strong perception that it would be expensive
Produce more cost info and examples
see what we can find/surface in the way of recent studies/estimates of costs
Look into Return on Investment focus
One thing is to highlight variations in costs of soft vs hard, particularly in the areas of support
ease of use, minimizing help desk costs
Diane of Duo mentioned "Mandit?" study
Tom Scavo was going to contact a "large University" that has switched, in about a 1 year timeframe, from being all about ahrd tokens to now being all about soft tokens. Would they talk to the Cohortium?
Develop Roadmap and best practices
Smaller institutions are an important market, not just the large instituions