What would you do if your organization was on the receiving end of a lot of malicious digital activity, including numerous phishing and network intrusion attempts?

For Grand Canyon University, this was more than a hypothetical situation. Attackers were regularly targeting the institution. And although the university had procedures in place to secure incoming email and communication, Director of Security Michael Manrod was haunted by one question:

“What protection do we have if someone succeeds in obtaining user credentials from an employee?”

Manrod was concerned that an attacker might be able to trick someone in the organization into providing their user credentials. And while the university controls were standing up fairly well, the team wanted to increase institutional security while still maintaining an enjoyable user experience.

Using MFA to Secure the University
Founded in 1949, Grand Canyon University (GCU) is a premier private university based in Phoenix, Arizona, that educates 19,000 on-site and 72,000 online students. The university employs more than 10,000 people, making them one of the largest employers in metropolitan Phoenix, and contributes $1.1 billion to the state and local economy each year.

The university wanted to make sure employees had access to the resources they need to succeed at work. But because the institution didn’t have multi-factor authentication (MFA) in place, an attacker could send a well-targeted communication that could put the university at risk.

Without MFA, once a hacker is able to penetrate the first line of defense (typically through a stolen or weak password), the hacker may have free rein of the organization. Multi-factor authentication provides a layer of protection by requiring additional evidence that you are who you say you are, and it can take the form of everything from a PIN to pop-up notifications on your mobile phone to a fingerprint scan.

Authentication wasn’t the only area that GCU wanted to beef up; their legacy ADFS system also fell short because it didn’t meet the university’s requirements for robust federation. GCU wanted a federation solution that would not only support MFA but would also deliver a secure and enjoyable single sign-on (SSO) experience for users.

The Ping Solution
The university evaluated seven different solutions and landed upon Ping. They replaced ADFS with PingFederate—a highly flexible, standards-based platform that allowed GCU to manage identities from multiple active directories. Users can access what they need, when they need it, while the university can rest easy knowing that open standards help ensure a secure, future-proofed identity architecture.

In addition, GCU implemented Ping’s MFA solution, PingID, to provide their employees with a seamless and secure user experience. With PingID, GCU employees can:

• Add and select from multiple authentication methods and devices on the fly.
• Enjoy the flexibility of mobile push authentication methods such as swipe, tap, fingerprint and facial recognition.
• Use MFA even when off site, thanks to Kerberos integration.
   

“I sleep better at night now that we have Ping deployed,” Manrod said. “Now any one layer of our existing security stack can catch every attack—so having Ping in place has significantly strengthened our security posture.”

To learn more about how GCU uses PingFederate and PingID to deliver secure and seamless user experiences, please read our customer story “Grand Canyon University Bridges Security Gulf.” And join our January 16th webinar, “Maturing Security with a Rapid MFA Deployment at Grand Canyon Education” to learn how GCE prepared for its rapid deployment, and how MFA can be used to advance security maturity within frameworks such as NIST and Zero Trust.