Established in 1911, the University of Western Australia (UWA) is a public university consistently ranked in the top 1% of academic institutions worldwide. The university maintains two campuses and over 75 research and training centres across Australia. In addition to 22 schools offering undergraduate and graduate degrees in everything from medicine to music, UWA receives over $71 million of external research income annually.
As a multifaceted institution with many external partners, UWA faced a variety of challenges. One is straddling a thin line between enabling access to sensitive data and systems while still protecting it from unauthorized parties. “In a corporate environment, digital assets can be locked away behind a firewall, but some of our systems and data must be left open to enable global collaboration,” explains Warwick Calkin, Chief Digital and Information Officer.
Another challenge was complex, outdated infrastructure. “UWA had about 1,200 different legacy systems, about half of which were unknown or not managed very well,” explains Cam Marshall, Associate Director, Infrastructure & Platforms. This complexity made it harder to comply with the cybersecurity standards needed to compete for defence research projects with the Australian government. It also complicated the university’s response to the COVID-19 pandemic.
“For years, our tech landscape had been significantly under-invested, and then COVID-19 fundamentally changed the way we needed to deliver education and perform research,” says Peter Seddon, Assistant Director of Strategy, Architecture, Portfolio & Business Intelligence. “A campus no longer refers to a physical place, but a collection of people.”
For several years, UWA had been using Cloudflare’s CDN on a few subdomains. Faced with an urgent need to phase out their legacy technology and secure their externally facing systems, UWA chose to expand the relationship.
Cloudflare DNS enabled UWA to transform its entire DNS infrastructure, decommission its legacy DNS hardware, consolidate thousands of DNS records into a single source of truth, and radically simplify its internal legacy DNS by removing all external sites and focusing exclusively on on-campus services. These external sites included over 130 web properties run by UWA affiliates and associates. Once UWA moved all of those sites behind Cloudflare DNS, the university was able to implement WAF protection for them, use common Cloudflare Certificates to transform SSL security certificate management, and establish governance policies and processes for those affiliates and associates to follow moving forward.
“Cloudflare enabled us to consolidate over 18,000 DNS records and significantly simplify our landscape,” Seddon says. “It’s difficult to convey the extreme magnitude of this change. Prior to implementing Cloudflare, some of our project managers told us that they’d never seen this level of complexity before, in any educational institution or business.”
Additionally, with its DNS structure simplified, UWA is now able to provide better, more secure WiFi to students, faculty, and guests
Using Cloudflare WAF, UWA implemented a firewall allowlist to block all website access except for a nominated set of IPs, greatly reducing the university’s attack surface and establishing a foundation for the safe, progressive migration of all remaining services behind Cloudflare WAF.
“Cloudflare WAF has moved our risk outside of UWA,” Marshall adds. “Prior to Cloudflare, we had unmanaged systems that were at risk for DDoS and other cyberattacks. With the WAF in place, if we have a problem, our internal business operations can continue uninterrupted.”
Prior to implementing Cloudflare WAF, UWA lacked visibility into its data environment. As a result, the university took a proactive approach to security, responding to cyberattacks instead of acting to prevent them. Implementing Cloudflare WAF and integrating it with Splunk has transformed UWA’s approach to cybersecurity.
“Integrating the Cloudflare WAF with Splunk has provided us with a thorough understanding of our infrastructure and complete visibility into our threat environment,” Marshall says. “We can now engage in preemptive security measures.”
Seddon notes that the infrastructure changes Cloudflare have enabled create opportunities for further improvements, such as implementing processes to use Cloudflare’s network security capabilities to identify, triage, and block external network cyberattacks.
“At the outset, no one at the University of Western Australia fully estimated the positive impact of implementing Cloudflare’s security and performance solutions,” Seddon notes. “Cloudflare enabled The University of Western Australia to achieve far more than we originally anticipated and put us in a stronger position to securely manage our Internet-facing network.”
Calkin appreciates the investment in local support that Cloudflare provides in Western Australia, which is unique to Cloudflare. “Western Australia is the country’s most remote province,” he explains. “Vendor presence is poor on this side of the country, and some services simply aren’t available here. Cloudflare has made local investments in Western Australia that other vendors haven’t. We get local support provided by local people. I wish all of our vendor engagements were like Cloudflare.”
Used Cloudflare WAF to implement an allowlist to block all website access except for a nominated set of IPs, greatly reducing its attack surface.
Cloudflare DNS enabled UWA to decommission an on-premise DNS server and consolidate over 18,000 DNS records.
UWA moved over 130 third-party website services behind Cloudflare DNS and implemented security protection for most of them.
“Cloudflare has made local investments in Western Australia that other vendors haven’t. We get local support provided by local people. I wish all of our vendor engagements were like Cloudflare.”
Chief Digital and Information Officer
“Cloudflare enabled University of Western Australia to achieve far more than we originally anticipated and put us in a stronger position to securely manage our Internet-facing network.”
Assistant Director - Strategy, Architecture, Portfolio and Business Intelligence