.png)
How a Four-Person IT Team Enforced Zero Trust Segmentation In 3 Weeks
Cybercriminals are finding educational institutions easy targets. That’s why protecting students — and their digital records — is a top issue for many parents. They want to know their children’s school records are safe and secure. It's become an even higher priority during the pandemic, with so many students learning remotely on their personal computers, digital tablets and smartphones.
One school using security technology to reassure parents is St Mary MacKillop College, a private Catholic school founded in southeastern Australia that offers classes in grades 7 through 12. Named for Australia’s first saint, St Mary MacKillop is governed by the local Catholic Education Office, and it currently enrolls nearly 2,000 students at two campuses.
The school, which is dedicated to protecting its organization, its students, and their families from cyberattacks, recognizes that parents want every reassurance possible that their family’s personal information is safe.
“Some parents have enrolled their children here because they know we take security seriously,” says Luke Bell, St Mary MacKillop College’s network and security engineer.
Illumio: Elegant and simple, but powerful
To ensure the school continued to protect its organization and students from cybercrime, Bell recognized that a Zero Trust security strategy was key. And to implement Zero Trust security, he knew his organization needed to have fine-grained control in how it segmented parts of its network to limit traffic to only essential communications among various devices, people and applications.
As part of his search, Bell learned of Illumio at a trade conference. Immediately, he saw that Illumio’s flagship product, Illumio Core, was the answer he was looking for.
“As soon as I saw Illumio Core in action, I was wowed,” Bell says. “It’s elegant and simple, yet really powerful.”
Bell especially appreciated Illumio’s lightweight, host-based approach, which employs the native firewalls of devices rather than those of the network. Bell also liked Illumio’s straightforward, user-friendly interface which makes it easy to use. After all, the entire IT staff at St Mary MacKillop comprises just four people: an IT manager, Bell and two workers on the help desk.
“The fact that we’re small made very little difference,” Bell says. “Illumio is totally capable, whether you’re running just 65 servers, as we are, or 65,000.”
Along the way, Bell considered various options, including ones based on hypervisor technology. But Illumio provides a host of benefits that makes it far more effective and efficient to implement.
“When it comes to securing your environment and getting the most bang for your buck, Illumio is just better than anything else that I’ve seen,” he says.
Getting to full enforcement in less than three weeks
After Bell selected Illumio, he installed the Illumio Virtual Enforcement Node (VEN) agent on nearly all the school’s roughly 65 servers. These servers are in the school’s on-premises data center, where they run applications that include an email server, administration system and file server. These systems also handle about 5,000 user accounts for all of St Mary MacKillop’s students, parents and staff.
The Illumio implementation went quickly and smoothly.
“We went from nothing to basically full enforcement across our entire server infrastructure in less than three weeks,” he says.
One valuable benefit of Illumio, Bell found, is the ability to protect the network’s non-managed endpoints. At St Mary MacKillop, such endpoints can include printers, copiers and IoT devices.
“These devices are easily compromised,” Bell explains. “When’s the last time a printer’s firmware was updated? So, it’s probably vulnerable to all kinds of malicious activity. If these devices are compromised, then attackers can pivot into the rest of the network.”
Controlling who can access critical data
Another benefit of Illumio is that it lets Bell easily limit access of outside parties to only specific parts of the network. Members of this group, which includes the Catholic Education Office and selected suppliers, need access to certain databases but don’t need access to everything on the school’s network.
So, with Illumio Zero Trust Segmentation in place, if any of these third parties are themselves breached, the attackers can’t travel from the third-party network and into the school’s network. Its servers, applications and data will be protected.
The cloud is another area where Illumio is helping. Bell has moved a few servers to Amazon Web Services, and he plans to migrate more there over time. Illumio lets him protect the servers on AWS as easily as if they were on-premises.
“Illumio can be run cloud-native, which is important for a small shop like ours with a mix of on-premises servers and infrastructure-as-a-service,” Bell says. “In every aspect of our need to bring better Zero Trust security to our digital operations, Illumio has been the answer we were looking for.”
Learn more about how customers use Illumio:
