Background
Founded in 1886, Ascham School is a non-selective day and boarding school for girls located in Sydney, Australia. The framework for teaching and learning at Ascham is the Dalton Plan, which encourages students to take responsibility for and ownership of their own learning, supported closely by their teachers. Students in years 5–12 are involved in the Personal Device Program which allows them to bring a device of their choice to support their learning. The program offers students flexible access to technology-rich content to facilitate and support academic achievement and encourages students to personalize their use of technology.
With approximately 1,200 Prep-12 students who are growing up with unlimited access to technology and information, Ascham faces a daily challenge to enable smooth access to vital online educational resources while preventing cyberthreats and inappropriate online behavior. However, the school’s legacy security infrastructure had chronic performance problems, unreliable reporting, and inconsistent policy enforcement.
With the Palo Alto Networks Security Platform, Ascham now has extensive visibility into network traffic for quickly identifying impermissible activities. Ascham also has an intuitive menu for creating security policies that are applied flawlessly across its network and reporting that is fast, easy, and reliable. Most importantly, performance improved dramatically, eliminating slow or no access to online resources and tools. By solving network performance problems, the IT department regained 40 percent of its time to work on more strategic projects to benefit the school.
Improving the Security Report Card
This progressive day and boarding school for girls inspires its students to pursue a thorough and rigorous academic program. However, it does so, not strictly through direct instruction, but rather using a method that allows the students — in close cooperation with their teachers — to take responsibility for and ownership of their learning.
Today, learning can occur almost anytime, anywhere thanks to the Internet, cloud-based learning management systems, and private online tools and services. Ascham uses all three extensively, and enables its 1,200 students to get the most out of such resources through a Personal Device Program. Personal devices on the school’s network can range from the MacBook® to Microsoft® Surface™ and other Windows®-based laptops. Administrators and academic staff are also provided with school-owned desktops.
The problem was that students and teachers couldn’t always get to the websites and online services they needed. Even more concerning, students sometimes found their way to inappropriate sites or social media networks not permitted during school hours. The issues stemmed from Ascham’s previous firewall, which had performance problems and did not enforce policies consistently. It also lacked reliable reporting, a critical element when presenting suspicious student activity to parents, department heads, or the Head of School.
Jennifer Sharman, Director of IT at the school, remarks, “It’s incumbent upon IT to provide a safe, secure online environment for our students, and we have to be confident when reporting on a student’s activity that it’s accurate. Our legacy network infrastructure was not meeting the school’s expectations, and issues with reliability and accuracy were pervasive.”
Solution for the Next Generation
After exploring several security offerings, Ascham selected the Palo Alto Networks security platform, which consists of a Next-Generation Firewall, Threat Intelligence Cloud, and Advanced Endpoint Security. The firewall delivers application, user, and content visibility and control, as well as protection against network-based cyberthreats integrated within the firewall through a purpose-built hardware and software architecture. The Threat Intelligence Cloud provides central intelligence capabilities, as well as automation of the delivery of preventative measures against cyberattacks.
Ascham deployed a PA-3050 next-generation firewall and activated Palo Alto Networks subscriptions for Threat Prevention and URL Filtering. These services prevent cyberthreats by identifying and scanning all traffic — applications, users, and content — while consistently enforcing access policies. The Palo Alto Networks platform is integrated with 150 Aruba wireless access points across the school campus, so every user signed in to the wireless network is automatically in a secure environment. This ensures that security policies unique to each user are coordinated across wired, wireless, and remote network access, regardless of the device used.
High Marks for Palo Alto Networks
With the Palo Alto Networks platform, Ascham gained broad and deep visibility into network traffic, along with reliable, accurate reporting Dane Marcus, Ascham’s Network Manager, comments, “With the Palo Alto Networks platform we get total visibility that allows us to quickly identify students downloading excessive amounts of data, attempting to bypass blocked sites, getting on to social media or doing other non-permitted activities.”
For reporting, the school’s legacy solution only produced a plain text file that had to be manipulated with other tools to organize into something intelligible. The Palo Alto Networks platform creates reports directly in Excel or PDF that IT provides school leaders every Monday morning.
“Palo Alto Networks saves us a lot of time, and unlike before, we’re now confident in the accuracy of our reports,” notes Marcus.
Policy management also improved dramatically. After setting up policies on its legacy solution, Ascham still had problems with students getting through to sites they shouldn’t or being denied access to approved sites. “One of our main goals in IT is to make it as easy as possible for our users to be productive while being secure,” Marcus says. “We experienced ongoing issues with our previous firewall, but with Palo Alto Networks you just plug it in and it works. The platform provides a very intuitive menu that lets us easily set up policies and know they’ll be enforced properly.”
Secure Learning Anywhere, Anytime
Perhaps most importantly, Ascham has eliminated its performance problems since deploying the Palo Alto Networks platform. In the past, nearly 40 percent of calls into the help desk were about a device not connecting or the network being too slow. This created a ripple effect back to IT and reduced staff confidence in the school’s infrastructure. Sharman explains, “We spent an inordinate amount of time and effort troubleshooting and fighting fires. Now that we have the Palo Alto Networks platform in place, everything works beyond our expectations. That’s allowed IT to get back at least 40 percent of our time to work on more strategic projects that bring value to our students, staff, and parents.” She adds another key benefit — renewed confidence in IT. Before, the academic staff resisted engaging with technology because performance and access issues were so common. Now, instead of being an obstacle, security has become an enabler.
