Alameda County Office of Education

Alameda County Office of Education in Provincial, State & Local Government and K-12 Education

At a Glance


Provide affordable network security that schools can tailor to meet their individual requirements for ensuring safe online learning environments for students


Palo Alto Networks Next-Generation Security Platform, configured with virtual systems to support the individual security needs of multiple school districts, at an affordable price point


Threat Prevention, URL Filtering, GlobalProtect, WildFire, Panorama, Premium Support


PA-7080 (1), PA-5050 (4)


  • Delivers stronger security at a lower cost with a unique subscription model.
  • Provides schools with the flexibility to tailor policies to their individual needs.
  • Insulates students from inappropriate online content in school and at home.
  • Ensures effective protection against advanced cyberthreats like WannaCry.
  • Makes next-generation network security affordable for schools, freeing funds for other educational programs

Alameda County Office of Education supports more than 18 school districts with over 250,000 students in Alameda County, California, with leadership and education services, budget oversight and educational planning, and advocacy to help students thrive and succeed in school. As a service provider, ACOE identifies and promotes cost-effective education services for schools and districts in the county. ACOE also operates as a school district, administrating juvenile court and community schools, as well as alternative education programs for students not served by local school districts.

Story Summary
The Alameda County Office of Education provides a range of support services to schools in the county, including network services that play a key role in everyday education. Securing the network is of the utmost importance to keep inappropriate content out of the classroom and enable a safe online learning experience for students. To do that, ACOE relies on Palo Alto Networks® Next-Generation Security Platform, configured with multiple virtual systems that provide each school with dedicated network security they can tailor to their individual needs and policies, leveraging the full range of security services available on the Palo Alto Networks platform.

This "network security as a service" is delivered through an affordable, subscription-based model that provides schools with stronger security at a lower cost than they could achieve alone. The platform prevents advanced cyberattacks like WannaCry or internally generated denial-of-service, or DoS, attacks from disrupting network services and online learning. ACOE can control web access based on individual policies to protect students from inappropriate content. Detailed traffic visibility across each virtual system enables security personnel to quickly detect suspicious activity and alert schools of any widespread cyberattacks. The Palo Alto Networks platform also helps ACOE provide schools with detailed network activity reports they can use to refine and strengthen their policies.

Creating a Safe Online Experience at School
Preparing students for success in the digital age is filled with challenges and opportunities. Modern classrooms connect students, via the internet, to a world of information and resources to enhance their learning. Educational applications like Blackboard and cloud services like Google ® G Suite™ make it easy for students to manage homework assignments, research and write reports, complete worksheets, and more, in school and at home. Standardized tests, such as those by the Smarter Balanced Assessment Consortium, or SBAC, are also administered online.

Parents and other guardians trust that accessing all these digital services and resources will be a safe and positive experience for students. But how can they be sure? Ryan Choate, IT director for ACOE, can answer that question.

"As internet service provider for the schools in Alameda County, we provide them with next-generation network security that keeps inappropriate content out of the classroom and protects kids from cyberthreats that could compromise their learning," he says. "Access to network services is an important part of the overall educational process, and we're here to make sure our kids and teachers get the most out of every online learning opportunity safely and securely. Palo Alto Networks is central to making that possible.

Network Security as a Service
ACOE created a unique service model that enables schools to add robust network security capabilities as an affordable, subscription-based package to the network services they get from ACOE. The foundation for this offering is Palo Alto Networks Next- Generation Security Platform, including the Next- Generation Firewall, Threat Intelligence Cloud and Advanced Endpoint Protection. With the platform, ACOE can safely enable applications, users and content while protecting its entire environment against known and unknown cyberthreats.

The service has been an unequivocal success, protecting more than 250,000 network uses across nearly 30 institutions, including public schools, charter schools and juvenile hall. Choate encourages other government organizations in Alameda County, such as municipalities, libraries and public safety agencies, to sign on as well.

His pitch is compelling: "Come on board and we'll provide you with better security at a lower cost than you could get on your own."

One of the ways ACOE keeps its security services affordable is by taking advantage of virtual systems on the Palo Alto Networks platform. Instead of having separate physical firewalls for each school, virtual systems enable ACOE to create multiple separate firewall instances within each of a small number of physical Palo Alto Networks next-generation firewalls. Each school still gets access to the full suite of Next-Generation Security Platform features, including Threat Prevention, URL Filtering, GlobalProtect™ network security for endpoints and WildFire® cloud-based threat analysis service, but at a fraction of the cost of a dedicated physical firewall.

In addition to managing and supporting the physical equipment and network connections, ACOE monitors network traffic for anything suspicious. Meanwhile, schools and other customers are empowered to create and manage their own security policies. This autonomy is especially important for schools, as it lets them tailor policies to fit individual learning objectives. For example, some schools may block access to online games, while others may have programs for students to learn about engineering by working with these games.

Keeps Cyberthreats at Bay
With ACOE's unique offering built on the Palo Alto Networks platform, Alameda County schools can insulate kids from inappropriate online content, foil DoS attempts, and automatically identify and block cyberthreats that could hijack data or lock up students' devices. The platform even kept the WannaCry outbreak from affecting any of ACOE's subscribers.

While the Palo Alto Networks platform keeps the bad stuff out, it also enables students to safely access online services and resources needed for their studies. One notable example is a county-run program that issues devices to pregnant teens so they can work at home to complete diploma requirements. ACOE uses GlobalProtect to provide a fully secured VPN tunnel that protects them even outside their school's network.

"Our principal objective is to provide a nurturing environment for these kids, free of content that might be disturbing to them," Choate asserts.

Of course, it's also important to keep students and teachers from doing things they shouldn't. For example, today's tech- savvy youth are quite capable of launching DoS attacks on testing day. And teachers, intentionally or not, have been known to share copyrighted material on the network.

"Through Panorama, we can see where a DoS attack originates and stop it," says Choate. "We get alerts if something inappropriate is shared on the network. We keep an eye on all that stuff and issue weekly reports to all the districts, including any suspicious activity and attacks originating outside our networks."

Keeping Performance High, Costs Low
Since ACOE's network security offering has been so successful, more districts and other county entities are signing up. To handle increased traffic while maintaining high performance, ACOE is expanding its environment with an additional Palo Alto Networks Next-Generation Firewall. The Next-Generation Security Platform is key to enabling ACOE to keep growing while ensuring its offering remains cost-effective.

Choate explains, "If we needed separate devices for things like content filtration and VPN, that would not only create bottle - necks in the network; we'd have a big spaghetti mess with all the connections. It would be more time-consuming to implement and manage, we'd use more power, and our capital and operational costs would go up substantially. By having a single platform for everything, we're able to get the performance we need, manage costs better, and keep our offering effective and affordable for the schools.

He points out that keeping security affordable lets schools free up money for other things. This might include providing Chromebook™ devices for kids in need or adding services to enhance the classroom experience. The most important thing for Choate is that keeping next-generation network security affordable means schools will take advantage of it.

"The whole reason we're doing this is to provide a safe, secure environment for the kids," Choate concludes. "We just want them to be able to go to school and learn without worrying about anything that could happen online."