Lessons in ingenuity: How NetStrategy helped CEM make their centralised firewall vision a reality

Christian Education Ministries
Craig McKeown, IT Manager
A bespoke, centralised next-generation
firewall, harnessing FortiGate
Three months
About the school

CEM is a leading provider of Christian education in Australia, catering to more than 6,000 students across five states. As well as running 11 Australian Christian Colleges it’s the only national multi-state independent distance education provider in Australia, operating four distance education facilities. It also operates the SmartPlay Early Learning Centres.

When Christian Education Ministries (CEM) went looking for a cost-effective firewall solution for their disparate school network – which spans five Australian states – they faced a major problem: The solution they wanted didn’t exist.

Craig McKeown, Christian Education Ministries IT Manager, had a vision of a centralised next-generation firewall accessible from anywhere in Australia – a solution which would enable the cloud-first organisation to provide centralised web filtering, firewall and pastoral care, keep costs down and provide the agility the rapidly growing organisation needed.

That, however, wasn’t available as a commercial solution.

Undeterred, Christian Education Ministries (CEM) partnered up with NetStrategy, a specialist education IT and cybersecurity service provider practice known for delivering complex or high-risk infrastructure projects, to create a bespoke centralised solution.

Thinking outside the box

As with any other sector, cyberattacks are an increasing issue for Australia’s education institutions.

“We had some ageing infrastructure in place that was deployed country-wide and it was a very good education-specific web filter, but not a good firewall. In fact, it was not really a firewall at all.”

Craig McKeown, Christian Education Ministries IT Manager

CEM went to market for a replacement. The options, however, were ‘eyewateringly expensive’, requiring CEM to deploy an appliance at every location.

“At the time none of the next-generation firewall providers had taken into account the education market. They all had firewall models and appliances that were appropriately sized and priced if you were a big, 30,000+ school, or even just a very, very rich school.”

For CEM, which has schools ranging from 50 students to 1,700, the costs just didn’t add up. “It’s not economical to dump these $300,000 firewalls all over the country.

“We needed something where we could put everybody through it in a cost-effective manner and that was scalable so we could continue to add schools into it in a good cost-effective manner. And nothing really existed.”

Craig McKeown, Christian Education Ministries IT Manager

In addition, CEM is truly cloud driven. There’s no infrastructure on site at its schools. All new systems are SaaS.

That’s where McKeown’s vision for a centrally hosted virtual firewall came in.

“Our schools – and distance students – are not all from the same site, they’re from all over the country, so we wanted to create a virtual appliance and pipe everyone through that one instance.”

Challenging norms and thinking outside the box

It was a project requiring some creativity and NetStrategy were up for the challenge.

“I had a conversation with them and they were excited and keen,” McKeown says.

NetStrategy’s consultative, client-first solutions-based practice saw the company working closely with CEM to model a number of different options to fulfil its requirements.

Problem solving skills and the ability to reinvent the wheel were necessary, McKeown says.

“It definitely wasn’t an average project, put it that way. It was immensely complex.”

The solution, which was largely implemented remotely due to Covid lockdowns, saw NetStrategy leverage existing systems to help reduce cost and complexity and provide a centralised web filtering, firewall and pastoral care solution. It harnesses a virtually hosted FortiGate next-generation firewall appliance, piping everyone in via the Telstra Programmable Network.

“Building a FortiGate is not complex. Pumping traffic from all over the country into a FortiGate is complex. Being able to know from the Sydney hosted Telstra data centre on a virtual appliance that little Johnny over in Southlands is doing the right thing and that it’s not Timmy from Sydney – that’s really hard!”

For CEM it wasn’t just a case of blocking threats and filtering web content. The flexibility around onboarding a new school and the peace of mind from a pastoral care and visibility point of view where key to the solution, and identity management was critical.

“That’s really easy to do if you are inside a school and it’s your own personal network and everyone is 100m away and you own the cables, you own that network and you’ve got boundaries in place where you are completely contained and managing that before you send them out to the internet. Filtering it when they are completely outside the network in a different part of the country and identifying who they are so you can then effectively do well-being reporting – well, that’s really complicated!,” McKeown says.

James Boyle, NetStrategy Chief Executive Officer adds: “We leveraged our design and service delivery teams that speciaise in the delivery of high-risk, complex and time critical projects. We worked with CEM to understand the outcome they required and came up with a holistic solution that could be rapidly deployed to all 16 locations with careful change management and comprehensive test plans. We understood the critical time constraints we had to achieve and were pleased to deliver such a complex project on time, on budget and with all the promised functionality.”

There were also time pressures: When the incumbent provider got wind that CEM weren’t going to renew with them, they tried to end the contract early.

“NetStrategy wanted to have six months to complete the project. They had three because the existing provider was going to pull the rug from under us,” McKeown says.

A solution for quarter the cost

Immensely complex and time-pressured it might have been, but the results, he says, were worth it, providing a nimble, scalable, centralised solution fully installed, configured and ready to go for less than a quarter of the $1.5 million it would have cost just for the required firewalls without implementation and managed services.

“It is cost effective, it meets our business needs, and it filled a gap where a solution didn’t exist because there was no way to centrally do this at the time,” McKeown says.

“It enabled us to very cost-effectively filter all of our sites and be more nimble and agile, so we’ve been able to add new schools into it quite quickly. All we had to do was get them a Telstra Business IP connection, and obviously program that network to pipe their traffic to where we wanted it to go, and off they went.”

He’s full of praise for the NetStrategy team, saying their can-do attitude and enthusiasm were key for the project.

“NetStrategy were up for the challenge and they met the challenge.

“They were willing to think outside the box, and throughout that project they displayed a significantly higher level of technical capability, ability to work under pressure and meet the challenges – because we met challenges, we met brick walls and we had to either smash our way through them or think of a different way to get over them. They did that under time pressures, during Covid to a very high level.”

Get in touch

Talk to an expert

Get in touch with us today to find out how we can deliver competitive edge to your asset intensive operations.
This field is for validation purposes and should be left unchanged.
35+ Years Experience
380+ Schools
Proven Processes
Strategic Solutions