About Swansea University
Swansea University in Wales, Swansea, is a public university with nearly 15,000 undergraduate and postgraduate students. Established in 2004, Swansea University’s medical school was ranked joint first in the UK for Research Environment, according to the Research Excellence Framework 2014. The University works closely with government, industry, and the National Health Service (NHS) in teaching, research, and innovation.
Quotes below are from Simon Thompson, systems architect at Swansea University.
Why and Where has Swansea University Deployed Strong Authentication?
A major project owned by the medical school is called SAIL Databank (Secure Anonymised Information Linkage Databank). SAIL Databank is a world-class, anonymous data linkage system that securely brings together the widest possible array of routinely-collected data for research, development and evaluation – over a billion database rows of data. Robust Governance arrangements underpin all areas of work so that SAIL Databank represents a valuable data resource, whilst complying with data protection legislation and confidentiality guidelines.
Researchers from around the world connect to the SAIL Databank to collaborate, access, research and publish academic publications and new knowledge discovery.
“Trust is a key concept when handling health-related information. If records were ever leaked or lost, this would represent a severe data breach and our reputation would be harmed. We identified the risks associated with researchers sharing credentials with peers, which could allow access to restricted data from unknown and unauthorized parties.”
The solution was to allow connections from remote users via VMware Horizon sessions. Those sessions are protected with username/password and a YubiKey as a second factor. In this case, the second factor is mandated by the University/SAIL Databank, as opposed to a choice by the user. This way, even if a researcher decides to share his/her password with someone else, they would have to also physically give that user their YubiKey to allow access to the account — both of which would be a breach of the researcher’s agreement with Swansea University.
Why Did Swansea University Choose YubiKey for Two-Factor Authentication?
“The YubiKey offers a great balance between usability and security. Another important aspect for the University was the upfront and ongoing cost. While some technologies require additional expenses for the integration as well as the deployment, a YubiKey is a very affordable, one-time cost and the code for integration is free and open source. Plus, the validation service provided by Yubico (YubiCloud) is free as well. This made the decision-making process extremely quick and simple.”
What Work was Required to Implement the YubiKey?
The first step was to buy YubiKeys for testing which resulted in quick implementation and production. Thompson stated they were deployed very rapidly, taking less than two days to deliver strong authentication to the SAIL Databank. Once implemented, the Swansea team began to deliver YubiKeys to users.
Thompson’s team never needed direct interaction with Yubico during the implementation, as the resources available on the Yubico developers’ website (dev.yubi.co) were enough to get the project rolling.
What Has the User Experience Been?
“The first time YubiKeys were introduced to the users, some were reluctant to add a step to their login process, but this was to be expected with any change in process. However, those who had been using other technologies, such as OTP generators, which require users to type a code in within a limited amount of time, were very happy with the simple touch of the YubiKey. The fact that the YubiKey emulates a keyboard made the deployment to remote users painless because there is no need to install drivers or specialist software, helping to also reduce support costs.”
YubiKeys worked immediately with Microsoft Windows, Mac OS X, and Linux systems.
Beyond This Project
SAIL Databank’s whole infrastructure will be used as a model to create new environments with similar requirements. UK Dementias Platform (https://www.mrc.ac.uk/research/facilities/dementias-platform-uk/), Biobank (http://www.ukbiobank.ac.uk/), and ALSPAC* (http://www.bristol.ac.uk/alspac/) are all taking the same approach to authentication and system infrastructure based on Swansea University’s successful experience.
*Avon Longitudinal Study of Parents and Children
Find out more about YubiKey for Businesses