Let’s wind the clock back four years to 2018. At that time, The Southport School – an independent Anglican early learning, primary and secondary day and boarding school for boys – was relying on a legacy wireless network that had started to struggle with the increased use of BYOD by its growing student population. More than that, wireless coverage required improvement, network performance and visibility were limited, and their security posture needed strengthening.
The Southport School engaged Data#3 to upgrade their wireless infrastructure, and deploy a solution leveraging Aruba ClearPass, Aruba Airwave and Palo Alto Networks firewalls with network security management. There was a significant improvement from day one in network access, performance, coverage and user experience, but what about now, four years later?
Rarely do we take the time to reflect, always moving onto the next challenge. It’s a particularly interesting time to review, as it has been an incredibly disruptive few years for education delivery and schools are confronting an enormous increase in security risks.
Beyond the required network performance, The Southport School needed a robust security infrastructure. A key requirement of the solution included knowing who is doing what on the network. The ‘who’ is the authentication piece which can be challenging, particularly in a BYOD environment.
Visibility is the ‘what’ – this can also be challenging, particularly given that most web traffic today is encrypted. Automation is also increasingly important – both to detect and respond to high-risk behaviour, and to overcome the constraints of small IT teams and gaps in skillsets.
In this customer story, Data#3 National Practice Manager for Education, David Wain, sits down with Richard Humphreys, IT Manager for The Southport School to discuss:
By focusing on authentication and visibility, we think we’ve got the balance right between user experience and our tight security controls. For visibility, Microsoft Defender, Aruba AirWave, and Aruba ClearPass provide a clear view into our school’s network operations. For example, with Aruba ClearPass, network-based tunnelling and 802.1x on all edge ports, our IT team has a complete list of all the devices on the network, including a security profile that prevents unauthorised connection to the network – right back to the physical port.
With Microsoft 365 Defender’s XDR approach and their adherence to the MITRE ATT&CK framework, we gained a lot of visibility across the entire attack chain and how to mitigate that attack chain. Microsoft Defender helps with our IoT security after rolling out the agent on everything, but more importantly, this helps us view any vulnerabilities with respect to our whole security posture. For example, instead of just going in and patching or turning off an identified vulnerability, an action that can have further impacts down the line, we know we’ve already solved it with another part of our security capabilities like Mobility Controller Access Control Lists.
Additionally, the next-generation Palo Alto firewalls offer excellent protection for the school, and we’ve used them for the past two firewall refreshes. These firewalls directly integrate with our Aruba Network stack – via ClearPass – enabling us to apply specific policies for student and staff user groups, as well as the large student boarding community situated on campus.
With them, we can also run SSL decryption across any BYOD devices – which covers students from grades four to 12 – allowing us to capture invaluable insights into their online behaviour. This data is then analysed by our Saasyan Assure AI-driven student wellbeing app, and used by our well-being and pastoral care teams. This solution is pivotal to our holistic approach to student wellbeing and internet safety. On top of this, Palo Alto’s innovative security solutions – including Wildfire – offer best-of-breed security controls for our school, as well as integration into other platforms.
Everything has held up really well and still meets our growing needs. As we discussed, visibility across the network is extensive – nothing connects without us knowing about it. Our wireless coverage has extended across the campus, and Aruba’s network wireless infrastructure has proven to be excellent year after year. A simple method of one access point per classroom works best for us while the Aruba controllers and associated management applications, such as Aruba Airwave, manage wireless tuning and provide the best spread of wireless channels and frequency.
The next big goal was to improve performance and both our physical and wireless networks continue to perform optimally. In fact, the reliability and performance of the Aruba network means almost no intervention is required. This has significantly freed up our IT team’s time, allowing us to focus on more value-adding initiatives.
Device onboarding was another critical objective. We’ve been a BYOD school since 2008, but we’ve always found it challenging to connect all the different devices successfully and securely. We used Aruba ClearPass Onboarding for several years, but recently moved to SecureW2 as it provides better support for Apple macOS and iOS devices.
Finally, there’s security. The implementation of network-based tunnelling and Aruba ClearPass deeply strengthened our security posture. Our team can now safely say they know all devices connected to our network with any devices that are not explicitly approved denied access. Network traffic is secured for approved devices with the implementation of rules and policies within the Aruba controllers.
We’ve encountered all four challenges to some degree, and security continues to be at the forefront of any key infrastructure decision we make. At a high level, we have two key considerations when developing a cybersecurity strategy for our school. The first is technology, ensuring you have those key solutions within your security stack, such as edge firewalls, endpoint protection, detection and response, network security and authorisation, patch management, intrusion detection and response, and backup, just to name a few. The second is the human factor. Any organisation, especially schools, need to have a strategy for security awareness training for staff and students, as well as good communication regarding security with all stakeholders – which includes staff, students, and parents and goes all the way to the school executive and board. The human factor is also impacted by the skills and consideration of those in charge of IT systems.
Security has been a top priority at The Southport School for several years, and this is why implementing the best possible solution has been a critical goal of our team and our school. This approach has resulted in us not experiencing any significant attacks to date.
Learn more about how schools can improve their cyber security strategy and better protect themselves against internal and external threats in this short video series featuring The Southport School, Aruba and Data#3.
The ASD Essential Eight (ASD-8) is an excellent resource for any organisation, including schools. When ranking against this framework, our maturity level is high, however there are a couple of areas where because we’re a school, we fall short. One example of this is giving teachers administration privileges; right now we do this as we need the flexibility. It may change next year when teachers receive new devices and we can achieve the same outcome with greater control.
Thinking beyond ASD-8, I feel that most frameworks and standards, including NIST, ISO, and MITRE, have a purpose and can have a role to play when developing a sound security strategy. I stay across all of them and find I use elements from each, depending on the decisions we need to make.
We are very happy with our current security posture. We are evaluating additional security products such as vulnerability scanning and security event management systems to help us stay ahead. We are also looking to move from on-premises network management to cloud-based management using Aruba Central. We are seeking a number of enhanced management options including:
In the education industry, cost is always a significant factor, so we must ensure every dollar invested in technology is worthwhile and provides the school with the most beneficial outcome.
At Data#3, we understand that every organisation delivering the services that their customers and employees demand, requires a robust and reliable network. Data#3 is proud to partner with Aruba, a Hewlett Packard Enterprise company, whose cloud-managed networks offer no-fuss configuration at an affordable price with flexible options for any budget. Data#3 is the Aruba National Partner of the Year 2021 and the As a Service Partner of the Year for the Asia Pacific and Japan region, in recognition of our “Customer First, Customer Last” excellence.
Since 1994, Data#3 has combined forces with Microsoft to help our customers adapt and grow. Today, we are Microsoft’s largest Australian business partner with the highest level of competency across the Microsoft ecosystem. Our hundreds of accredited consultants are ready to help our customers deliver the digital future; from enhancing productivity and collaboration with Microsoft 365 and the latest Surface devices, to transforming business processes with Dynamics 365, to ensuring our customers get the most value from Azure cloud. Our scale and expertise enable our unparalleled support to customers selecting, deploying, managing and securing Microsoft applications, products and devices.
With over 25 years of experience in the Education sector, Data#3 continually invests in developing the skills and services to help schools create environments in which learning can thrive. For a limited time, Data#3 is offering a range of security workshops to help schools stay one step ahead of evolving threats. Contact your account manager or the Data#3 education team to discuss today.