“We saw an extremely high return on our investment with Duo. Not only was it easy to deploy and maintain, but it also enabled us to open our systems to our users more confidently without impacting the experience. That’s the most important thing.”
— Matt Haschak, Director IT Security and Infrastructure
Bowling Green State University (BGSU) is one of the top public universities in Ohio
Duo helped BGSU significantly improve their cyber security posture while being cost-effective at the same time
BGSU’s phenomenal success with Duo gave the university the confidence to expand its deployment to all users and all critical applications and data
Bowling Green State University (BGSU) is a top public university established in 1910 in Bowling Green, Ohio. With more than 19,000 students from all 50 U.S. states and 70 different countries, BGSU has campuses in three locations: Bowling Green State University (main campus), BGSU Firelands in Huron, Ohio and BGSU at Levis Commons in Perrysburg, Ohio. The university has more than 800 full-time faculty members and offers highly recognized programs in biology, business, education, English, fine arts, industrial and organizational psychology, physical therapy, psychology, public affairs, rehabilitation counseling, sociology and speech-language pathology.
The BGSU Information Security team operates with the mission to protect information and systems. Three pillars define BGSU’s cybersecurity strategy:
BGSU needed a more proactive, preventative solution to support their cyber security strategy and to protect the personal accounts of students, faculty and staff; and their servers and infrastructure.
The BGSU security team investigated and tried various solutions available in the market. They needed a solution that provided effective, strong authentication, was easy for students, faculty and administrators to use and delivered a low total cost of ownership (TCO). “Duo checks the box on all three” says Matt Haschak, Director IT Security and Infrastructure, Bowling Green State University, adding that Duo delivers a solution that the university can support financially and also helps ensure that they meet all compliance requirements, such as PCI DSS.
Haschak says multi-factor authentication plays a critical role in the university's security strategy. Duo was easy to deploy, so much so that the university was quickly able to expand its Duo deployment to all students, faculty and staff after starting with a few high-risk systems and users. At any given time, BGSU has approximately 30,000 active users of its internal systems and applications.
“Whenever you implement a change such as MFA, there will be people that will be resistant to the change. Duo, however, made it easy to enroll end users. Once a user was enrolled, they automatically received a push to their device and could quickly get access to everything they needed. That made them happy,” Haschak says.
Duo makes it so easy to enroll users that among BGSU’s 30,000 students, faculty and staff members the university had a 99 percent success rate of self-enrollment, Haschak says, adding “users at BGSU find it extremely easy to use.”
The first line of defense for the university was to enforce MFA on every device accessing the VPN. The second was to ensure that user accounts are not phished and confidential information is safe. BGSU rolled out Duo to its Central Authentication Service (CAS) Single Sign-On (SSO) portal, protecting all applications behind it, including class registration, benefits enrollment, and personal information.
One of the main improvements after implementing Duo was in the effective support of remote users. “I wasn't willing to open my systems to remote users – either not on campus or traveling overseas – but I’m now more confident to allow those types of transactions because we can trust the person on the other end,” says Haschak.
The next phase for the university is to gain visibility into the devices accessing applications and data and enforce the appropriate policies and control. This will strengthen security and reduce the risk of compromised device accessing information.
BGSU was live on Duo in under two weeks and is now protecting more than 30,000 users effectively. Integrating Duo into their system was easy and trouble-free.
Now that Duo is fully implemented, the calls to the help desk from users having trouble authenticating have decreased by 50 percent, adds Haschak.
“Since implementing Duo, BGSU has not seen any unauthorized access on account that are protected by Duo. While there is still a threat from hackers attempting to remotely exploit our applications and infrastructure, there are now enough safeguards from unintentional password sharing through successful phishing attacks. Duo provides an immeasurable layer in our defense-in-depth strategy to protect our systems and users” says Haschak.