Amrita University begins Zero Trust journey by protecting identities with Azure AD and other Microsoft enterprise solutions

Transforming higher education

While most universities prepare students for professions, Amrita Vishwa Vidyapeetham (Amrita) prepares them for life. Spiritual understanding infuses its teachings in sciences, medicine, nursing, engineering, agriculture, and several other fields. The university promotes compassion-based research to solve some of the world’s most pressing problems, such as poverty, starvation, pollution, and diseases.

Since its founding in 1994, Amrita has forged relationships across the globe, and it sponsors more than 180 research partnerships with world-class universities to create groundbreaking solutions and technologies. Despite its short history, Amrita has earned several honors, including being named as the fifth best university in India’s National Institutional Ranking Framework 2022 and one of the top 50 universities in the world according to the University Impact Rankings 2022. Amrita’s IT modernization initiative is accelerating to keep pace with the university’s rapid growth. Its cybersecurity journey begins with identity—the gateway to precious intellectual property—and it trusts Microsoft Azure Active Directory (Azure AD) as its first step toward a Zero Trust security framework.

Laying the groundwork for Zero Trust

The university’s lightning trajectory from an engineering school of 120 students and 13 faculty members in 1994 to today’s more than 24,000 students and 1,700 faculty spread across eight campuses around India demanded fast IT growth. By 2018, the university’s IT team was increasingly constrained by its fully on-premises environment. Managing datacenters on each campus was costly and time-consuming. The decentralized IT teams were forced to maintain a complex approach to access governance. Amrita now has 50,000 endpoints, and supporting around 25,000 students, faculty, and staff who need access to applications on a network of web servers made for inefficient procedures. For example, IT had to create links for each student application, which reviewers had to download and then request authorization to use.

Additionally, prior to outset of COVID-19, the university’s email systems were at risk of being compromised. Datacenter management issues were also a growing concern, such as the management demands of a mushrooming number of services and the security of highly confidential research data on on-premises file servers. Amrita concluded that it required the convenience, efficiency, and security of the cloud, with Zero Trust as its ultimate goal.

Although it hosted its website on AWS, Amrita primarily relied on Azure. “We chose Azure because of the range of services available on the Microsoft platform,” says Sachin Vinay, Network Administrator at Amrita Vishwa Vidyapeetham. “Now, 90 percent of our web applications run on Azure, significantly reducing the issues and expense created by our datacenters.” Sachin began the cybersecurity journey with a focus on identity because one compromised identity can jeopardize the entire institution.

Simplifying security and management with Azure AD

Amrita’s central IT team began by merging the identities from the university’s on-premises Active Directory with Azure AD. The team connected the directories with a secure sockets layer (SSL) VPN—a service combining SSL encryption and highly secure VPN access. That process created an ongoing syncing of Amrita user identities to the cloud, ending the need for IT to send a link to a user who needs a password reset and enabling self-service resets. When the university deployed Outlook as part of its Microsoft 365 rollout, it further simplified access by adopting Outlook credentials as the sole identity for every user.

New users now register their devices in an online service that transmits a complete device profile to the Amrita endpoint database, accessing the registration database with WPA2 Enterprise security. “We can be sure that we’re authenticating only legitimate users with Azure AD and other Microsoft technologies,” says Sachin. “Our organization completely depends on Azure AD for authentication and identity-related features.”

Amrita users enjoy streamlined access with Azure AD single sign-on (SSO) to university resources from anywhere. “Thanks to Azure AD SSO, our users only sign in once—then Azure handles everything,” says Sachin. “We haven’t experienced any security-related issues in the four years since we’ve deployed it.”

Taking the XDR next step with Microsoft Defender solutions

As an organization that runs on Microsoft 365 productivity apps, Microsoft Defender for Office 365 made sense for Amrita. Granting permissions across large user group types with role-based access control boosts IT productivity. Sachin anticipates even more gains with the university’s upcoming OneDrive rollout, which will provide every student and faculty member with OneDrive storage for further cost savings on energy and datacenter maintenance.

Despite growing cybercrime, Amrita stays ahead of malicious actors by monitoring its estate with a single dashboard in Defender for Office 365. “Thousands of malicious emails are sent to organizations every day,” says Sachin. “Defender for Office 365 alerts us about suspicious email attachments for efficient prioritization and remediation.” He adds, “Competing solutions cost more—we spend 50 percent less time resolving issues, and our threat detection is 20 to 30 percent faster.”

Building on a Microsoft base for future success

Amrita plans to focus on identity protection with Microsoft Defender for Identity. “We’ve found that Defender for Identity is the best solution for supporting our defense against malicious identity-related issues,” says Sachin. “It provides precise details about the timing of attacks, facilitating fast response.” His team can increase efficiency with Microsoft Defender for Cloud Apps to protect its Microsoft 365 tenant. Sachin is impressed by the ease with which the two solutions interoperate. “Defender for Cloud Apps automatically passes security log information to Defender for Identity,” he explains. “This synergy protects applications and data very effectively.”

The university will take user convenience to the next level with Microsoft Entra Verified ID for seamless access to transcripts and other invaluable data. “We’ve been dreaming of a unified solution to overcome connectivity outages caused by internet issues in some locations,” says Sachin. “Our vision is to retire our Fortinet VPN service and use Verified ID backed by a full complement of Microsoft solutions.” That vision stems from a positive security-related identity experience. “Our organization is safer because each Microsoft solution offers a different layer of security, and the solutions work together natively to deliver coordinated detection and response across our environment,” he concludes.

Find out more about Amrita Vishwa Vidyapeetham on YouTube, Twitter, Facebook, and LinkedIn.