A Seamless, Secure Experience

The new DIAM system gives faculty, staff, and students a single, secure way to access university services��by centralizing account management across digital platforms.

This upgrade makes managing accounts easier while enhancing security to protect personal information and prevent unauthorized access.��By consolidating identity management, users will have faster, more secure access to the tools and resources they need.

“We don���t expect anyone to notice any major changes at launch, but this sets the foundation for significant improvements over the next year,” said Alan Allred, information security engineer. “This is just the beginning. We���re laying the groundwork for a digital experience that���s smoother and more secure than ever.���

Improved 消消犯 Services

This system makes onboarding easier for new students and employees while improving digital access at every stage���whether you’re a student, employee, retiree or alum. With behind-the-scenes improvements, this upgrade minimizes tech-related issues, making it easier for everyone to work, teach and learn without disruptions.

Additionally, the system strengthens security during transitions, such as when someone moves from student to employee or employee to retiree, ensuring that access is updated appropriately to protect university data. These updates keep Elon aligned with higher education industry standards and best practices for digital security while making everyday interactions with campus technology more seamless.

A Collaborative Effort

The successful launch of the new Identity and Access Management is the result of years of planning and collaboration across multiple departments. Elon���s IT experts, campus administrators and information security specialists worked together to design a system that prioritizes both digital security and ease of access, ensuring a consistent frictionless process for faculty, staff and students.

Looking Ahead

As Elon continues to evolve, the new Identity and Access Management system will be a foundation for future innovations in security, efficiency and ease of access. Soon, new self-service features will make it easier than ever to reset passwords, request guest accounts and manage access independently���putting more control in the hands of campus users.

In the coming months, more updates will be shared about the specific services being enhanced and how they will improve everyday workflows for faculty, staff and students. After rollout, this system will keep evolving, introducing new tools that strengthen security and make digital access more efficient across the campus.

���This system is an exciting step forward in our mission to create a more secure, efficient, and user-friendly campus environment,��� said Allred. ���It will empower our community to focus on what matters most���learning, 消消犯 and research���while we handle the technical details behind the scenes.���

Departments will receive communication ahead of their transition to ensure faculty and staff are fully prepared for the change. Additional details on timelines, features and improvements will continue to be shared as the project moves forward.

Higher education institutions are often prime targets for cybercriminals. Sophisticated phishing attacks and other hacking innovations constantly look for ways to infiltrate critical systems and steal sensitive information through an organization���s most vulnerable areas.��To counter these threats,��a����showed��92 percent of U.S.��institutions��were��tracking, planning,��had��partially��or fully��deployed��institution-wide MFA on their campuses.

At Elon, MFA is among a growing list of security��and awareness measures happening behind the scenes to��educate the community about increasing threats and��enhance online safety for all users, on and off campus.��Adding students to the enrollment initiative is a critical next step, according to Gary Sheehan, Elon���s director of information security.��Opening enrollment now allows��students ample time��to acclimate to the new authentication process before the new school term in the fall, he said.

���Even for student accounts, password theft is constantly evolving as hackers��use��methods like keylogging, phishing and email spoofing��to gain access,�����Sheehan��said.�����MFA enables us to deploy a security strategy that protects our platforms and community, reduces our risk for cyber threats��and further��provide protections in such a way that access remains easy for authorized users.���

Also��referred to as two-factor authentication,��MFA��adds��layers of password security to critical university systems��and��reduces��the number of compromised accounts��by making it difficult��for unauthorized individuals to log in��with stolen passwords.

Though you may not realize it, you likely already use MFA when accessing online accounts for banking, credit cards and other services, Sheehan said.

���When you access an ATM or use a debit card for purchases you typically need the card (something you have) and a pin number (something you know),��� he said. ���Whenever a merchant, bank, medical provider or retailer requires you to provide a password or pin, along with something you have to complete a transaction, you are using multi-factor authentication.���

At Elon, the MFA process involves the use of��the Duo Security app and��two or more devices to deliver security tokens that allow��users to��access single sign-on services like email, Moodle, LinkedIn Learning and other applications. With Duo Security, tokens are typically communicated��through��a��push to a��mobile��device��or��call to a landline phone.

���Since passwords can be compromised and are vulnerable to sharing, adding multi-factor authentication to the login process requires the user to know something (the password) and have something (the token), in order to gain access,��� Sheehan said.

All Elon students are encouraged to enroll in MFA before��the deadlines noted above.��After��those dates,��email, Moodle and other single sign-on services will be inaccessible until MFA enrollment is complete. For help getting started, visit the����in the IT Self-Service Portal Knowledge Base��or��.��If you have questions or need to report an issue, please contact the Technology Service Desk at 336-278-5200.

For additional online safety resources and to sign up for alerts, .��To stay aware of active cyber-attacks and other threats on campus, Sheehan encourages users to��sign up for information security alerts.

���You are the shield,��� he said. ���We all play an important role in keeping our community safe.���

How does Duo Security work?

To��enhance��online safety��measures at Elon, is implementing a mandatory multi-factor authentication (MFA) initiative. All faculty and staff must enroll in MFA using Duo Security by Dec. 31.

Also referred to as two-factor authentication, MFA will��add layers of password security to critical university systems and reduce the number of compromised accounts that impact the Elon community. This makes it harder for unauthorized individuals to log in as if they were you.

���Password theft is constantly evolving as hackers employ methods like keylogging, phishing and email spoofing,��� said Gary Sheehan, director of information security. ���Our goal is to provide protections in such a way that access remains easy for authorized users. MFA enables us to deploy a security strategy that protects our platforms and community, reduces our risk for cyber threats and boosts the flexibility and productivity of our entire workforce.���

With this initiative, Elon joins a growing list of campuses nationwide that mandated MFA for faculty and staff. A showed that 92 percent of U.S.-based institutions were either tracking, planning, have partially deployed or deployed institution-wide MFA on their campuses.

Though you may not realize it, you likely already use��MFA��when��accessing��online accounts for��banking,��credit cards��and other��services, Sheehan said.

���When you access an ATM or use a debit card for purchases you typically need the card (something you have) and a pin number (something you know),��� he said. ���Whenever a merchant, bank, medical provider or retailer requires you to provide a password or pin, along with something you have to complete a transaction, you are using multi-factor authentication.���

At Elon, the MFA process involves the use of two or more devices to deliver security tokens that allow access to single sign on services like email, Moodle, LinkedIn Learning and other applications. With Duo Security, tokens are typically communicated to the user via a mobile or landline phone.

���Your information is safer because thieves would need to steal both your password and your MFA token,��� Sheehan said. ���Since passwords can be compromised and are vulnerable to sharing, adding multi-factor authentication to the login process requires the user to know something (the password) and have something (the token).���

MFA is only one facet of a broader security strategy to protect data, campus technology resources and the existence of a safe computing environment at Elon. Security and compliance are best achieved when they are not implemented using a single point of failure, Sheehan said.

���Think about how you protect your valuable assets ��� by locking doors and windows, adding an alarm system or outdoor motion lights to detect intruders,��� he said. ���In addition to MFA, we have implemented a security awareness program to share safety tips on how to protect data and personal information. We use anti-virus, anti-malware and other controls to protect against harmful email links and websites, and we monitor the environment to ensure sensitive data and information is not accidentally shared with unauthorized users.���

To stay aware of active cyber-attacks and other threats on campus, Sheehan encourages users to sign up for information security alerts.

���You are the shield,��� he said. ���We all play an important role in keeping our community safe.���

As the fall semester draws to a close, faculty and staff are encouraged to��enroll��in��MFA��ahead of the upcoming holiday break and Dec. 31 deadline. For help getting started, visit the in the IT Self-Service Portal Knowledge Base.

After Dec. 31, email, Moodle and other single sign on services will be inaccessible until MFA enrollment is complete. Please contact the Technology Service Desk at 336-278-5200 if you have questions or need to report an issue. For additional online safety resources and to sign up for alerts, visit the .

Elon’s Office of Information Technology (IT) looks to answer those questions and offer additional insight with the launch of a new video series, Elon IT Decoded, on Feb. 19.

Elon IT will introduce new episodes monthly on its Elon Technology Blog through April, then again in the fall, with monthly episodes September through November. The online series also will be promoted on social media.

The features Systems Administrator and Acorn Accolade recipient Cassie Lott. 

Elon’s IT department works collaboratively with the Elon community to provide technology, leadership and support on campus. As the university’s central technology provider, IT supports 消消犯 and learning, administration and research through secure, robust computing.

The office is made up of six departments, which includes the Office of Assistant Vice President for Technology and Chief Information Officer Christopher Waters, 消消犯 Technology Support, Enterprise Solutions, Information Security, Infrastructure, and Teaching and Learning Technologies.

View the series on the , and follow Elon Technology on and for updates.

Cathy Hubbs, chief information security officer at American University, will be a featured speaker as part of National Cyber Security Awareness Month. Her talk will focus on the human behavior side of cyber security data breaches and our role in the age of the Internet of Things (IoT). What makes us vulnerable? How do attackers use the art of persuasion to manipulate us to gain access to our computers and networks?

Hubbs works in the Office of Information Technology at American University, identifying risk sources, planning, developing, implementing and maintaining the University’s information technology security program to safeguard new and existing technologies and services. She contributes to university-wide information security awareness and education programs and is responsible for the development of information security policies, procedures and security standards.

Sponsored by 消消犯 Office of Information Technology

More than 1,100 internet and technology experts responded in the summer of 2017 to a series of questions tied to the following theme: Will trusted methods emerge over the next 10 years to block false narratives and allow the most accurate information to prevail in the overall information ecosystem?

Those responding to the survey were evenly split: 51 percent said the information environment will not improve, while 49 percent expect things to get better. The experts were asked to elaborate on their answers, yielding a wide range of opinions about the threat of misinformation, the prospect for solutions and the most promising strategies to pursue.

���Both camps of experts share the view that the current environment allows ���fake news��� and weaponized narratives to flourish, but there is nothing resembling consensus about whether this problem can be successfully addressed in the coming decade,��� said Lee Rainie, Pew Research Center���s director of internet and technology research. ���They disagree about which side comes out on top in the escalating arms race: those who exploit human vulnerabilities with internet-speed manipulation tactics or those who create accurate information and reliable delivery systems for it.���

Report co-author Janna Anderson, director of 消消犯���s Imagining the Internet Center, noted: ���Many of these experts said that while the digital age has created countless information sources and magnified their potential influence globally, it has simultaneously reduced the influence of traditional news organizations that deliver objective, verified information. They said the information environment can���t be improved without more well-staffed, financially stable, independent news organizations whose signals are able to rise above the noise of misinformation to create a base of ���common knowledge��� for the public. They also urged far more literacy efforts to help people differentiate fact from falsehood.���

An analysis of nearly 500 pages of written responses by these experts revealed two optimistic and two pessimistic themes:

• The information environment will not improve and human nature is to blame.
  • Respondents supporting this theme say humans tend to be selfish, tribal, gullible, convenience seekers. They worry that today���s powerful information actors have an incentive to keep the status quo. And they think the future will be organized around social divisions, with a segment of population finding high-quality information, while ���chaos will reign��� for those who cannot afford or discern reliable information or show no interest in getting it.
• The information environment will not improve because technology will create new challenges that can���t or won���t be countered effectively and at scale.
  • These responses often described the bad actors as having a leg up on those seeking to combat misinformation. They expect that weaponized narratives and false information will be magnified by social media, online filter bubbles, bots and artificial intelligence.
• The information environment will improve because technology will help label, filter or ban misinformation and thus upgrade the public���s ability to judge the quality and veracity of content.
  • Those who think there will be improvements predict that algorithmic filters, browsers, apps and plug-ins will diminish the potency and availability of misinformation. They think movements toward fact-checking ��and ���trust ratings��� will help, too. Some say regulation will also play a part in curbing misinformation.
• The information environment will improve because people will adjust and make things better.
  • Some of these experts argue that misinformation is nothing new and society has always found ways to lessen its impact. They say as people become more skilled in sorting fact from fiction, the information environment will improve. Some expect crowdsourcing will play a prominent role in verifying facts by blocking those who propagate lies and propaganda. Some also showed support for distributed ledgers (blockchain).

A fifth theme: Experts in both camps who said technology alone can���t overcome the influence of misinformation urged two strategies to combat it:

• The public must fund and support the production of objective, accurate information.
• Efforts must be made to elevate information literacy as a primary goal of education.

Below is a sample of responses from tech experts in this survey:

Tom Rosenstiel, author, director of the American Press Institute and senior fellow at the Brookings Institution: ���Whatever changes platform companies make, and whatever innovations fact checkers and other journalists put in place, those who want to deceive will adapt to them. Misinformation is not like a plumbing problem you fix. It is a social condition, like crime, that you must constantly monitor and adjust to. Since as far back as the era of radio and before, as Winston Churchill said, ���A lie can go around the world before the truth gets its pants on.������

Starr Roxanne Hiltz, distinguished professor of information systems and co-author of the visionary 1970s book ������: ���People on systems like Facebook are increasingly forming into ���echo chambers��� of those who think alike. They will keep unfriending those who don���t, and passing on rumors and fake news that agrees with their point of view. When the president of the U.S. frequently attacks the traditional media and anybody who does not agree with his ���alternative facts,��� it is not good news for an uptick in reliable and trustworthy facts circulating in social media.���

Jerry Michalski, futurist and founder of REX: ���The trustworthiness of our information environment will decrease over the next decade because: 1) It is inexpensive and easy for bad actors to act badly; 2) Potential technical solutions based on strong ID and public voting (for example) won���t quite solve the problem; and 3) real solutions based on actual trusted relationships will take time to evolve ��� likely more than a decade.���

Nigel Cameron, a technology and futures editor and president of the Center for Policy on Emerging Technologies: ���Human nature is not EVER going to change (though it may, of course, be manipulated). And the political environment is bad.���

Jamais Cascio, distinguished fellow at the Institute for the Future: ���The power and diversity of very low-cost technologies allowing unsophisticated users to create believable ���alternative facts��� is increasing rapidly. It���s important to note that the goal of these tools is not necessarily to create consistent and believable alternative facts, but to create plausible levels of doubt in actual facts. The crisis we face about ���truth��� and reliable facts is predicated less on the ability to get people to believe the *wrong* thing as it is on the ability to get people to *doubt* the right thing.���

Richard Lachmann, professor of sociology at the State University of New York at Albany: ���Even though systems [that] flag unreliable information can and will be developed, internet users have to be willing to take advantage of those warnings. Too many Americans will live in political and social subcultures that will champion false information and encourage use of sites that present such false information.���

Scott Spangler, principal data scientist at IBM Watson Health, said technologies now exist to make fake information almost impossible to discern and flag, filter or block: ���Machine learning and sophisticated statistical techniques will be used to accurately simulate real information content and make fake information almost indistinguishable from the real thing.���

danah boyd, principal researcher at Microsoft Research and founder of Data & Society: ���What���s at stake right now around information is epistemological in nature. Furthermore, information is a source of power and thus a source of contemporary warfare.���

Charlie Firestone, executive director of the Aspen Institute Communications and Society Program: ���In the future, tagging, labeling, peer recommendations, new literacies (media, digital) and similar methods will enable people to sift through information better to find and rely on factual information. In addition, there will be a reaction to the prevalence of false information so that people are more willing to act to assure their information will be accurate.���

Jonathan Grudin, principal design researcher at Microsoft: ���We were in this position before, when printing presses broke the existing system of information management. A new system emerged and I believe we have the motivation and capability to do it again. It will again involve information channeling more than misinformation suppression; contradictory claims have always existed in print, but have been manageable and often healthy.���

John Markoff, retired journalist and former technology reporter at The New York Times: ���I am extremely skeptical about improvements related to verification without a solution to the challenge of anonymity on the internet. I also don���t believe there will be a solution to the anonymity problem in the near future.���

Alf Rehn, chair of management and organization studies at ��bo Akademi University: ���Better algorithms will sort out some of the chaff [and may improve the overall information environment], but at the same time the weaponization of fake news will develop. As strange as it seems, we may enter a time of less, but ���better��� [more effective] fake news.���

Justin Reich, assistant professor of comparative media studies at the Massachusetts Institute of Technology: ���Strategies to label fake news will require algorithmic or crowd-sourced approaches. Purveyors of fake news are quite savvy at reverse engineering and gaming algorithms, and equally adept at mobilizing crowds to apply ���fake��� labels to their positions and ���trusted��� labels to their opponents.���

James Schlaffer, an assistant professor of economics at Westfield State University: ���Information is curated by people who have taken a step away from the objectivity that was the watchword of journalism. Conflict sells, especially to the opposition party, therefore the opposition news agency will be incentivized to push a narrative and agenda. Any safeguards will appear as a way to further control narrative and propagandize the population.���

Paul N. Edwards, Perry Fellow in International Security at Stanford University: ���Many excellent methods will be developed to improve the information environment, but the history of online systems shows that bad actors can and will always find ways around them.���

Larry Diamond, senior fellow at the Hoover Institution and the Freeman Spogli Institute (FSI) at Stanford University: ���I am hopeful that the principal digital information platforms will take creative initiatives to privilege more authoritative and credible sources and to call out and demote information sources that appear to be propaganda and manipulation engines, whether human or robotic. In fact, the companies are already beginning to take steps in this direction.���

Irene Wu, adjunct professor of communications, culture and technology at Georgetown University: ���Information will improve because people will learn better how to deal with masses of digital information. Right now, many people naively believe what they read on social media. When the television became popular, people also believed everything on TV was true. It���s how people choose to react and access to information and news that���s important, not the mechanisms that distribute them.���

Mike Roberts, pioneer leader of ICANN and Internet Hall of Fame member: ���The average man or woman in America today has less knowledge of the underpinnings of his or her daily life than they did 50 or a hundred years ago. There has been a tremendous insertion of complex systems into many aspects of how we live in the decades since World War II, fueled by a tremendous growth in knowledge in general. Even among highly intelligent people, there is a significant growth in personal specialization in order to trim the boundaries of expected expertise to manageable levels. Among educated people, we have learned mechanisms for coping with complexity. We use what we know of statistics and probability to compartment uncertainty. We adopt ���most likely��� scenarios for events of which we do not have detailed knowledge, and so on. A growing fraction of the population has neither the skills nor the native intelligence to master growing complexity, and in a competitive social environment, obligations to help our fellow humans go unmet.���

Susan Etlinger, industry analyst at Altimeter Research: ���There are two main dynamics at play: One is the increasing sophistication and availability of machine learning algorithms, and the other is human nature. We���ve known since the ancient Greeks and Romans that people are easily persuaded by rhetoric; that hasn���t changed much in two thousand years. Algorithms weaponize rhetoric, making it easier and faster to influence people on a mass scale. There are many people working on ways to protect the integrity and reliability of information, just as there are cyber security experts who are in a constant arms race with cybercriminals, but to put as much emphasis on ���information��� (a public good) as ���data��� (a personal asset) will require a pretty big cultural shift. I suspect this will play out differently in different parts of the world.���

Jim Hendler, professor of computing sciences at the Rensselaer Polytechnic Institute: ���The information environment will continue to change but the pressures of politics, advertising and stock-return-based capitalism rewards those who find ways to manipulate the system, so it will be a constant battle between those aiming for ���objectiveness��� and those trying to manipulate the system.���

Peter Lunenfeld, a professor of design|media arts at UCLA: ���For the foreseeable future, the economics of networks and the networks of economics are going to privilege the dissemination of unvetted, unverified and often weaponized information. Where there is a capitalistic incentive to provide content to consumers, and those networks of distribution originate in a huge variety of transnational and even extra-national economies and political systems, the ability to ���control��� veracity will be far outstripped by the capability and willingness to supply any kind of content to any kind of user.���

Bill Woodcock, executive director of the Packet Clearing House: ���There���s a fundamental conflict between anonymity and control of public speech, and the countries that don���t value anonymous speech domestically are still free to weaponize it internationally, whereas the countries that do value anonymous speech must make it available to all, [or] else fail to uphold their own principle.���

Amber Case, research fellow at Harvard University���s Berkman Klein Center for Internet & Society, suggested withholding ad revenue until veracity has been established: ���In order to reduce the spread of fake news, we must deincentivize it financially. If an article bursts into collective consciousness and is later proven to be fake, the sites that control or host that content could refuse to distribute advertising revenue to the entity that created or published it. This would require a system of delayed advertising revenue distribution where ad funds are held until the article is proven as accurate or not. A lot of fake news is created by a few people, and removing their incentive could stop much of the news postings.���

Andrea Matwyshyn, a professor of law at Northeastern University who researches innovation and law, particularly information security: ���Software liability law will finally begin to evolve. Market makers will increasingly incorporate security quality as a factor relevant to corporate valuation.���

is a nonpartisan fact tank that informs the public about the issues, attitudes and trends shaping America and the world. It does not take policy positions.

意鞄艶油��is an initiative of the 消消犯 School of Communications.��Imagining the Internet explores and provides insights into the impact of Internet evolution. 消消犯, faculty, staff and alumni have surveyed thousands of experts and traveled to cover Internet Governance Forums and Internet Hall of Fame events in Egypt, Greece, Kenya, Switzerland, Germany, Brazil, Lithuania and Mexico.

Major themes on the future of the online information environment

Theme 1: The information environment will not improve: The problem is human nature

• More people = more problems. The internet���s continuous growth and accelerating innovation allow more people and artificial intelligence (AI) to create and instantly spread manipulative narratives
• Humans are by nature selfish, tribal, gullible convenience seekers who put the most trust in that which seems familiar
• In existing economic, political and social systems, the powerful corporate and government leaders most able to improve the information environment profit most when it is in turmoil
• Human tendencies and infoglut drive people apart and make it harder for them to agree on ���common knowledge.��� That makes healthy debate difficult and destabilizes trust. The fading of news media contributes to the problem
• A small segment of society will find, use and perhaps pay a premium for information from reliable sources. Outside of this group ���chaos will reign��� and a worsening digital divide will develop

���Theme 2:��The information environment will not improve because technology will create new challenges that can���t or won���t be countered effectively and at scale

• Those generally acting for themselves and not the public good have the advantage, and they are likely to stay ahead in the information wars
• Weaponized narratives and other false content will be magnified by social media, online filter bubbles and AI
• The most effective tech solutions to misinformation will endanger people���s dwindling privacy options, and they are likely to limit free speech and remove the ability for people to be anonymous online��

���Theme 3:��The information environment will improve because technology will help label, filter or ban misinformation and thus upgrade the public���s ability to judge the quality and veracity of content

• Likely tech-based solutions include adjustments to algorithmic filters, browsers, apps and plug-ins and the implementation of ���trust ratings�����
• Regulatory remedies could include software liability law, required identities and the unbundling of social networks like Facebook

���Theme 4: The information environment will improve because society will adjust

• Misinformation has always been with us and people have found ways to lessen its impact. The problems will become more manageable as people become more adept at sorting through material
• Crowdsourcing will work to highlight verified facts and block those who propagate lies and propaganda. Some also have hopes for distributed ledgers (blockchain)

���Theme 5:��Tech can���t win the battle. The public must fund and support the production of objective, accurate information. It must also elevate information literacy to be a primary goal of education.

• Funding and support must be directed to the restoration of a well-fortified, ethical and trusted public press
• Elevate information literacy: It must become a primary goal at all levels of education

消消犯 became a NCSAM champion this year to show its commitment to information security because so much of our information is now online.  Cybersecurity is a global issue that affects all of us and it is our shared responsibility to promote a safe and secure digital world.

Christina Bonds, application developer, led the effort of Elon becoming an NCSAM champion this year with the support of the director of information security, Keith Schoenefeld.  “Participating in and supporting the educational mission of the National Cyber Security Alliance by becoming an NCSAM Champion is just one way Technology at Elon can contribute to 消消犯’s mission.  By helping our faculty, staff, and students understand how to safely navigate an increasingly connected world, we are better able to prepare ‘students to be global citizens and informed leaders motivated by concern for the common good'”, said Schoenefeld.

Valuable tips and information will be shared on Elon Technology’s , on Twitter, and in to promote online safety awareness.  You can also follow the #CyberAware hashtag throughout October. 

What is NCSAM?

Recognized every October, National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between industries and government to provide digital citizens the resources needed to stay safe and secure online and protect their personal information. 

Coordinated and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS), NCSAM reaches consumers, businesses, corporations, educational institutions and individuals across the globe with information and educational programs centered on practical approaches to cybersecurity. 2016 marks the 13th year of NCSAM.

View the entire list of 2016 NCSAM champions . 

The Acorn Accolade recognizes Bonds for her pivotal role in developing the Elon Payment Gateway, as well as her continued efforts to promote cybersecurity awareness at Elon. See , and the .