June 2018 update on security initiatives

Posted on Wednesday, June 20, 2018

In April, we informed you about new security initiatives to reinforce the University’s assets against malicious attacks. Since then, we’ve worked with small groups to test their effectiveness and integration with workstations and systems. 

 

As we roll out the initiatives over the coming months, we will be providing the sectors (and in some cases, units) with details about them and any associated changes.

 

Here is an update on the initiatives:

 

  • Disk encryption
    • Pilot phase completed. Over 100 computers now have encrypted disks.
    • Scheduling sectors for the remainder of 2018 and first quarter 2019.
    • Aimed at non-teaching staff (especially staff using laptops) to protect data should the device be lost or stolen.
  • Workstation security optimization
  • Multi-factor authentication (MFA)
    • The technology and infrastructure were implemented in April 2018.
    • A pilot group is currently using MFA for access to VPN, testing for bugs and issues before MFA is offered to others.
    • We are building the approach and rollout strategy for users.
    • Aimed at all employees, to reduce multiple risks surrounding authentication and access to systems and applications.
  • Privileged access management (PAM)
    • The technology and infrastructure were implemented in April 2018.
    • Pilot groups in Information Technology and the faculties are testing PAM and providing feedback.
    • Deployment for remaining staff in Information Technology, faculties and services will occur during the summer and fall.
    • Aimed at select staff in Information Technology, faculties and services who administer servers.

 

New security endeavours were initiated to strengthen existing security and ensure we are adopting best practices throughout the University:

 

  • Malware protection for University computers
    • As a first level of security, the Sophos software protects individual computers against viruses and other malware. Periodically, we need to implement a major software upgrade to benefit from added features.
    • Since April, we’ve upgraded Sophos on 3000+ computers, 50% of our goal. Sectors are being scheduled as quickly as possible, to have most done by the end of September.
  • Consolidating the login pages for major web applications
    • In mid-July, we will improve the user experience and make things simpler by implementing one “look and feel” for the login pages of approximately 25 applications, including uoZone and VirtuO. The page appearance will change and users will need to add @uottawa.ca to their ID when they login. Passwords will remain the same. We will be sending more messages and providing a preview page so that you know what to expect.
    • The login pages for more web applications will be converted in the upcoming year.

 

Keeping the door firmly closed on security risks requires that everyone be vigilant and that we use a toolkit of different strategies. As our projects progress, we will keep you informed on developments. In the meantime, please contact the Service Desk if you have any questions or concerns.

Back to top