Blocking threats at scale and improving cybersecurity posture without increasing headcount
CEnet is a not-for-profit organization that delivers information, communication, and learning technology services to the K-12 population in Australia. It supports safe online environments for 330,000 students, teachers, and staff from more than half of the Catholic dioceses in the country.
Scales up internet security to support 20% to 25% year-over-year growth
Provides a secure internet experience from anywhere and any device
Consolidates technologies to decrease operational complexity
Improves security posture by reducing cyberthreats
Instills members with greater confidence in the safety of the online service
Zscaler gave us security and flexibility around how we could integrate them into our environment ... and freed up our team to focus on delivering as much value to our members as possible.
Zscaler helps CEnet transform online learning in AustraliaRead the Blog
On a mission to support learning communities with secure online experiences, CEnet delivers network and internet connectivity services to its 17 member dioceses across Australia. Users include the students, teachers, and administrative staff at each diocese. With membership growing rapidly, CEnet was wrestling with tight bandwidth capacity and needed to strengthen security for its managed services architecture to keep pace with an increasingly sophisticated threat landscape.
“Our internet connectivity and bandwidth were growing 20% to 25% year on year,” said David Jenkins, Infrastructure Manager for CEnet. “We had URL filtering in place, but the level of visibility was low and we knew there were blind spots. We needed a solution that would meet us where we were but that would also grow with us.”
The organization initiated a request for proposal (RFP) process guided by three core criteria for a zero trust solution: it had to be cloud native, multitenant, and easy to integrate with existing tools. Additionally, CEnet’s shared service model means each member requires access to the same SaaS applications, such as Microsoft 365 and Google Workspace for Education, while keeping individual schools’ data private. The Zscaler Zero Trust Exchange™ platform satisfied all requirements.
“We tested Zscaler in our environment and had our members test it to make sure they were comfortable using it. Through these review cycles, we developed a strong partnership with Zscaler,” said Jenkins.
Zscaler Internet Access (ZIA), a pillar of the Zscaler Zero Trust Exchange, makes it easy and efficient for CEnet’s widely distributed “lean and keen” infrastructure team of seven professionals to provide secure internet and SaaS application access across schools and dioceses. Additionally, given the unique requirements of teaching environments in each diocese, Zscaler enables access to approved web content in real time while blocking or flagging requests to blocked sites.
“We intentionally selected ZIA for its role-based access control, delegation of administration to the appropriate level and its granular controls at scale,” Jenkins said.
Zscaler scans data on all ports and protocols—even encrypted TLS/SSL traffic—anywhere the user is located and assigns a risk score dynamically so that nothing important gets out and nothing bad gets in.
The [Zscaler] technical team definitely nails the details, but the fact that you can trust and rely on them is even more important.
CEnet’s team needed a technology partner that could work with them on the specific infrastructure requirements of their network environment.
“We have a unique deployment, designed to aggregate services for members through our data centers. Zscaler worked well with us through implementation to determine the best architecture,” Jenkins said.
The team set up the ZIA Private Service Edge, an inline proxy that inspects all web traffic bidirectionally and enforces policy. The service edge, managed by Zscaler Cloud Operations, sits inside CEnet’s data center and monitors all traffic. This has eliminated the burden for the CEnet team and saves time as Zscaler fully monitors and manages the service edge.
“Zscaler gave us the security and flexibility around how we could integrate the platform into our environment. This allows us to leverage our peering and partner network to drive down internet cost and frees up our team to focus on delivering as much value as possible to our members,” Jenkins said.
As part of CEnet’s delivery of safe internet as a service to their learning communities, monitoring student welfare is crucial. Using Zscaler’s Nanolog Streaming Service (NSS) to stream traffic logs in real time, the team ran a successful proof-of-concept (PoC) with Saasyan, a student safety and well-being solution that can be integrated with Zscaler.
NSS also streams log data to Rapid7, CEnet’s security information and event management (SIEM) tool, from the Zero Trust Exchange. With this setup, CEnet benefits from real-time alerting. In an education context, when paired with student safety and well-being solutions such as Saasyan, these notifications help administrators monitor student behavior for signs of harm, bullying, or inappropriate activity.
The integration created an effective feedback loop. "This worked really well. Zscaler does what it does best, like proxying traffic and enforcing policy, while products like Saasyan provide student safety and well-being insights for school administration.” Jenkins explained.
Leveraging NSS enables CEnet to avoid the cost and operational inefficiency of an on-premises solution. “We’re always looking to conserve funds and put them back into services for our members, so leveraging Zscaler’s capabilities in different ways has been huge for us,” Jenkins explained.
The tight integration between Zscaler and Okta is key to providing a secure online environment and consistent user experience, regardless of the learning location.
CEnet uses Okta as part of its access management service offering for its membership. Okta’s mature user authentication and access management capabilities feed identity and authentication data into the Zero Trust Exchange. Zscaler uses this data—which includes access authentication, identity, and group membership data—to enforce the internet security policies that CEnet sets at various levels for students, teachers, and staff.
“The tight integration between Zscaler and Okta is key to providing a secure online environment and consistent user experience, regardless of the learning location,” Jenkins said.
Before beginning their zero trust journey, CEnet regularly received inquiries and concerns from parents about what students were accessing on the internet. Since deploying Zscaler and communicating its security benefits to administrative staff, questions like these have been few and far between.
Customer satisfaction scores are an important gauge for CEnet to understand how the membership perceives its offering. “We’ve seen that membership and staff have a lot more trust and confidence in the secure online environment, thanks to Zscaler,” Jenkins asserted.
Beyond membership satisfaction, the technical teams that regularly interact with Zscaler support and account teams are exceedingly pleased. “The technical team definitely nails the details, but the fact that you can trust and rely on them is even more important,” he added.
We’re always looking to conserve funds and put them back into services for our members, so leveraging Zscaler’s capabilities in different ways has been huge for us.
CEnet is working toward an ambitious roadmap. Taking a deep dive into its total security strategy, the organization is exploring ways to expand the use of existing technologies for greater cost savings that can be reinvested into schools. CEnet sees a great deal of potential to expand its use of Zscaler.
Given that many CEnet employees are spread across the country and working remotely, the team is considering Zscaler Private Access (ZPA) to provide secure access to private applications while minimizing the attack surface. Where it is not feasible to install software on employees’ devices, ZPA Browser Access provides agentless zero trust access to private applications based on authentication and authorization.
“With hybrid work so common, we’re looking at adopting tighter device management policies but need ZPA to bridge the gap in visibility and security,” said Jenkins.
With an eye toward maximizing CEnet’s investments, the team will begin taking advantage of the insights available through Zscaler Digital Experience™ (ZDX)™. “We’re very keen to increase visibility through ZDX into how our solutions are performing, what the user experience is among our service catalog, and gain clarity on performance issues that will certainly help our service desks,” said Jenkins.
Zscaler secures CEnet’s delivery of shared technology services, ensuring a safe online environment for K-12 learning communities throughout Australia. “With the Zscaler Zero Trust Exchange, we’ve seen a huge reduction in cyberthreats. Overall, we have greater confidence in our security posture,” Jenkins concluded.