Design the MFA Implementation with Security and Resilience in Mind
Ideally, your MFA implementation should be as secure as possible and expose the smallest attack surface, but this approach can create a new single point of failure.
As one of your most important cybersecurity services, your MFA should be designed and implemented with built-in redundancy. This way, the failure of any one MFA component doesn’t cause a denial of service for all of your MFA users.
At the same time, you should generally architect MFA implementations to implement principles of privileged access management:
- No one, even your trusted security and system administrators and engineers, should be able to interact directly with the MFA solution. Require use of hardened jump servers as intermediate steps en route to the MFA solution.
- Require strong, phishing-resistant MFA for all MFA administrators. The Cybersecurity and Infrastructure Security Agency recommends that one of the MFA’s authentication factors be a secure physical device — a smart card or a security key, like a YubiKey. It might not be practical for all users to have such devices, but it’s certainly reasonable for your MFA administrators to use them.
- Check the cybersecurity health of all MFA administrators’ computers before allowing them to access the MFA solution. Make sure their computers are fully patched, properly configured and operating as expected.
- Make sure all MFA administrative activities are monitored and logged, with copies of the logs stored in a secure location where they cannot be altered or deleted.
Keep the MFA Software Well Secured
All software components of your MFA, from the MFA applications themselves to the firmware and operating systems they run on, must be effectively secured at all times, from initial implementation through solution retirement. This includes:
- Verifying the integrity of all software and updates before installation
- Keeping all software fully patched and up to date
- Configuring all software with security in mind, making sure to change any default settings that might give attackers a way to compromise the system
- Protecting the physical security of MFA components
- Replacing any MFA components or MFA solutions that are approaching end of life and will no longer be supported
- Monitoring all MFA components for indicators of compromise, component failures or any other anomalous behavior that might indicate a security or operational issue
Hope for the Best, but Plan for the Worst
A major compromise or failure of your university’s MFA solution may seem unthinkable. It’s so tempting to tell yourself it will never happen — and hopefully it won’t. But you absolutely need to be prepared in case things go wrong and the unthinkable becomes your reality.
Make sure your incident response, business continuity and disaster recovery plans all take your MFA solution into account. Whether your MFA is affected by a cyberattack, a natural disaster or a facilities problem, you should have plans in place that will enable you to quickly restore your MFA capability.
Your incident response plan also should clearly define the conditions under which your MFA should be taken offline or shut down.
Once you have those plans in place, make sure that they work. Consider conducting periodic exercises to ensure everyone knows their roles and responsibilities for MFA service restoration. This also is a great way to train new staff.
Of course, you’ll want to regularly back up your critical MFA data and store copies of those backups in a secure offsite location. But don’t forget to frequently test your backup restoration processes so your backups are valid and your restoration technologies and procedures are working smoothly.