Integrated Cisco Umbrella, Meraki and ISE solution to safeguard the school’s network and its users
Automated security policy covers both school machines and BYOD devices, and is personalised for students and staff
Full network visibility and simplified management of controls for a slim IT team
Ongoing support courtesy of Protos Networks’ bespoke managed services
The prestigious Oswestry School was founded in 1407, and, nestled on the border of England and Wales, is one of Britain’s oldest non-denominational institutions. The school boasts a proud tradition, and is one of the country’s highest achievers in areas such as mathematics and sport.
Yet the splendour of the school’s grand old buildings belie the challenges posed to an over-resourced IT team – that is, if you deem the word ‘team’ appropriate for a one-man-band. The solitary IT manager has faced a big task in delivering decent wireless coverage, secure network access and the latest in technology resources for all 600 children on site.
He had long held ambitions to drive change, and upgrade the technology to bring it up to a level in keeping with the school’s overall reputation for excellence. But it would require something of an overhaul.
For the IT manager, the main challenges were visibility across the network, a lack of automation, and the effectiveness of security controls. After a detailed discussion with the key stakeholders at Oswestry, we decided that a full network audit was the logical starting point.
So, we headed south to Shropshire for a week of extensive testing and assessments, and identified the areas where we could help. For starters, the firewall they had in place only facilitated about 30 per cent of the bandwidth the school was actually paying for.
We also noted some inadequacies in their security protocols, especially with regard to accessing social media, streaming and illicit sites. It wasn’t so much that the controls in place made the network unsafe – more that implementing them required excessive amounts of manual work, which, given the limited resource available, was a big ask.
There was also an opportunity for Oswestry to be more proactive in flagging user searches – particularly those which could compromise child welfare. In our experience, there have been occasions where we’ve picked up on searches by children relating to terrorism, drugs, self-harm and other troubling phenomena. With the right technologies, the school could quickly pinpoint any searches of concern, and report them to bodies such as the Internet Watch Foundation.
It was clear to all parties that safeguarding students had to be the main focus, and the first port of call was to replace the firewall. Yet there was clearly more to be done, and the solution we proposed was an integrated one, encompassing Cisco Umbrella, Meraki and ISE.
The new security policy we established is personalised to each user, depending on their age, the Year they are in, or if they are a member of staff. All the IT manager needs to do is change an Active Directory Group for a user. This applies a different Meraki security policy for the student/staff member, which will then allocate a relevant Cisco Umbrella policy – a task that will only be required as pupils progress through each Year group.
This Umbrella policy also blocks VPNs, and restricts access to non-essential websites during school hours. Of course, for a school with a large number of boarders, such a policy isn’t tenable after hours. Using Meraki, the system automatically activates a less-restrictive policy after 4pm so as to enable users to access social media, play Xbox, or anything else the school permits.
Underpinning the enforcement of this dynamic, automated policy is Cisco Identity Services Engine (ISE). For the IT manager, this has been key to providing visibility from endpoint to endpoint, and real-time information on all connected devices. It’s also helped to embed a zero-trust approach to the school’s networking strategy.
An additional benefit of replacing Oswestry’s firewall was the instant increase in bandwidth availability. But we also conducted a wireless survey as part of our audit, as this was essential in helping us understand the challenges posed by the physical environment on the school grounds – chief among them the old buildings.
In the main, we were still able to improve guest Wi-Fi performance. More importantly, we also helped to shore up the BYOD policy on site, with users now having to enrol their devices, and, thereafter, have them secured as per the aforementioned Meraki policy.
We appreciate that an undertaking like this involves significant investment. But Oswestry now has a network that provides innovative and effective safeguards for its students, delivers reliable performance, and can be sustainably managed on a day-to-day basis.
In collaboration with Meraki, we also underlined our commitment to offering a value-added service by securing a significant education discount on equipment. Plus, as a signed-up customer to our managed services, Oswestry continues to enjoy NOC support, along with access to new Cisco product features.
Ultimately, the school was resolute in its determination to revamp its network, and we’re very pleased to have had the opportunity to help them get there.