Implementing Role-Based Network Access Control Across Multiple Nebraska University Campuses
Higher education institutions face many challenges in the current environment including funding and staff shortages, as well as a hostile security and risk setting. Technology trends such as zero-risk security allow these institutions to meet challenges realistically and efficiently. Zero trust is a misnomer; it does not mean “no trust” but zero implicit trust and use of risk-appropriate, explicit trust. In essence, zero trust is a mindset (or paradigm) that defines key security objectives – objectives that are paramount to any higher education institution. In DataVizion’s backyard lives the University of Nebraska with campuses in three large cities.
Implementing Role-Based Network Access Control Across Multiple Nebraska University Campuses:
Supporting networks for University of Nebraska – Lincoln, Kearney, and Omaha campus locations, the UNS environment includes 9,000 access points and over 2,000 switches. Its overall campus network system see around 4.5 million authentications and 75,000 end points daily.
The University of Nebraska System(UNS), in collaboration with their academic communities, employ five ITSCore Values (BE THE FIVE):
Working with DataVizion, “Four of the five centralized Information Technology Services groups – UNK, UNL and UNO, plus the NU ITS Enterprise Systems team-were asked to align to the strategic needs of the University of Nebraska and each campus. This unified team also has worked closely with UNMC on procurement and standardized technologies.”
A new leadership structure that balances campus needs and leverages scale through a shared services model was created to oversee and help guide the new NU ITS team. This structure includes a unified budget and common services to support the University of Nebraska.
In January of 2020, DataVizion worked with the University to begin design, architecture, and planning programs. Within six months, all cores, distributions, switches, and APs were replaced and 80% of devices were migrated. The physical installation included 40 buildings per month prioritizing academic locations for weekends. A full Aruba ClearPass Network Access Control system was installed to integrate the University of Nebraska Lincoln, the University of Nebraska Omaha, and the University of Nebraska Kearney, enabling a flexible and robust role-based policy for implementation of a zero-trust model.
DataVizion, an Aruba Platinum Partner, worked with UNS to serve the next generation of connected students by improving edge computing and securing identities, data, services, and devices. This included 41 locations, more than 325 buildings, 51,000+ students, 16,000+employees, more than 105,000 connected devices per day, as well as over 425,000 unique devices located in 2022 to date. (4.26.2022)
UNS understands the growing importance of continuous learning and just how the growing popularity of alternative credentials has prompted the adoption of new offerings and workforce development platforms.
Hybrid Work and IoT are Changing How Higher Education Thinks About Access Control:
Hybrid workplace initiatives, IoT,and edge computing are dissolving the traditional higher education IT perimeter. DataVizion’s goal was to provide UNS anytime, anywhere connectivity without sacrificing security, and maintaining visibility and control devoid of impacting user experience. It started with identifying everything connecting to the network, authenticating, and authorizing, and enforcing robust policy across the entire network by:
Identifying what clients are being used, how many, where they're connecting from, and which operating systems are supported – this provides the foundation of visibility.
Authenticating and authorizing the devices connecting to the network, applying Zero Trust best practices related to “least access.”
Enforcing automated response via dynamic policy controls and real-time threat remediation that extends to third-party systems.This is the last piece of the puzzle. Being prepared for unusual network behavior at 3 AM requires a unified approach that can block traffic and change the status of a device’s connection.
The new campus core and distribution model included 8 cores and 28 distributors as well as 2,300+access switches and 10,000+ Wi-Fi access points. Advancing technology for the system, all endpoints were separated by risk and classification.
New models of instruction and the need for innovative forms of support for students drove an investment in classroom technology, specialized web-conferencing tools, and an increased focus on career support.
Zero trust security, process automation, and low-code applications provided UNS the opportunity to reduce risk and improve efficiency in operating models via a dynamic security assessment featuring risk-based network levels, unified wired and wireless security policies, 802.1x for NU identities and peers, as well as full endpoint authorization.
ClearPass 802.1X enforcement and other techniques for secure authentication integrates with a wide variety of authentication solutions enabling the use of multi-factor authentication and the ability to force reauthentication at key points throughout the network.
Optimization and Cost Savings – Efficiency at Scale:
The utilization of the DataVizion + Aruba platform saved the University System $5.8 million by standardizing all equipment and service with simplistic hardware maintenance and a single help center support system, as well as end-user self-service onboarding and IoT registration.
As Neil Brown, Director of Network Services for the University of Nebraska System states, “The DataVizion design, planning and support were crucial to our success.”