6 Things to Consider when Deploying MFA

Like most things in tech, the consumer experience drives corporate adoption. Well, in the case of Multi Factor Authentication, we, as individual consumers, have seen the place text message verifications, phone prompts, and IP-based tracking provides a layer of validation in our personal banking, email accounts, and mobile entertainment applications.

This experience has prepared users well for the deployment of multi factor solutions within the corporate technology environments that we deploy, manage, and live within each day. Yet, many of us have not deployed these technologies within our ecosystems, because of the perceived disruption to end user experience and the layers of complexity surrounding the execution. Our goal today is to give you the framework within which to start the journey.

Here are six key steps to not only developing your strategy, but also delivering a seamless experience back to your corporate consumers.

1. Define your desired end user experience

Understanding your end goal is a common place we like to start all of our conversations here at Elevate Technology Partners. Usually, we facilitate conversation with some of the following frameworks.

  • Describe eutopia…
  • How do you want the end user experience to feel?
  • How will your user base adapt to the increased layer of security?
  • What corporate or cultural layers do you need to consider as you determine the proper platform for your deployment?

Where this portion of the framework may be the vaguest, it also may be the most important. Successfully describing the end user experience while also clearly depicting the importance a securely governing end user controls and access provides a sound base for any organization to successfully monitor and deliver the desired client technologies.

The goal here isn’t to create a more cumbersome gate for the intruders to navigate. Rather, we seek to ensure secure access to the appropriate services on the devices our consumers want at a point in time they need them. (We’ll soon be covering modern endpoint management strategies and deployment. So, stay tuned for more on this topic!!)

2. Identify Key Application and Technical Integrations

Every corporate IT environment has its unique qualities, investments, and idiosyncrasies. When determining a path, the first technical layer of the conversation always starts here. We use this portion of the conversation to understand core applications, common delivery frameworks, and distinctive processes that your business leverages to make money.

Rather than looking at the desired outcome and saying we must now fit within this product…let’s change the paradigm! How do we best identify a solution that enables our business to best execute while minimizing our risk and exposure to nefarious actions. Some common layers to look at include:

  • Are you going to leverage multi factor access for your network devices (we highly recommend you do!)?
  • What applications will be included in the integration needs list? Email, VPN, physical devices, etc…

3. Determine Unique End User Access Requirements

We all have those end users who are outside the norm. The traveling sales rep who works from home, the shop floor worker who doesn’t carry a cell phone, the remote user whose network access is sporadic and abnormal to your user base.

Identifying, quantifying, and understanding these consumer needs is an important step to generating an outcome that securely accounts for these users without compromising your goals. Like every technical solution ever deployed, there are no silver bullets, but identifying these use cases early allows us to quickly isolate solutions that best fit the use profiles and personas within your unique environment.

4. Examine Existing Security Investments

Every organization has invested some form of capital to creating a security posture. Your firewalls, network devices, and antivirus solutions all create an ecosystem designed to monitor, support, and mitigate your risk.

  • Understanding this ecosystem becomes vital as we work to understand the place multi factor outcomes fit.

Can you leverage previous spend to drive incremental capital savings?
Will your multi factor solution integrate with your monitoring capabilities?

Point solutions, albeit strong in some cases, can also introduce management pains or hurdles that are counterproductive in their ability to provide a sound experience.

5. Create a Phased Execution Plan

Like most things in our space, we rarely jump into anything without creating sound testing plans to our execution strategy. Same goes for multi factor deployments.

Typically, we like to identify our more technically savvy users to be our guinea pigs. It’s important to broaden the user base to be sure to include users that leverage different access points, end user devices, and integration requirements in attempt to cover the spectrum of possibilities. Yes…it sounds trivial, but a simple, focused effort here will lead to greater execution.

Once your initial user group has validated your success, move in phases for your rollout. Target your end user base in groups so you have manageable outcomes. This way, you can measure and monitor the needed changes and ensure proper integration.

6. Develop a Strong Communication Cadence

One of the most challenging factors in rolling out a multi factor authentication outcome usually comes in the form of managing our end user base. Any externally-focused, technical deliverable always carries the risk of disrupting the consumer. Thus, the last, vital recommendation for your project would be the one of expectation management.

You are disrupting the end user experience, and change is usually painful. The best remedy for change is usually successfully managing expectations to ensure our end users are prepared for the outcomes and clearly understand the “why.”

Technology roll outs of this magnitude require consistent and frequent communication to ensure the end users are prepared for their new future.

Struggling to identify your best course of action?