Subscribe to our free fortnightly newsletter and stay ahead with the latest news in HE

York doubles up on data security

The University of York deploys Duo Security's two-factor authentication system to keep data safe and secure

Posted by Alice Savage | May 19, 2017 | Technology

The University of York is a research-intensive university with more than 30 academic departments and research centres. It needed a frictionless solution to handle researchers’ sensitive and confidential data securely, and protect the network from phishing attacks.

Deploying Duo’s two-factor authentication kept costs and overheads down, and end users were quick to adapt to it because the app is so clean and simple.

The University of York is a dynamic, research-intensive institution working to address some of the world’s most pressing challenges by developing life-saving discoveries and new technologies. The university is home to more than 30 academic departments and research centres, with almost 16,000 students.

Duo spoke with University of York’s Linux and Information Security Team Leader Richard Fuller, about how Duo helps secure their researchers’ data and protect the network from phishing attacks. His team oversees all technical aspects of information security and infrastructure for the University.

The Challenge

Because of University of York’s role as a research institution, Richard’s team had the two-pronged objective of needing to offer users wide access while also keeping sensitive and confidential data secure. “A lot of our work is around partitioning and creating areas where data can be handled securely while still maintaining a very open research and teaching environment,” he said.

This challenge was exacerbated by the fact that the University’s existing user authentication solution was in place for many years. Naturally, some users were hesitant to make the transition to two-factor authentication (2FA) to get root access, so Richard sought a frictionless solution that wouldn’t create new barriers.

A secondary concern, similar to many of their peers in academia, was that the University of York community struggled with phishing. Richard explained, “We have a huge number of people getting phished every year. The education is working, but it’s not working at the level that we would hope.”

The Solution

After trying out options like hardware tokens with RSA SecurID, Richard’s team was interested in something simpler and more straightforward that would best serve the variety of technical skill levels across the University of York community.

The recommendation to try Duo actually came from Richard’s boss. After a brief trial, it emerged as the right balance of a low-overhead, cloud-based deployment for the information security team and an accessible solution for the users.

Deploying Duo at University of York

One of Duo’s key benefits for University of York was how it protected initial entry into the network. Previously, if an attacker used phishing or malware to gain access to an administrator’s credentials, they had the keys to a large amount of data; the second layer of security that 2FA provides strengthened their perimeter.

Richard’s team first rolled out Duo to system administrators, network administrators and other technical staff. It wasn’t long before other people around the University asked to get on board, which Richard was happy to oblige. “One of the really cool things about Duo Security is that you can do a small deployment and it doesn’t cost you a lot of time, infrastructure or money to get set up,” he said.

Another standout about Duo was how easy it was to get users started, regardless of their level of technical skill or access granted. For example, the University’s health practitioners use a National Health Service application, which needed more fine-tuning than a one-size-fits-all solution.

As Richard detailed, “We have a VPN service and when normal users log in, they get access to the network in a particular view, firewalled and that kind of thing. If a member of IT services logs in, then we want to give them a higher level of access. In order to get onto that VPN you have to use two-factor authentication.”

Would University of York recommend Duo?

“Duo’s just been really simple, straightforward, and it hasn’t got in the way of what we’ve been trying to do. The app is really clean and just works.” 

 W: https://duo.com

Subscribe to our free fortnightly newsletter and stay ahead with the latest news in HE

Related stories

SALTO Access Control - the next level of security systems

Why HE establishments need to embrace digitisation

Prefectirus - alerts you to maintenance issues via email

What is the future of library technology?

The Edtech Evolution

Eight ways to use a classroom camera or visualiser

Getting online can help global engagement in HE

University of York's central hall to be refurbished

Using technology to transform the back office

Regent's University London and Data Integration team up

Market place - view all

Arkivum

Arkivum provides data archiving services to a range of industries ...

Jamf software

Solutions for education. Power the digital classroom with Apple an...

Promethean

Effective teaching is the key to successful, collaborative and pers...

Haines Watts

Haines Watts can provide you with more than just a set of books at ...

Red sky

We’re the UK’s leading independent solar installer, hel...

Hamworthy heating

Hamworthy Heating is a leading British commercial boiler manufacturer...