Humanitree School’s Zero Trust Adoption Reduces Security Incidents by 80%, Creating a Safer Online Learning Environment

Progressive K-12 school in Mexico looks to zero trust to provide safer digital learning for students

Launched in 2011, Humanitree School is an innovative, international, and bilingual K-12 school located in the Lomas Chapultepec neighborhood in Mexico City. Its mission is to create a nurturing and stimulating environment where students have fun while learning, and learn while having fun. Academic Director Gavin Andrew Judd believes that students at any level can achieve great things when they learn to combine freedom with responsibility. This principle extends to secure and proper use of technology to enrich learning. 

Each of the school’s 250 students are assigned an Apple iPad and/or Apple MacBook to access the internet and approved applications. Initially, students were only allowed to use these devices at school. But, with the demand for greater flexibility and the opportunity to use school-issued devices at home and other external locations, Humanitree’s IT leaders started to rethink the school’s approach to cybersecurity. They understood that the school’s traditional on-premises infrastructure would not be able to provide secure remote access to the web and SaaS apps for learners and staff. Another key concern was the sharp increase in cyberthreats targeting educational institutions. The IT team began to explore cloud-based zero trust solutions.

On the heels of this initiative, the pandemic struck, accelerating the need for distance education and remote work. The IT team knew the timing was right for modernization, so they acted quickly and conducted a rigorous proof-of-value and comparative analysis of three vendors, among them Zscaler, which was recommended by CrowdStrike. 

IT Director Hebert Martínez Reyes personally carried out use case tests on iPads and MacBooks. The end result? One solution failed to address critical security use cases, and the other was incompatible with the school’s primarily MacOS environment. Zscaler checked both of these boxes and outperformed its competitors in all key areas. 

“The zero trust principle of ‘never trust and always verify’ aligns perfectly with our stance on cybersecurity. We found Zscaler to be superior to all of the vendors we considered. Now the IT team puts zero trust principles into practice every day. This gives me peace of mind because I placed my bets on a platform that was driving innovation for our school and for the industry overall,” said Martínez Reyes.

Providing all users with comprehensive protection no matter where they are

Job one for Martínez Reyes and IT Manager Daniel Hernández Ortiz was ensuring reliable and secure access to internet resources for students and staff—both on and off campus. Over time, they deployed Zscaler Internet Access (ZIA) for 1,000 devices and all 750 users, including students, faculty, and other staff members. ZIA implements zero trust security by funneling all web traffic through the cloud native Zscaler Zero Trust Exchange platform. It provides consistent policy enforcement and a superior experience, regardless of user location.

Apart from streamlining and securing remote learning and work, the IT leaders were deeply concerned about the sharp increase in attacks targeting the education sector during and after the pandemic.  The education sector ranks fourth as the global target for ransomware in 2024, up from number 9 the year before. 

Zscaler helps Humanitree counteract threats and maintain a high level of protection by inspecting 100% of TLS/SSL traffic for hidden malware and data exfiltration. Advanced AI-powered threat protection also blocks botnets, cross-site scripting, and ransomware. Additionally, built-in URL filtering enables the IT team to set granular policies that control and restrict access to malicious and inappropriate websites that increase cyber risk and interrupt the learning experience. It also delivers safe results on search engine queries. 

“The internet offers our students a wealth of educational possibilities, but it is also fraught with risk. Zscaler allows us to monitor and secure what students do within the school’s systems and files. On the rare occasions when an incident occurs, Zscaler automatically enforces policy in real time and notifies us of the issue,” said Judd. 

Since Humanitree’s on-premises firewall appliance was incapable of providing secure remote access to the web and SaaS apps, the IT team also deployed Zscaler Zero Trust Firewall, which is cloud-delivered and fully integrated with ZIA. Its dynamic, risk-based policies safeguard users and devices, regardless of where they connect and swiftly terminates any malicious connections to prevent threats with unlimited inline traffic inspection and native TLS/SSL decryption. Zero Trust Firewall logs every session, giving the team complete visibility across all users and locations so that they can perform accurate, efficient threat investigation and response. 

Unmatched visibility for seamless IT operations

Zscaler Digital Experience (ZDX), part of the Zscaler Zero Trust Exchange, has enabled Humanitree’s IT team to resolve performance issues more than 50% faster. By providing a centralized console for diagnosing and fixing problems across users, applications, and services, ZDX ensures seamless operations and drives greater efficiency.

“Zscaler gives us complete visibility into every hop between a user's device and an application, allowing us to quickly identify and address any performance issues. Their engineering team is incredibly responsive, often resolving challenges within a day and even tailoring the solution to our needs. During the proof of concept, it became clear that other providers couldn’t match what Zscaler offered," shared Hernández Ortiz.

Extending the power of zero trust with integrations: CrowdStrike and Okta

As part of its strategy to build an end-to-end zero trust architecture, Humanitree has extended the power of Zscaler through integrations with other vendors’ products. 

Humanitree integrated Zscaler's Zero Trust Engine (ZTE) with the CrowdStrike Falcon endpoint security platform, enabling a robust Zero Trust security policy enforcement framework. By incorporating CrowdStrike Falcon Zero Trust Assessment (ZTA) device scores and security incident signals—such as device risk levels and new indicators of compromise (IoCs)—Zscaler enhances its Adaptive Access Engine (AAE) with enriched contextual intelligence. This integration enables more robust device posture-driven Zero Trust controls, ensuring that access policies are dynamically enforced based on fluctuations in user and device risk levels.

Zscaler then grants Humanitree users secure access to websites and SaaS applications using a benchmarked device risk score that aligns with the organization's security standards and best practices. This ensures that only trusted Humanitree users operating on secure school-issued devices are permitted to access critical resources.

Moreover, when Zscaler detects zero-day malware at the cloud edge, it correlates the threat with CrowdStrike endpoint telemetry to identify other potentially infected endpoints. This unified approach offers cross-platform visibility and reporting, allowing Humanitree's security teams to trigger immediate quarantine actions from the Zscaler console directly to the CrowdStrike Falcon platform.

“The Zscaler-CrowdStrike integration enables us to quickly assess device health and automatically adapts access policies accordingly. In addition, when zero day malware is detected and analyzed by Zscaler’s Sandbox, we can identify and isolate affected devices to prevent the malware from spreading,” said Hernández Ortiz.

This successful integration prompted Humanitree to integrate and adopt Okta’s cloud-based identity and access management (IAM) solution with multifactor authentication and single sign-on for SaaS applications. The Zscaler-Okta integration enables the school to enforce access policies that are automatically adjusted in real time based on a user’s risk profile—including password expiration, credential compromise, or risky user  behavior. Integration with Okta also facilitates logins within Zscaler, explained Hernández Ortiz. 

“Previously, everything was more complicated because we were using a somewhat limited single sign-on service. Migrating to Okta, a true enterprise-grade solution, the connectivity between CrowdStrike and Zscaler became much faster. This allowed us to unify the data from both tools on the Zscaler platform. We’re able to readily access this information on the dashboard and act on it to protect our students and staff while providing them with faster, more streamlined access to online resources.” 

Positive outcomes from many angles

Implementing Zscaler has had profound outcomes for Humanitree. The innovation-driven school is proud that it was one of the first adopters of Zscaler in the K-12 space in Mexico. In fact, because of its transition to zero trust, the school was among the few schools in Mexico that carried on its educational mission without pause during the pandemic.

Another big win since the Zscaler deployment is an overall 80% reduction in security incidents. Over a three-month period, Zscaler prevented 41.6 million policy violations and blocked 18,274 threats. 

Finally, since deploying Zscaler, Humanitree has reduced or eliminated multiple on-premises solutions and perimeter firewall licensing, reducing its technology expenditures by 40%.

The entire school community concurs: Zscaler inspires confidence in the use of technology for education

Humanitree’s transition to Zscaler has been greeted with enthusiasm by staff, students, and parents. All users welcome the flexibility to safely use their devices to access internet resources from anywhere. True to the school’s core philosophy of learning by doing, staff and students were encouraged to offer their suggestions to fine-tune policies. Students enjoy the freedom of using their devices to access online resources—no matter where they are—faster and more reliably. Educators and other employees are 100% on board with Zscaler because it works in the background in a noninvasive way, empowering them to do their jobs more efficiently and without interruption. 

Zscaler’s inline visibility and controls provide parents with reassurance that their children are browsing safely and are blocked from accessing inappropriate or harmful content. Appreciating the strengths and advantages of this approach to cybersecurity over common parental control tools, some parents have even restricted their children's use of less secure personal devices at home, only allowing them to use Humanitree devices.

“No one would allow a young person to walk through the city unsupervised and allow them to go wherever they want. The internet is the same. Zscaler is the digital guardian for our students, accompanying the children as they navigate the web and helping them steer clear of the danger zones. I find that really wonderful because we don’t have to physically hold their hands,” summarized Judd. “Our students can rest assured that they can browse safely on their devices—at home or from anywhere in the world.”