Abilene Christian University graduates to smarter remote access with Tailscale
Abilene Christian University (ACU) is a higher education institution that features two campuses in Abilene and Dallas with nearly 7,000 students and 1,200 employees. Matt Prescott, Director of Information Security, shares ACU’s journey from a lagging VPN with a time-consuming onboarding to a smarter solution that moves them closer to a Zero Trust networking architecture (ZTNA). Tailscale was deployed to help ACU’s staff access crucial resources for higher learning quickly, safely, and with much less hassle.
On the road to Zero Trust
When Matt joined ACU, his team began considering ways to upgrade their existing remote access solution. “We started looking around and trying to figure out if we wanted to do just another VPN or if we wanted to do something else.”
Specifically, his team began to consider moving to Zero Trust in case ACU acquired contracts with higher security needs in the future. They’d hoped to achieve Zero Trust in roughly three to five years, which placed his team at a crossroads between satisfying their pressing needs for a VPN or focusing on achieving Zero Trust.
“We came across Tailscale, and it seemed to fit the remote access part that we needed immediately, and it would also be a great base that we could build upon to start implementing Zero Trust in our network.”
Another feature that drew his team to Tailscale was the ability to use fine-grained access controls. Matt explains, “With our old VPN solution, it was more open. With Tailscale, I can go down to the very port, not just the machine itself, and be very granular in the access I give.”
They also appreciate the end-to-end encryption that Tailscale offers. “I know that wherever I'm at, whether I'm on campus looking at stuff or I'm off campus, it’s going to be encrypted all the way to both machines,” says Matt.
The impact of top-grade networking
The main users of Tailscale at ACU are the faculty and staff at both of their campuses. Matt explains that they’re initially grouped by campus and then given general access to resources stored in their ERP, an integrated software suite that manages the university's operations, including student information, financial aid, human resources, and finance.
Before Tailscale, staff consistently struggled with low bandwidth for users working remotely, and their previous VPN slowed connections even more. Matt recalls how this was particularly noticeable when users were logged into machines while trying to use Zoom.
Now, using Tailscale, staff can access remote resources safely without lag. Matt explains, “Our remote IT people have bragged, saying, ‘It’s so much faster. I can actually do work.’” Matt reports his users being delighted by Tailscale's speed and ease of use. “We've had nothing but positive feedback from our users.”
Access control made easy
Tailscale also gave ACU fine-grained access based on groups. Matt explains that their access rules for different groups were fairly extensive, “We have our servers segmented, and each segment and even servers on a segment have different levels of access.”
Matt explains that Tailscale made the process of getting users onboarded and granting them access based on groups “almost instantaneous.”
“It typically takes me two minutes. So I would say it’s definitely a huge time saver. I’d put their ID into the group they needed to be in, and boom, it’s done.”
He also values that he can look at a user’s ID and see all of the permissions they have. “I was helping our tech support. Somebody was having trouble accessing something on Tailscale at our Dallas campus. I was able to go through, look at her name, and say, ‘She doesn’t have access to these things. It hasn’t been requested yet.’”
Responsive support in their journey
Matt looked towards the dedicated support for any help his team needed to implement Tailscale and move through any challenges. “Every other week, we'd have meetings and talk about things that came up. In many cases, I would say, ‘Hey, I'm dealing with this’, or ‘I'm looking at this. Do you have something for that?’ And usually, they already had something that I just didn't know about yet.”
In one instance, he wanted to group IP addresses together so he didn’t have to manually assign each one to an ACL. His appointed Tailscale sales engineer pointed them in the direction of IP sets. “It saved me tons of time. I could put in one IP set, and then I just put that in the group that I wanted to give access to.”
He also cites the responsiveness of Tailscale’s support staff as key to their successful onboarding. “The support's been great. The sales and onboarding team helped me walk through things. I could come to them and say, ‘Hey, why is this working this way? Why is this doing this the way I have it set up?”
Planning for a more secure future
Looking towards the future on their road to Zero Trust, Matt believes that Tailscale could be integral to meeting key compliance needs for ACU.
If they acquire Department of Defense contracts or high-security research projects, Tailscale positions them to narrow the scope of what’s considered during assessments for NIST SP 800-171 and CMMC compliance.
“Scope is one of the bigger things when you’re looking at any assessment. You try to make your scope as small as possible,” he explains. “Even if you have a VPN, you’re still coming over your network. With Tailscale, you’re only on the Tailscale mesh that’s above your network.”
Tailscale has set a new standard
Educational institutions deserve networking as brilliant as they are, and Tailscale has helped ACU speed up their networking with a faster, more secure, and user-friendly solution. ACU is supported on their journey to Zero Trust, and Matt looks forward to even more features coming down the pipeline for Tailscale users.