Notre Dame Upgrades Data Compliance While Supporting IT Team
With nearly 15,000 students and faculty at their South Bend campus, the University of Notre Dame handles millions of email messages from all over the globe every day.
Incoming messages need to be vetted for safety, and outgoing messages with the nd.edu address need to be validated as authentic. As Senior Systems Engineering Specialist at Notre Dame’s Office of Information Technology, Paul Wehner is responsible for messaging applications and application virtualization on Google Cloud. During his 18 years at Notre Dame he has helped students, faculty, and staff communicate with each other securely and conduct their daily workloads seamlessly.
The protocol for managing email verification is called DMARC, or domain-based message authentication, reporting, and conformance. DMARC helps organizations protect their users from any unauthorized emails–from spam to phishing schemes–by preventing direct domain spoofing. It labels fraudulent messages and allows organizations to customize their response for what to reject, quarantine, or report. Notre Dame has as many as 60 different email vendors, so it is challenging to track down and confirm that everyone who sends emails to anyone at Notre Dame follows these standard procedures.
Managing for Resilience
Wehner was in the middle of upgrading the university’s DMARC compliance when he received a life-threatening medical diagnosis. Suddenly, he needed an urgent medical leave–and he was the only one on the four-person team who specialized in messaging services. His team was already allocated at over 100%. Who would take on his workload? Wehner was irreplaceable, personally and professionally. Without a solution, the team would face the disruption of finding and training a temporary employee or take on technical debt by making short-term decisions–all while managing anxiety about a friend and colleague. Wehner’s personal medical crisis thus became an organizational challenge: how to build in support systems to make sure both staff and services can continue at their best, whether the crisis is a medical emergency or just normal staff turnover.
Luckily, Notre Dame had already brought in a Burwood team to help upgrade their DMARC compliance. The IT department had collaborated with Burwood on another project before and they knew that Burwood consultants had the deep domain knowledge to make a difference in achieving their goals. They added another Burwood member to the team temporarily to help fill Wehner’s job while on leave and train another staff member in his roles. With the Burwood team on board, the project continued while Wehner focused on his recovery. “We were very lucky to get Burwood consultants in pretty quickly,” he says. “It's been a great relationship. They added the layer of expertise and experience that we needed at the time.”
Thankfully, this story has a happy ending. After a year of treatments, Wehner defied his prognosis. He is now fully recovered and back at his job, with new and improved support. The department has achieved full DMARC compliance since his return and Burwood has helped onboard a new staff member to manage Google Workspace help tickets for the department.
““We were very lucky to get Burwood consultants in pretty quickly. It’s been a great relationship. They added the layer of expertise and experience that we needed at the time.””
Getting Results– Now and Later
Overall, Notre Dame’s collaboration with Burwood achieved several key milestones:
Identified all mail server providers and upgraded authentication to reach 97% DMARC compliance in under six months
Improved data security for Google Workspace by identifying vulnerabilities and establishing new policies
Trained staff in new workloads with no interruption to service
Reduced the number of Notre Dame’s subdomains from 75 to 4 to prevent vector attacks
Audited Google Cloud usage to evaluate ways to reduce costs for the 10,000 cloud projects Notre Dame hosts
These results don’t tell the whole story though. Wehner, for example, would emphasize the camaraderie of working together: “The Burwood consultants were the teammates in our little group who handled all of Google and email. They hit the ground running and added value to us and our operation throughout the engagement. We benefited daily from their expertise and suggestions for improvements.”
Disaster recovery is often discussed in terms of data storage and redundant systems, but any department’s most valuable assets are its employees. When teammates struggle, the organization suffers and productivity declines. Wehner points out that “disaster recovery is also a people problem. It’s an abstract problem until it’s not, and you have to plan for that. I was consistently overallocated according to our own metrics. Now I am no longer singularly responsible for this essential IT maintenance.” By engaging Burwood consultants to train and support their internal staff, Notre Dame solved this problem–and the next one.
Founded in Indiana in 1842, the University of Notre Dame is a leading Catholic institution for teaching, research, and scholarship.
Defining Key Terms
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a protocol that fits into an organization’s existing inbound email authentication process. It validates the sender’s information and quarantines any incoming emails that do not comply, thus reducing phishing and other fraudulent messages.
As an award-winning Premier Partner and Reseller with Google Cloud, Burwood Group has worked with many higher education institutions to improve operational efficiency and advance their missions. For example, they helped the University of Wisconsin at Madison develop a secure platform on Google Cloud for sensitive public health research.
