The University of Denver is a leading private research institution in the United States with nearly 13,000 undergraduate and graduate students, and roughly 4,300 staff members. The university has a prestigious reputation, often ranking among the top 100 universities in the country, and is the oldest research institution in the Rocky Mountain Region of the U.S.
In late 2019, the University of Denver’s information security team, led by Marcelo Lew, went out in search of a network access control solution to help manage access to the institution’s guest network, as well as to its growing eduroam WiFi network roaming service. “Internally, we had an initiative to move our security stack to the cloud,” Lew said. “We’re really focused on bringing in solutions that are lightweight and don’t require an FTE to come in and manage them.”
Choosing Simplicity in Uncertain Times
As an existing HPE Aruba ClearPass customer, and having evaluated Cisco’s Identity Services Engine (ISE) NAC solution, Lew and his team felt that Portnox CLEAR had the potential to deliver the needed functionality without all of the heavy systems lifting to stand up and maintain required of traditional on-premise NAC. “Some of the legacy NAC solutions out there have a million knobs, making them complex to configure and difficult to troubleshoot. Most institutions like us don’t need all of that,” Lew continued.
Lew and his information security team set their sights on Portnox CLEAR NAC-as-a-Service, moving to a PoC in early 2020. The untimely rise of the Coronavirus pandemic in March of 2020 in the U.S. put a damper on the team’s initial efforts to test the platform. “COVID-19 forced the PoC to take a bit longer due to operational challenges, but in general, we really liked what we saw,” said Lew. “Portnox CLEAR really had the potential to get us where we wanted to be with regards to moving NAC to the cloud.”
Coverage for the Guest Network
Portnox CLEAR would eventually be rolled out in full across the university’s guest network, with full coverage up to 10,000 devices. “We have hundreds and even thousands of users on our guest network at any given time. We’ve had no issues and our network engineers have found Portnox CLEAR very easy to configure. The team particularly likes that there’s no on-prem component or need to upgrade servers on a regular basis,” Lew went on to say.
Starting with the guest network was a strategic decision. The university often hosts conferences and events with thousands of non-staff visiting for the day and needing wireless connectivity, making the guest WiFi network target number one for potential cyber threats. “We’re also situated in a populated neighborhood community in Denver. We’re fine with the community being able to utilize our WiFi, but we needed a mechanism to allow for this while keeping the university’s data safe,” said Lew. “After all, our motto here is A Private University Dedicated to the Public Good – that concept extends to our network as well.”
Expanding to Eduroam & Beyond
As Lew and his team look ahead, they plan to extend CLEAR’s access control capabilities to the university’s eduroam wireless network used by staff, as well as to the many wired ports across the campus. “We have a few quiet periods during the year where network activity is low – typically in the summer, and about 3-4 weeks in December. We’re planning to tackle eduroam coverage with Portnox CLEAR in the fall of 2021, and the wired ports over the Christmas break,” said Lew.
The move off of its reliance on HPE Aruba ClearPass for NAC to Portnox’s cloud-delivered NAC-as-a-Service signifies a larger initiative within the institution even beyond cloud transformation. “The hard perimeter-based security approach doesn’t work anymore because devices are no longer limited to the university network,” Lew continued. “So, we cannot assume that everything inside the perimeter (or enterprise firewalls) is safe. We are working towards a zero trust but always verify environment, where for users like campus guests are given the minimum possible access needed.”
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com
About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.
About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.