.png)
How a Four-Person IT Team Enforced Zero Trust Segmentation In 3 Weeks
Cybercriminals are finding educational institutions easy targets. Thats why protecting students and their digital records is a top issue for many parents. They want to know their childrens school records are safe and secure. It's become an even higher priority during the pandemic, with so many students learning remotely on their personal computers, digital tablets and smartphones.
One school using security technology to reassure parents is St Mary MacKillop College, a private Catholic school founded in southeastern Australia that offers classes in grades 7 through 12. Named for Australias first saint, St Mary MacKillop is governed by the local Catholic Education Office, and it currently enrolls nearly 2,000 students at two campuses.
The school, which is dedicated to protecting its organization, its students, and their families from cyberattacks, recognizes that parents want every reassurance possible that their familys personal information is safe.
Some parents have enrolled their children here because they know we take security seriously, says Luke Bell, St Mary MacKillop Colleges network and security engineer.
Illumio: Elegant and simple, but powerful
To ensure the school continued to protect its organization and students from cybercrime, Bell recognized that a Zero Trust security strategy was key. And to implement Zero Trust security, he knew his organization needed to have fine-grained control in how it segmented parts of its network to limit traffic to only essential communications among various devices, people and applications.
As part of his search, Bell learned of Illumio at a trade conference. Immediately, he saw that Illumios flagship product, Illumio Core, was the answer he was looking for.
As soon as I saw Illumio Core in action, I was wowed, Bell says. Its elegant and simple, yet really powerful.
Bell especially appreciated Illumios lightweight, host-based approach, which employs the native firewalls of devices rather than those of the network. Bell also liked Illumios straightforward, user-friendly interface which makes it easy to use. After all, the entire IT staff at St Mary MacKillop comprises just four people: an IT manager, Bell and two workers on the help desk.
The fact that were small made very little difference, Bell says. Illumio is totally capable, whether youre running just 65 servers, as we are, or 65,000.
Along the way, Bell considered various options, including ones based on hypervisor technology. But Illumio provides a host of benefits that makes it far more effective and efficient to implement.
When it comes to securing your environment and getting the most bang for your buck, Illumio is just better than anything else that Ive seen, he says.
Getting to full enforcement in less than three weeks
After Bell selected Illumio, he installed the Illumio Virtual Enforcement Node (VEN) agent on nearly all the schools roughly 65 servers. These servers are in the schools on-premises data center, where they run applications that include an email server, administration system and file server. These systems also handle about 5,000 user accounts for all of St Mary MacKillops students, parents and staff.
The Illumio implementation went quickly and smoothly.
We went from nothing to basically full enforcement across our entire server infrastructure in less than three weeks, he says.
One valuable benefit of Illumio, Bell found, is the ability to protect the networks non-managed endpoints. At St Mary MacKillop, such endpoints can include printers, copiers and IoT devices.
These devices are easily compromised, Bell explains. Whens the last time a printers firmware was updated? So, its probably vulnerable to all kinds of malicious activity. If these devices are compromised, then attackers can pivot into the rest of the network.
Controlling who can access critical data
Another benefit of Illumio is that it lets Bell easily limit access of outside parties to only specific parts of the network. Members of this group, which includes the Catholic Education Office and selected suppliers, need access to certain databases but dont need access to everything on the schools network.
So, with Illumio Zero Trust Segmentation in place, if any of these third parties are themselves breached, the attackers cant travel from the third-party network and into the schools network. Its servers, applications and data will be protected.
The cloud is another area where Illumio is helping. Bell has moved a few servers to Amazon Web Services, and he plans to migrate more there over time. Illumio lets him protect the servers on AWS as easily as if they were on-premises.
Illumio can be run cloud-native, which is important for a small shop like ours with a mix of on-premises servers and infrastructure-as-a-service, Bell says. In every aspect of our need to bring better Zero Trust security to our digital operations, Illumio has been the answer we were looking for.
Learn more about how customers use Illumio:
