BeyondTrust helps University of Winchester strengthen security without hampering productivity

BeyondTrust has given details of a successful project helping the University of Winchester deliver a campus-wide consistent and robust security policy while reducing IT management overheads.

The University of Winchester is a 175 year-old values-driven institution which offers excellent programmes of study sustained by teaching and research of the highest quality. Employing over a 1000 staff with a community of over 8000 students, Winchester was ranked among the top 20 universities in England for overall satisfaction in the National Student Survey 2014.

The smooth-running of the campus includes a strong emphasis on IT security and managing vulnerabilities inadvertently caused by staff and students. As Ian Short, Applications Infrastructure Manager for the University of Winchester explains, “Our security policy is very much prevention rather than cure: we have to protect and support around 1800 Windows desktops, across approximately 8000 students, around 1000 members of staff across 16 different departments and over 160 applications. As well as running Windows on the desktops, we also have Windows back-end servers running in an Active Directory environment.

“We are quite fortunate in that we have not had any security breaches, but there is no room for complacency. For instance, the network is set up so that both staff and students cannot just connect their own devices to back end systems and access is limited to the Internet, since much of the content that students require is available online anyway, this does not limit what they are able to do.”

Several years ago, the University identified the fact that managing user administrator privileges was a simple and effective way to make its security more robust and minimise the risk of malware attacks. However, the University could not lock down the entire network because of the flexibility that some users require. For instance, some staff – typically very knowledgeable and IT-savvy need their privileges to be elevated so that they can install and manage applications themselves.

“Also, while we could see the need to manage privilege, there was a concern about ensuring it did not create further additional administration workload,” explains Short. The University began an extensive market search to find an approach that would automate the privilege management process as much as possible yet remain flexible without increasing management overheads. Based on these criteria the University selected BeyondTrust PowerBroker for Windows Desktops and Servers, a centralised solution that uses a ‘least privilege’ model.

“Since we took that step, we have completely removed automatic administrator rights among our users, while simultaneously providing adequate rights to perform the tasks that students and staff need,” explains Short. Some of the key uses include elevating privileges for staff using multimedia packages in its multimedia centre, 30 applications on their desktops, and around half a dozen Windows functions.

“The net result is that no longer do we need to ‘punch holes’ in our security in order to complete certain tasks. The added bonus is decreased time spent dealing with user support issues, meaning that the team can spend more time on other activities,” Short adds.

With the help of least privilege management from BeyondTrust, the University of Winchester has consistent, robust security policies campus-wide. “[This solution balances] the need to give staff flexibility when it is needed, without impacting on security or creating additional workload for the IT department,” Short concludes.