The UWL information security team operates with the mission to protect and maintain the confidentiality, integrity and availability of systems, data and resources. The team also ensures the information and university assets are protected from unauthorized access, loss, alteration or damage, while also supporting the open, information sharing needs of the academic environment.
UWL must protect the personal accounts of students, faculty and staff, and also be compliant with the parent university’s system policies. Finding a security solution that can help with the UW system security audit and works with such a varied group of users was a challenge. The university needed a more proactive, preventative solution to support their security strategy and to protect the personal accounts, servers and the university infrastructure from phishing attacks while also being incredibly easy to use for the entire university community.
UWL evaluated several multi-factor authentication (MFA) vendors before choosing Duo for its ease of use and its ability to help it pass the security audit and comply with the parent university’s system policies. “Duo was the foundation building block for the new UW system security policies. Duo not only checks the box on all the requirements, but also was easy for university users,” said Jim Jorstad, Director IT- Client Services, University of Wisconsin-La Crosse, adding that Duo delivers a solution that the university can support financially and helps ensure they meet all compliance requirements mandated by the parent university.
Deploying Duo at UWL
"We rolled out Duo with user education, which helped raise awareness between faculty, staff and students. We leveraged existing Duo training materials coupled with custom communications developed by ITS, workshops and video recordings, making users extremely comfortable with Duo. Today, over 90 percent of our end users have activated their account with Duo which for us is a huge success,” he said.
On the reporting side, the Duo admin panel dashboard provides a snapshot of all user activities. The quick overview of users with bypass or locked out status, inactive users who haven't logged in recently and overall total user count is very helpful for the admin team. Duo’s Unified Device Visibility provides a single pane of glass view into all mobile device platforms and helps them assess the potential security risks associated with each device. “The wealth of information the dashboard provides is very valuable. I look at it everyday; actually that’s how I start my day - getting an overview of my users’ activity. Utilizing user analytics and communicating it helps us identify exceptions and misc/shared accounts,” said Jorstad.
Securing All Applications Easily is Key
The university needed a solution that easily integrated with its existing infrastructure, consisting of Cisco AnyConnect VPN, PeopleSoft, Microsoft Office 365, Canvas, PeopleAdmin and various other custom applications. Duo's cloud-based solution meant Duo could be easily layered onto the university’s existing custom web applications.
The Phishing Campaign
The UW system has been implementing an institution-wide phishing awareness education program. Through this program, simulated phishing emails are sent periodically to all UWL faculty and staff. These customized emails mimic a real phishing threat. The university is able to identify applications at risk of malicious attack by launching phishing assessments directly from the Duo admin panel.
“Data breaches cost dollars and time. It basically tarnishes your reputation that you worked so hard to build over decades,” said Jorstad. “Duo is a part of a larger umbrella of data security against brute force attacks, phishing and so much more out there. Our team found Duo to be one of the best products we have worked with so far. The speed and ease with which we deployed the solution was particularly impressive. The documents are extremely easy to follow and Duo’s support team has helped us in every phase of this important project.”