Blocking threats at scale and improving cybersecurity posture without increasing headcount
Tiffin University is a private institution of higher education based in north central Ohio that offers online degree programs (bachelor’s, master’s, or doctorate) to help working adults further their careers. Disciplines include the arts, sciences, criminal justice, business administration, and more.
Deploys ZPA to over 100 employees within one week
Provides 50% faster access to internal applications and resources
Enables faster onboarding of employees and improved business continuity
Reduces technical support tickets and time to resolution
Once we decided to deploy Zscaler, we were up and running in a weekend... Within a week, everyone had Zscaler on their machines.
Founded in 1888, Tiffin University offers online and in-person undergraduate, graduate, and doctorate programs catering to working adults who want to gain practical, industry-specific skills to expand their career options. The university’s main campus is in Tiffin, Ohio. The campus in Bucharest, Romania, provides a path to a degree for students around the world, with its bachelor of business administration (BBA) and master of business administration (MBA) degree programs.
Tiffin’s previous IT environment was limited in its ability to allow remote users to access internal resources. While the university had a small-scale implementation of VPN, only a handful of employees were using it. The open source online learning management system, Moodle, is widely used by adjunct faculty and students.
When the pandemic hit, and everyone was forced to work at home, the university’s IT team had to pivot quickly. They had only two weeks’ notice to enable employees to function. They scrambled to provide hardware that people could take home—including laptops and all-in-one units—and sought out solutions that would securely enable remote work and secure access to internal resources and applications. That’s when Zscaler Zero Trust Exchange (ZTE) came into the picture, and it turned out to be a perfect fit. Since then, it has evolved into an essential component of Tiffin’s cloud migration strategy.
“Once we decided to deploy Zscaler, we were up and running in a weekend. We met on a Saturday morning, and by Monday we started deploying it on people’s machines,” said Justin Schlenker, Enterprise Applications Director. “For those already working remotely, we provided a self-service capability. We quickly created documentation and made the installer accessible to them. Within a week, everyone had Zscaler on their machines.”
The main applications used by staff are the student information system (Ellucian PowerCampus), financial software, and Microsoft Windows file-sharing systems. Prior to implementing ZTE, the university was using Microsoft Windows Remote Desktop Services to allow users to log into a server on campus in order to access those resources. But the security controls were insufficient. When the university decided to make the switch to Zscaler Private Access (ZPA), the user experience and security were noticeably improved.
“One of the reasons we like Zscaler is that we don’t have to route traffic back through the campus network for remote users. With traditional VPN, we were eating up bandwidth and competing with other resources. Now we're only sending through the traffic that needs to be sent through,” shared Schlenker.
Faculty and staff are currently using Zscaler Private Access (ZPA) at Tiffin across all their locations, including Bucharest. Following a smooth initial deployment, Schlenker quickly fine-tuned access rules to ensure all employees had access to the right resources. The reaction from staff was positive, and technical support tickets were substantially reduced.
“With ZPA, we’ve seen improved performance over the previous VPN we were using—an estimated 50% increase in speed when it comes to accessing internal applications,” he said. “And, with Zscaler we were able to tighten up our network significantly by specifying the endpoints that people can reach. We were able to close a lot of ports, turn a lot of things off, and secure everything. Now, people can get access to specific destinations only by going through Zscaler which provides us a lot of comfort and helps me sleep at night.”
With ZPA, we’ve seen improved performance over the previous VPN we were using—an estimated 50% increase in speed…
As an important first step toward zero trust, Tiffin is taking advantage of the Zscaler-Okta integration. The Okta identity management solution first authenticates users. Zscaler then inspects the traffic and validates access rights. Now users at Tiffin can securely access the student information system and the financial aid system, along with other legacy programs still in use.
Prior to that, the university was not doing much in the way of single sign-on other than through their homegrown identity management system and occasionally Google G Suite.
“It was a very easy setup,” observed Schlenker. “The learnings we derived about Active Directory groups and membership from the Zscaler-Okta integration have been valuable and have led us to expand our use of Okta to other products,” explained Schlenker.
The integration has also accelerated and simplified new user onboarding. As he described it, “When a new user comes in, they are assigned access privileges based on their Active Directory group. We have their configuration already set up in many cases, with the exact resources they need. First, they pass through Okta and then go on to Zscaler. Everything works with minimal intervention.”
Zscaler is such a robust and reliable product, troubleshooting and problem resolution activities have been significantly reduced…
Currently, the university is operating in hybrid mode, with some employees accessing resources remotely and some connecting directly to the network. While the university has not yet evolved into a 100% zero trust environment, the principles of zero trust are guiding the organization’s journey.
“It’s important to never assign more trust than you absolutely need—to anyone. So limiting access to only what’s necessary is always important. We believe that if there's not a strong business case to use a resource, you shouldn't be using it,” said Schlenker. “Zscaler falls right in line with that.”
Schlenker is continually learning more about Zscaler and refining the implementation as the university moves along in its digital transformation.
Just having Zscaler deployed with its basic configuration was already a huge leap for us. It's been a complete revolution.
Like many universities, Tiffin works with third-party vendors and contractors for a variety of products and services. Schlenker is aware of the potential risks of sharing critical data and technology resources with them. “You're only as secure as your partners are, so being able to segment access for these users is huge for us,” said Schlenker. “With Zscaler in place, we can allow third parties to access only the resources they need for a specified period of time.”
Another big benefit of the Zscaler deployment is a reduced workload for Tiffin’s help desk, which is staffed by three employees.
“This has been a positive and somewhat surprising outcome of our Zscaler deployment. Since Zscaler is such a robust and reliable product, troubleshooting and problem resolution activities have been significantly reduced for our small help desk,” noted Schlenker.
Schlenker foresees that Zscaler will play a major role in maintaining business continuity at Tiffin. If, for example, a weather event were to shut down the campus, the university could still function. Additionally, employees that work remotely could log in at home and have access to their resources.
“There was an interesting situation with one of our instructional designers who was working in Austria. She was blocked from accessing a stateside resource she needed by her country. Because it was an educational resource, we approved access to it and added that to ZPA, so she was able to do her job,” related Schlenker.
Finally, Zscaler’s simplified management console has made Schlenker and his technical colleagues more efficient and more effective.
“We can make tweaks and adjustments to our Zscaler configuration very easily. That's something I typically would not be involved with in my role as application director, but, because it’s so straightforward, I can define what our applications are and enable our people to access them quickly,” he said.
One of Tiffin’s goals is to migrate to the cloud and pare down its data center on campus in order to better serve its hybrid workforce. This strategy will improve performance, provide more secure and reliable access, and reduce maintenance and hardware costs. Zscaler is essential to advancing that goal.
Fewer employees working at the office will have an added benefit: it will help the university reduce its carbon footprint and potentially support future sustainability targets. Additionally, employees who work at home or need to travel for business will be more productive and will enjoy greater flexibility, which contributes to well-being and work/life balance.
“Replacing applications and resources with a cloud alternative wherever possible is an ongoing process that we started several years ago. Zscaler has helped us push that goal forward,” said Schlenker. “Just having Zscaler deployed with its basic configuration was already a huge leap for us. It's been a complete revolution.”