We often hear about organisations moving to the cloud to simplify IT resourcing or to save money. But for some people, like Director of IT James Garnett, the motive is quite different - to get better overall visibility of their systems.
The context here is that Garnett works for a sector where control and protection of data is of paramount importance: education. Specifically, he works for United Learning, a group of over 70 academies and fee-paying independent schools operating in England that aims to provide excellent education to children and young people across the UK, and which includes significant numbers of schools in both the public and the private sectors working together for mutual benefit.
From Cumbria to Kent, over 40,000 children get taught by schools that are part of the network, which is also one of the biggest charities in the UK - and, as stated, United Learning saw a growing need for transparency:
We decided to move from a hosted data centre model to cloud solutions, including multiple SaaS solutions delivering specific services, because our existing platforms didn’t provide us with enough control over our schools’ IT systems across multiple campuses and regions.
We also needed the ability to configure schools to meet organisational needs, allow and deny traffic as appropriate, and troubleshoot. Plus, with the proliferation of BYOD (Bring Your Own Device), we also identified the need to be able to centrally manage all devices, as well as support a limited degree of autonomy for schools where it doesn’t impact security. Finally, the number of devices and schools requiring connection to the group’s system was a unique challenge for us.
Garnett says that after Microsoft Azure was identified as the ideal cloud basis for this new model of control, Software Defined Wide Area Networking (SD-WAN) was used to secure the transition. But he also asked cybersecurity software and appliances and services specialist Fortinet to architect a new, more secure way of working.
We are currently moving to a cloud-first strategy across our organisation, and the firewalls are supporting us in delivering this securely. This, in turn, reduces costs to ensure as much money can be directed towards the education of children without compromising on security or safety.
Single pane of glass
Specifically, technology from his new IT partner called FortiGate allowed United Learning to continue with its hub and spoke approach to the WAN, as well as allow site-to-site connections for groups of schools to support off-site backups. Garnett told us he was able to manage migration from its incumbent solution to FortiGate over a period of 12 months as it brought up its Azure estate and wound down use of the old data centre, allowing member schools to migrate across as their existing firewall solutions came to end of contract:
Essentially, Fortinet’s solutions gave us the ability to host a firewall in Azure and provide an additional level of control to our new cloud-based estate, and we’ve already got 15% of our schools onto the new structure in the last 12 months.”
As to what control looks like in practice, Garnett says he’s starting to gain that visibility into what dangers could be lurking out there:
As we’ve started to migrate schools from their existing Internet filtering solutions onto the new solution, we’re achieving both cost efficiencies and a ‘single pane of glass’ view for the Group to look at trends that could pose a threat to our infrastructure.
Plus, United Learning schools have been given the ability to, where desired, filter at the application level, and ensure specific applications are blocked on user devices when on-premise but allowed off-site as well. This wasn’t the case prior to us deploying the Fortinet solution.
Now, Garnett’s team currently run over 80 firewalls protecting both schools, offices and Azure, and have begun using Fortinet’s Internet filtering feature to provide cost effective filtering with standardised reporting as a baseline for schools to build upon. So improved security and control are certainly coming through as benefits of this move to cloud - but, it turns out, cost saving is also starting to present itself as a big factor:
This is going to improve cost efficiencies for our schools when it comes to their IT estates. Should our members all move to the new central solution, there are projected cost savings of 50% on their Internet filtering, for example. It will also offer our schools a greater level of confidence in the security of United Learning’s systems, as well as give them the capability to keep up with projected future growth of our organisation. And in six months’ time, we expect to have a well-defined set of internet filtering policies and reports which will support our schools being able to deliver effective online safety. The aggregated data we collect through the software will also improve our overall security strategy by identifying possible threats across the Group.”
Garnett also adds that the experience has reinforced the insight for him that no United Learning school is the same - and that each one requires slightly different configurations:
Giving out large IP address ranges when we were a small organisation isn’t a good idea. Now we are so much bigger, we have more control and confidence that our network, across all branches, is secure. So overall, we think this is a story about making ourselves more secure today, for growth tomorrow.