Education Zero Trust Access Gateway / SWG DLP

Umm Al-Qura University replaced perimeter security with campus-wide Zero Trust.

How Brixio transformed campus security at Umm Al-Qura University with Cloudflare Zero Trust: Access, Gateway, WARP, CASB, and DLP protecting students, faculty, and research data.

Makkah, Saudi Arabia Students · faculty · researchers 5 min read
Umm Al Qura University
STACK5 layersAccess, Gateway, WARP, CASB and DLP deployed as a unified stack
COVERAGEFullZero Trust controls applied to on-campus, remote and international users
SHADOW ITZeroBlind spots — CASB provides visibility into every cloud application
LEGACY100%Perimeter-based systems replaced by identity-based architecture

The challenge

Umm Al-Qura University is a leading higher education institution in Saudi Arabia with a rapidly expanding student population and diverse academic offerings. The university's legacy perimeter-based security systems were no longer adequate for a large, decentralised environment where students, faculty, and researchers access resources from campus, home, and around the world.

Several gaps had to be closed:

  • Legacy infrastructure. Outdated perimeter-based security tools could not protect a decentralised campus environment with thousands of users on multiple networks.
  • Remote access at scale. Students, faculty, and researchers needed secure access to applications from campus, home, and international locations.
  • Sensitive data protection. Student records, financial information, and research data required protection against breaches and data loss.
  • Complex user management. Managing access across multiple systems, faculties, and user types created administrative burden and inconsistent security.

What Brixio deployed

Cloudflare Access (ZTNA)

  • Identity-based access to on-premises and cloud applications.
  • Policies based on identity, device posture, and location.
  • Secure access for students, faculty, researchers, and administrative staff.

Cloudflare Gateway (SWG)

  • Internet threat protection and content filtering.
  • University-specific outbound traffic policies.
  • DNS-level security across campus networks.

Cloudflare WARP

  • Client-side VPN replacement encrypting remote traffic.
  • Optimised performance for users accessing university resources from any location.

Cloud Access Security Broker (CASB)

  • Monitoring of cloud applications (Office 365, GitHub, and others).
  • Shadow IT detection and security policy enforcement.

Data Loss Prevention (DLP)

  • Monitoring of network traffic and SaaS applications.
  • Detection and protection of sensitive student, financial, and research data.

Architecture

Students, faculty and researchers route through one Zero Trust plane that combines ZTNA, SWG, CASB and DLP — on campus, off campus and abroad.

Students Campus + remote
Faculty + research Sensitive data
Admin staff Privileged access
Cloudflare Zero Trust
ACCESSGATEWAYWARPCASBDLP
Academic apps On-prem + cloud
SaaS estate Office 365, GitHub
Research data DLP-protected

Results

After rollout, the university operates with identity-aware controls across every user population, with cloud-application visibility and DLP coverage on sensitive academic and research data.

Modern Zero Trust replaces legacyPerimeter-based systems fully replaced by an identity-aware Zero Trust architecture across the entire campus.
Secure access from anywhereStudents and faculty get fast, encrypted access to academic resources from campus, home or abroad.
Cloud visibility via CASBCASB exposes shadow-IT use across Office 365, GitHub and other SaaS, with policy enforcement on top.
Sensitive data protectedDLP monitors network traffic and SaaS applications to prevent leakage of student, financial and research data.
Sector perspective

Higher education combines open networks, BYOD and sensitive research data — a hard environment to secure.

Universities are among the most targeted sectors globally. The combination of open campus networks, BYOD environments, sensitive research data, and thousands of concurrent users makes higher education one of the hardest environments to secure. This deployment demonstrates how a comprehensive Zero Trust stack (Access + Gateway + WARP + CASB + DLP) can address all five dimensions simultaneously, in line with NCA expectations for KSA universities.

NCA KSA Ministry of Education KSA ISO 27001
Zero Trust case studiesEducation industry
Other client stories

More Brixio × Cloudflare deployments

Transport Zero Trust Access Gateway / SWG

Identity-based access for 2,000+ airport operations users

Identity-based access replaces legacy VPN for 2,000+ operations users on Cloudflare Zero Trust and Gateway.

Read the case study
Education Cloudflare Tunnel Gateway / SWG

Multi-entity SASE for a UAE driving-education network

Branch connectivity and secure access on Cloudflare SASE for a driving-education network.

Read the case study
Government Cloudflare Tunnel Zero Trust Access

Zero Trust Access without public IP exposure

Cloudflare Tunnel and Zero Trust Access remove the public IP from a Saudi government valuation platform.

Read the case study
Securing a campus environment?

Find out where your Zero Trust posture stands today.

Run a free Snapshot to map your campus security exposure, identify identity and data-protection gaps, and get a prioritised roadmap from a Cloudflare ASDP partner.

Get a free Cloudflare audit Talk to a specialist