University client — hosting and cyber securing the uni platform

Protecting the university, its students and its academics from cyber security threats

Article summary: Following a threat alert from the Tertiary Education Quality and Standards Agency (TEQSA), we worked with this university client to help secure their platform and websites from cyber threats. Our solution uses QuantCDN, which creates an entirely static copy of the website on the frontend to reduce the attack vector. We also brought key uni websites into our support desk and migrated them to Salsa’s hosting platform to ease the university’s operational burden.

On this page:

At a glance

$51K-$100K
2021 - 2022
9 to 12 months
Completed
QuantCDN, Drupal, WordPress
Education
Discovery & strategy, Hosting & maintenance, Support & optimisation, Technical advisory
Web development, Static web, Content management systems
Security, Open source

Overview

The university’s challenge

Our university client wanted to improve the security posture on their websites that Salsa was supporting. They were also keen to reduce the operational burden of hosting and maintaining sites internally. Note: Due to a strict communications policy, this client can’t be named.

The university’s transformation

To relieve the operational pain, 10 of the university’s websites were moved onto the Salsa Helpdesk for their support needs. These websites were also moved onto Salsa’s hosting service. For security, we set up a more rigorous patching process, employed QuantCDNExternal Link to create a static version of the sites, and also set up a shield for added protection on backend access to the content management system (CMS).

The outcomes

  • 10 university websites now supported by Salsa to ease operational burden
  • 10 university websites now on Salsa’s secure, next-generation hosting platform
  • Significantly reduced security risks across all the university’s sites that Salsa supports
  • Created roadmap and structure for future migrations

Detailed case study

Below is detailed information on the challenge, transformation and final outcomes/benefits.

The university’s challenge — a higher level of security required

In 2021, the Tertiary Education Quality and Standards Agency (TEQSA) released a cyber threat alertExternal Link detailing malicious code from commercial cheating providers. Researchers in the US had found four types of malicious code on Australian university sites. In addition, the government was considering reclassifying universities as critical infrastructure as part of the Security Legislation Amendment (Critical Infrastructure Protection) Bill. This would mean much higher security standards for university websites.

Our university client reached out to us wanting to improve the security posture on their sites that Salsa was supporting. They were also keen to reduce the operational burden of hosting and maintaining some sites internally.

The university’s transformation — Salsa support and new security measures

To relieve the operational pain, Salsa recommended putting the websites onto our operational support infrastructure. As part of this process, 10 websites were moved onto the Salsa Helpdesk for their support needs. The sites were also moved onto the new, highly secure Salsa hosting platform.

For security, we took a multi-pronged approach. Firstly, we set up a more rigorous patch application process. We also proposed putting QuantCDN in front of the sites.

When Salsa CTO and QuantCDNExternal Link creator Stuart Rowlands explained to the university’s security expert that Quant was not just a CDN but also a static copy of the site, he instantly understood the benefits (reduced security attack vector on the sites) and was onboard straight away.

QuantCDN generates and serves a static version of a website to users. This significantly reduces the attack surface because users interact with a static representation of the content, not the frontend of a live CMS. More about QuantCDNExternal Link

This gives the university increased flexibility and reduces time pressure for patching the backend because it’s not as publicly accessible.

The university backend was hardened further by putting basic authentication in front (a shield). Now, content authors need to enter the shield username and password before they can login to the CMS itself.

The outcomes — improved security and reduced costs

  • Significantly reduced security risks across all of the university’s sites that Salsa supports

  • A significantly reduced attack surface

  • 10 of the university’s sites now on the secure Salsa hosting platform

  • Reduced costs for maintenance and patch cycles

  • 10 websites now supported by Salsa to ease operational burden

  • Faster and more consistent response times

  • The option to “buy time” as a mitigation against D7 end-of-life liabilities (through a static version of the D7 sites post End-of-Life)

More information about options for Drupal 7 End-of-Life 

About the university

This university client is one of Australia’s largest universities, consistently ranked in the top one percent in the world. The university’s IT needs are met via a dedicated central IT department that manages the university’s many websites.