Upgrading for security at Newington College

Education has changed significantly in the last handful of years. The disruptions that forced students into remote learning catalysed most schools to perform a digital transformation. Today, these changes persist, particularly in hybrid classes that function largely online. Schools are seeing expanded use of education applications, with new ways of organising and distributing information, and various channels and methods for communicating with students and guardians alike. 

These adjustments have guaranteed the continuity of education and provided critical assistance to students with learning challenges, but they also come with additional risk. As schools integrate technology into their everyday pedagogical practices, the more concerned they become about security threats. This growing concern is at the center of Newington College’s choice to upgrade to a Microsoft 365 A5 license, guaranteeing the right technological environment for learning while minimising risk. This move helped them work more closely with students to help prepare them for the digital works of the future, without raising additional security risks.

A changing security landscape

Dan Collins, who serves as the IT director at Newington College, has witnessed a lot of change in the last few years, and the biggest of which has been around security, “The risks around cybersecurity have changed dramatically since I’ve been here.” Much of this was a function of the rapid transformation that came about because of COVID, and much of that crisis became exacerbated by the legacy of custom-built apps that proved difficult to update and maintain. “It simply wasn’t a sustainable environment for us. We needed to simplify and standardise on a smaller set of effective education solutions to support our students and educators,” Dan explains.

Grant Joslin, Newington College’s ICT Infrastructure Manager, echoes Dan’s concerns:

Three years ago you were only worried about somebody taking over a student email account and sending spam out of it. But these days it’s a whole lot more than that.

It is, in many ways, a perfect storm. Like any school, Newington College has teachers that are pressed for time, and are there because they love teaching, not because they love learning about yet another new security threat. As Dan notes, “There’s just not a lot of additional space in the day, because educators are focused on students during school time, and managing their own administrative loads outside of class time.” 

Dan emphasises, “All staff at Newington College do their best to train on and understand the technology used, but the objective of the IT team has been to reduce the potential threats to make training meaningful and not onerous, so that teachers can focus on what they love and serve their students effectively.”

Dan Collins, IT Director at Newington College: “We needed to simplify and standardise on a smaller set of effective education solutions to support our students and educators,”

Grant agrees: “Newington College is a collaborative environment. The students are here to learn, the teachers to teach. Everything tends to be open and sharing. When you use that as an overarching strategy, it’s good for education, but not quite what you want from a cybersecurity standpoint. That’s the challenge we are working to solve.”

At the same time, as a K-12 school, Newington College has thirteen different student cohorts that often under appreciate the risks that come from phishing attacks or insecure passwords. And yet all those students come with data, and that data poses unique challenges. 

Grant explains, “we tend to store and maintain a lot of sensitive and personal information. It could be sensitive in a medical nature, it could be sensitive in a financial nature, it could be just generic PII data—these sorts of things. We also have compliance issues, where legislative bodies tell us how long data must be securely stored. So how do we store it securely for the duration required?”

Newington College, like so many other similar schools, doesn’t boast a massive IT team. As Dan emphasises, “The importance of all Newington College staff putting in their best effort to familiarise themselves with security issues and the technology employed. Nevertheless, the IT team’s aim has been to mitigate potential threats and make training both meaningful and hassle-free, allowing teachers to concentrate on what they do best—serving their students effectively.”

Upgrading security through Microsoft

Enter Microsoft 365, specifically an upgrade from the A3 to the A5 license, which gave Newington access to a comprehensive suite of solutions. 

Grant describes their reasoning process: “We’re a school, so we don’t have endless amounts of resources. Cybersecurity can tend to be a bit of a bottomless pit of money at times. So instead, we uplifted into the A5 offering with Microsoft, which gave us a lot of the tools.” 

He highlights a few of the products in particular: “Microsoft Defender for Endpoint—to secure Macs and Windows PCs for staff and students. That really helps the on-prem component of our identities. We also have Microsoft Defender for Cloud and Microsoft Cloud App Security (MCAS), which helps students with the SaaS side of things, to secure the internet apps that they use to connect to each other.” 

Quorum has assisted Newington College with their digital transformation and cybersecurity

Sentinel was another core product, which they deployed with the help of a third party, as a managed service. “We realised that using most of the Microsoft Education and security stack would give us the easiest way to integrate a proper toolset—and give us visibility across the landscape—while doing so more affordably than going with say ten other tools that required further patching together,” Grant shared.

In addition, the team moved many of the applications to Azure, to consolidate software and platform environments, which further reduced the amount of work required to maintain them. Dan explains: “we wanted less complexity with fewer things to manage and obfuscating the need to acquire knowledge of all these other platforms, particularly when it’s hard to get those skills in the first place.” Now, he notes, “We don’t have to worry about patching those apps and tools nearly as much, given they’re cloud-based and Microsoft and our partner Quorum take care of most necessary updates on-demand, 24/7. It really reduces the footprint of things our small IT team maintains.”

Grant Joslin, ICT Infrastructure Manager at Newington College: “The objective of the IT team has been to reduce the potential threats to make training meaningful and not onerous.”

To supplement their team and ease the execution of the new approach, they turned to the IT services company Quorum. Harry Cuthbert, Technical Engagement Manager, was very pleased with Newington College’s commitment to security noting, ”We get a lot of customers who aren’t willing to invest in cybersecurity until it’s too late, but Newington College understood the importance of security inside their environment, and it really was a lot for them to manage all these third-party integrations.”

“The Microsoft Azure cloud helped to simplify that, and it also allowed them to get significantly more information, telemetry—maybe not to stop every attack, but possibly to mitigate as much of it as possible and certainly to stop the spread of it around the rest of their environment. Plus, as with any technology environment, it’s vital to have post-attack investigation analysis and auditing after the fact, where we trace if anything had happened—what it potentially affected and how far.”

From Harry’s perspective, “Azure eases integration and logging. Defender for Cloud talks to Defender for Endpoint, which talks to MCAS, and it results in a single pane of glass. People used to be concerned about putting too many eggs in one basket, ten to fifteen years ago. Today that’s changed. Education organisations are constrained and see the value of simplifying. They’re able to do a lot more with a lot less in the Microsoft ecosystem, especially when it comes to enhancing security.”

Moving forward, together, securely

With its clear strategic and tangible benefits, the move to Microsoft 365 license from A3 to A5 along with infrastructure consolidation was an easy choice for Newington College. “Investing more energy into Microsoft was a great move for us,” Dan shares, “because of all the things they’re also doing in terms of key teaching tools and accessibility features. There are also interesting things happening in the space around AI tools and learning accelerators, and you can see the focus on improving student learning. That made it so much easier to get our teachers on board.”

In addition, simplifying the technical infrastructure of the school reduces barriers to learning, because it means more time focusing on the content and learnings of class, rather than the platforms and systems that deliver. With reduced IT costs, more resources can be returned to students to deliver on a holistic and well-founded education.

The results have been impressive. The IT team improved the overall Newington College security profile, reducing risk exposure in a variety of areas, while helping students to prosper.

Grant, musing on what counts as success from his perspective, says, “Do I sleep a little bit better at night? Do I feel that I’ve got greater visibility over the environment than I did before? Do I feel I have to look for what might be lurking in legacy apps? These are some of the questions that we ask ourselves, and right now, we can answer by saying we are never done with our diligence, but we feel much better about our security.”

Grants adds, “Do we have a long way to go? Of course, we’re always looking to improve. Securing our school is an activity that never ends. It’s like any other strategy or journey with technology. You just keep testing and improving and learning. With Microsoft and Quorum, and the continued efforts of our team at Newington College, the outlook for our journey looks bright.”

Learn More