Sector: Education

Founded in 1347 by Marie de St Pol, Countess of Pembroke, Pembroke College is the third oldest of the University of Cambridge’s 31 constituent colleges. Today, it is a vibrant academic community comprising approximately 473 undergraduates, 295 postgraduates, 78 Fellows, and 175 staﬀ members. The college is renowned for its excellent teaching and research, consistently achieving high academic standings within the university.

The Challenge

Achieve comprehensive identity security for all Active Directory users

Enforce MFA on privileged accounts in on-premises infrastructure
Gain visibility and control over service account behaviours
Implement security measures without disrupting existing IT operations

The Solution

Enhanced protection for privileged and service accounts

MFA enforcement extended to on-prem privileged accounts
Improved visibility into service account activities and risks
Seamless integration with existing Microsoft environment

The Challenge: Strengthening on-prem infrastructure and service account management

Pembroke College’s IT department recognised the growing risk of unauthorised access to privileged accounts and the limited visibility into service account activities. The team identified a gap in their security infrastructure, as existing measures did not fully address developing risks for protecting on-premises applications and Active Directory authentication processes.

The IT Department sought a solution that would enforce MFA on all privileged users, provide visibility into service accounts, and integrate smoothly with their existing environment without causing disruptions.

“We needed to enforce MFA across all privileged accounts and legacy applications while also improving visibility into identity security gaps. Our existing setup didn’t provide us with the ability to monitor service accounts in real time, and we knew that had to change.”

Andrew Baughan
IT Director
Pembroke College
University of Cambridge

Finding the right identity security partner

As a regular trusted supplier to Pembroke College, C-STEM has worked closely with their IT team over the past few years. Following a conversation around MFA and privileged access, Tyrone Isitt, C-STEM’s Account Director, introduced the Silverfort solution to Andrew Baughan, Pembroke College’s IT Director, who recognised its potential value after evaluating it alongside other options. Following this assessment, C-STEM showcased the solution at the CITC (Cambridge IT Colleges) event, where other institutions including Trinity College first encountered Silverfort and became a customer.

After the Pembroke College IT team’s careful evaluation, they selected Silverfort for its proven success in seamless MFA enforcement, real-time authentication insights, and agentless integration with Active Directory. The collaborative relationship between C-STEM and Pembroke’s IT department facilitated a smooth adoption process. The IT Department began deploying with a proof-of-concept (POC) on a single domain controller, ensuring a smooth transition before expanding Silverfort across the entire environment. The platform’s ability to analyse authentication requests in real-time and enforce security policies made the implementation eicient and non-disruptive.

“After reviewing Silverfort’s capabilities, I thought it would be a good fit not just for Pembroke, but potentially for other colleges as well.”

Andrew Baughan
IT Director
Pembroke College
University of Cambridge

The Solution: Implementing MFA and service account protection with Silverfort MFA protection and adaptive identity protection policies

As Andrew Baughan noted: “Silverfort has significantly strengthened our identity security, reducing risks and giving us greater confidence in our security posture. The additional visibility into privileged account activity and the ability to enforce MFA on legacy systems have been game-changers for us.”

MFA protection and adaptive identity protection policies

The implementation delivered the following key security capabilities:

Advanced risk-based authentication

MFA enforcement for access to sensitive resources from unfamiliar locations
Securing legacy authentication protocols to prevent unauthorised access

Command-line and RDP security enhancement

MFA verification for critical administrative operations
Enhanced authentication for remote sessions and script execution
Granular control over system administration tools

Service account protection and lateral movement prevention

The implementation transformed Pembroke’s service account management through:

Automated Discovery and Control

Intelligent mapping of service account usage
Continuous real-time monitoring of service account behaviour patterns
Real-time detection and prevention of suspicious lateral movement attempts

“Rolling out Silverfort was incredibly straightforward. We quickly saw value in its ability to enforce MFA on legacy systems without requiring additional software. We also gained crucial insights into our service accounts, which we hadn’t had full visibility into before.” – Andrew Baughan, IT Director, Pembroke College.

Beyond MFA, Pembroke leveraged Silverfort’s behavioural analytics capabilities to detect and address unusual login activities. The team implemented service account segmentation, ensuring they could only authenticate in predefined, secure patterns. This significantly reduced the attack surface and prevented potential lateral movement attacks.

By deploying Silverfort, Pembroke College successfully mitigated identity-based threats, secured privileged and service accounts, and improved its overall cybersecurity resilience. Their collaboration with C-STEM and Silverfort has been key in building a strong cybersecurity framework.

Systems + Techniques = Effective Management

C-Stem Accreditation Crown Commercial Services

C-STEM - Platfform Building, 11-20 Devon Place, Newport NP20 4NW

Tel: 0345 241 0000 | Fax: 0345 241 0001

C-STEM is the trading name for Communication-STEM Limited. Registered Office: 10 Temple Back, Bristol, BS1 6FL. Registered in England 03270429. VAT no. 682398492