University of Wisconsin–Madison

Smart Access Program

Smart Access is a multi-year initiative to modernize cybersecurity at UW–‍Madison using a Zero Trust approach. As cyber threats grow more sophisticated and persistent, our current safeguards are no longer enough. This program addresses the urgent need to reduce risk by aligning university cybersecurity efforts and making it easier for people to do the right thing—at the right time. Our approach is guided by two frameworks:
  • Protect surfaces help us prioritize what matters most—sensitive data, critical applications, and essential systems.
  • The CISA Zero Trust Maturity Model provides a roadmap for improving capabilities across identity, devices, networks, applications, data, and visibility & analytics.
As we move into the next phase, Smart Access is focusing on:
  • Continuing governance and collaboration across DoIT and distributed IT.
  • Advancing Visibility & Analytics and Automation & Orchestration to improve insight, responsiveness, and resilience.
  • Improving device compliance and integration to reduce risk at the endpoint level.
This work will be prioritized based on measurable impact and feasibility, with the long-term goal of reaching the maturity model’s optimal state. Through clear priorities, collaborative planning, and maturity-based evaluation, Smart Access is building a stronger, more resilient cybersecurity foundation for the university.

What’s happening now?

Device Data Analysis: Building the foundation for Smart Access decisions Smart Access January 2026 update
The Smart Access program is focused on fortifying university cybersecurity. The foundation of this work is understanding the devices that are connecting to the university network. Learn more about the important work and what’s to come. Smart Access work is active and focused on advancing Zero Trust with the tools we already have. Learn more about the current work and what’s next.
More Smart Access Program posts 

In this page

Lightbulb with a lock and a checkmark

Smart Access

Making it easy to do the right thing

Other updates

More news

Smart Access service principles

People forming the shape of a secured lock with tech icons

Our service principles define the core values, strategic direction, and essential characteristics for architecture design and execution, serving as a foundation for decision-making throughout the program.

|

Our primary goal is to support the university’s teaching, research, and outreach mission by assisting with security compliance requirements and reducing cybersecurity risk for the university.

Security is a shared responsibility. We learn from trusted sources and collaborate across the university to build a united front against threats. Partnerships and open communication are at the heart of our approach, ensuring success through collective effort.

We continuously refine our security strategies based on evidence and emerging risks. Recognizing the impact of the pace of change, we commit to thoughtful timing and transparent communication about the rationale and impacts of updates.

We prioritize the application of zero-trust security based on risk, focusing first on high-risk data and critical services, then expanding appropriate controls to other data and services. Success criteria for protecting those services are defined up front.

Cybersecurity measures should safeguard information while minimizing disruptions. We are committed to:
  • Evaluating user experience and end-user needs to increase adoption, innovation, accessibility, and ease of use
  • Being aware of the security burden on users
  • Identifying and sharing the benefits of changes
  • Implementing sustainable processes that ensure long-term stability and support
  • Iterating and improving solutions based on stakeholder feedback
  • Finding ways to reduce complexity, when feasible

Program team

|

  • Didier Contis, Vice Provost & Chief Information Officer

  • David Pagenkopf, Deputy Chief Information Officer
  • Jeffrey Savoy, Chief Information Security Officer

  • Tadd Smejkal, SEO Director
  • Bobby Jo Morse, PPMO Director
  • Chris Richards, Project Manager
  • Steve Tanner, Cloud and Security Engineering Associate Director
  • Crague Cook, Organizational Change Manager
  • Tomomi Imamura, Enterprise Cybersecurity Architect
  • Whitney Jacobson, Communications Specialist

Contact us

Stay updated and engaged

To get the latest news, event updates, and ways to stay involved join our mailing list.

Sign up and receive updates

Get in Touch

 We’re here to help. Feel free to ask us anything or share your thoughts.

Send us a message

Frequently asked questions

|

We made the decision to defer A5 licensing expansion after a comprehensive discovery phase. Learn more about Microsoft licensing

Key challenges included performance concerns and limitations around delegated administration—particularly important in our distributed IT community. Addressing these issues requires further vendor collaboration before we can move forward confidently.

Yes. We expect to revisit Microsoft A5 licensing for Fiscal Year 2028, once foundational efforts like Active Directory migrations are complete and key technical concerns have been addressed.

Opportunities will be prioritized based on potential for risk reduction, technical feasibility, user impact, and alignment with our strategic goals. This process will be done incrementally and collaboratively with input from DoIT service teams, distributed IT partners, and other university stakeholders.

A protect surface is a core concept in Zero Trust security. Instead of securing an entire network perimeter, this approach identifies and focuses protection on specific assets—such as sensitive data, essential applications, and key systems – and applies dynamic, risk-appropriate security controls to those individual surfaces. It’s about deciding clearly what needs safeguarding and how we safeguard that specific asset rather than trying to keep every potential threat out. Learn more about the protect surfaces approach for Smart Access.

Yes. Departments currently rolling out endpoint management or endpoint security products such as Workspace ONE, BigFix, Cisco Secure Endpoint, and Qualys should continue their in-progress deployments. If you are planning to start a roll out and are interested in learning more about the service Smart Access is exploring, contact us.

We would like our Zero Trust strategy to support secure access for personal devices and devices not managed by UW–‍Madison. More testing, collaboration with IT departments, and feedback solicitation will be required before we can do this at scale.