Healthy Devices @ Stanford
More than ever, health is important to us—and this extends to the computers we use. Healthy devices are helpful devices without compromise. Blending convenience with security is our goal for this year. In this campus-wide effort, we’ve embarked on five complementary efforts slated for completion by September 2021:
- Operating system upgrades
- Passwordless logins
- Modern device management
- Advanced device protection
- Modern email authentication
These improvements will be as automated as possible, but some will need your help along the way. In communications to you about these efforts in the coming months, we will highlight that each is a part of this broader modernization plan. Read on to see what you can expect. You can learn more about how to ensure your device is healthy by visiting Devices @ Stanford.
Operating System (OS) Upgrades
Up-to-date operating systems are foundational to many of this year’s efforts. Staying current with software updates is an ongoing responsibility for each of us, and some Stanford devices have fallen behind.
As of March 1, the minimum operating system versions are:
- MacOS version 10.14 (“Mojave”)
- iPhone / iPad version 12
- Android version 9 (“Pie”)
- Windows version 10
To protect our community and data, out-of-date devices may be blocked from accessing Stanford systems. For more information about system sunset dates, see https://sunset.stanford.edu.
With Cardinal Key, we’re leaving passwords in the past and ushering in a new era of safer and simpler computing. More than 6,000 faculty, staff, and students are already using Cardinal Key, and our next step is to expand adoption to all university employees. By September 2021, Cardinal Key will be required for access to essential Stanford systems from employee devices.
It only takes a few minutes to configure each of your devices with Cardinal Key, then you’re set for five years. And with the new Cardinal Key installer for Mac and Windows, it’s easier than ever to get up and running.
Modern Device Management
Imagine that your device is configured and maintained for you without any intervention. Modern management systems provide a much cleaner way to configure and update devices. For Macs, we are taking advantage of these new capabilities with Jamf. Over time, Jamf will replace our current use of BigFix.
For Windows devices, we are in the process of selecting a Jamf-like tool. Stay tuned for more information.
If you do not handle High Risk Data, you continue to have the option to use an alternative to Jamf called VLRE. VLRE is a lightweight tool that monitors the security configuration of your laptop/desktop, but shifts the responsibility for configuration changes and software patching entirely to you.
Advanced Device Protection
Cyber threats have become increasingly sophisticated and pervasive, and our protection mechanisms need to be equally advanced. With CrowdStrike anti-malware, your laptops and desktops will be defended better than ever before. Since December, Crowdstrike has been deployed to more than 25,000 devices across Stanford and has already blocked numerous attacks.
For those who need a higher level of protection for their devices, we’ve recently launched the Cardinal Protect service. Cardinal Protect, an all-in-one solution that provides the most comprehensive protection we offer, can be purchased by subscription.
Modern Email Authentication
Stanford’s email is not yet fully protected by two-step authentication: webmail is, but the other access mechanisms are not. With modern authentication, the first time you access your Stanford email account from each of your devices, you’ll be prompted for two-step —similar to the way you log into your other Stanford accounts. This once per device prompt prevents anyone but you from accessing your Stanford email. To learn more about using two-step to secure email and why we’re making the change, visit the Modern Email Authentication webpage.
We recognize that there may be technical obstacles that prevent the adoption of these improvements on your device. For example, there may be a lab computer controlling expensive research equipment that runs special software which prevents upgrading the operating system. For these cases, we will continue to use our long-standing exception request mechanism: https://minsec-exception.stanford.edu.
How We Work Today
In today’s connected world, information security is a shared responsibility. With your help, we’ll continue to make great strides in keeping Stanford devices healthy, so we can all work safely and effectively from wherever we are.
If you have questions or comments about our efforts, we want to hear them. Submit your feedback through the button below.
- Cardinal Key now supported for Stanford Mobile on iOS
- Cardinal Key now supported for eduroam (+ decommissioning “Stanford Secure” WiFi network)
- Operating system sunset schedule: https://sunset.stanford.edu
- Advanced malware protection for laptops/desktops: https://antimalware.stanford.edu
- Cardinal Key for passwordless logins: https://cardinalkey.stanford.edu
- Cardinal Protect service for fortified laptops/desktops: https://cardinalprotect.stanford.edu
- MyDevices to check the status of your devices: https://mydevices.stanford.edu
- Email modern authentication: https://modernauth.stanford.edu
- Modern device management for Macs with Jamf: https://jamf.stanford.edu
- Request an exception: https://minsec-exception.stanford.edu