Leading Primary and Secondary Education Provider Invests in Secure Education Architecture


Progressive and innovative Kristin School was founded in Auckland, New Zealand, in 1973 by a dedicated group of parents, with the goal of building and developing a world- class independent school. Education is seen as a valued partnership between the school and parents, ensuring that students are supported in their journey to become confident, compassionate and capable citizens of the 21st century. ICT is a vital part of the learning experience at Kristin, and is woven into the classroom and curriculum. The majority of Kristin’s students and all of its staff have computers, with many operating other devices, such as smartphones, as well. The school is home to a state-of-the-art fibre optic networking and a ubiquitous wireless network, while its Internet demands grow exponentially. ICT at Kristin is about progress, innovation and sticking to its core values.

Achieving good ‘Digital Citizenship’

In a comprehensive project, Kristin School looked carefully and extensively at its entire IT infrastructure, asking, “Where does the business want to go”? Future investments needed to be made with the next generation of users and applications in mind. As part of this, an identity and application-awared technology was sought that could support the innumerable numbers of devices. The project is known as ‘Education Architecture’. As part of an education environment solution, the enterprise architecture was developed to be as open as possible, whilst still providing age appropriate content filtering for the school’s teaching and learning environments. Typical legacy solutions, such as port based firewalling, were proving to be ineffective against new and developing threats, and could not support the school’s desire to embed good ‘Digital Citizenship’ in the networking to application layers.

“Palo Alto Networks allows us to enforce good digital citizenship” explains Kristin School Director of ICT Services Jason MacDonald. “While allowing all good use of our ICT resources, we can identify any malicious or inappropriate use and respond proactively. The solution recognizes zero day application exploits that, despite our best intentions, can occur even when our users practice good Digital Citizenship.”

Complementing a wider vision

Kristin School was increasingly awared of the need to provide an advanced solution to meet the changing and expanding needs of its business, students and staff. Kristin School ICT also required greater visibility into its internal environment, which would enable them to embrace Enterprise 2.0 applications, and provide a greater learning environment for the students.

The school was originally running a perimeter focused Checkpoint firewall. Rather than a straight upgrade or replacement, the Palo Alto Networks PA-4050 was incorporated into a broad, comprehensive and holistic solution, as a key complementary piece. “The Palo Alto Networks implementation is running as a corporate level firewall, providing security between the different schools (lower, middle and senior), ICT and the servers and systems used for delivery of services to the client base,” explains Steve Rielly, head of Katana Technologies, delivery partner for Palo Alto Networks in New Zealand.

The ability of the Palo Alto Networks solution to provide application and user identity visibility and control, down to a granular level, as well as threat detection, without degrading service delivery, made it the ideal solution for the leading school.

Getting it done

Kristin School engaged Steve Rielly, head of Palo Alto Network’s key New Zealand partner Katana Technologies, to deliver the PA-4000 series solution. “Steve is well known through the industry,” says Kristin School’s Jason MacDonald. “He is very focused on what we wanted to accomplish and what benefit or value he can add to that.”

The proof-of-concept was essential to the decision making process. “We had been looking at traditional IDS/IPS solutions,” explained MacDonald. “The concept of an advanced firewall was quite new to us at the time. The proof-of-concept gave us the awareness, understanding and trust required. The Palo Alto Networks PA-4050 did not pretend to be something it wasn’t. When we pulled the layers back it had all the goods. Palo Alto Networks really understands our environment.” 

Benefits seen and unforeseen

The deployment has been a multi-phase project, beginning with a proof-of-concept
of all the Education Architecture components. It has gone smoothly and according to schedule, with queries escalated quickly from the school to Katana Technologies to Palo Alto Networks. The high-visibility solution kicked in seamlessly.

The solution has provided much needed “agility” for the ICT team. “The main thing for us has been where we’re going in terms of supporting multiple devices,” says MacDonald. “Our students can bring in whatever devices they want, and our Senior School Connectivity Platform can support the devices our students need. They can choose whatever technology best supports their learning, and the Palo Alto Networks solution in our Education Architecture allows us to support their needs securely, with proactive monitoring and reporting.”

The highly flexible solution can be adjusted to meet the needs of all the school’s different user groups, for instance, different levels of filtering or application enablement based on the age of the student user.

Return on value, says MacDonald, will be captured in the classroom itself: “Our Education Architecture is a platform for business cases which by nature, have measurable educational KPIs”.

He borrows an analogy when explaining the Education Architecture and an objective: “A non-IT person may believe that to change the color of a wall you just need to paint it. But we know that sometimes you actually need to rip the wall down and rebuild it. Palo Alto Networks allows us the flexibility to paint the wall at any time, with any color required and at minimal cost.”