CEWA selects Veeam for complete visibility and control over its M365 data
Worked with Aussie IT solution provider Insight to implement the platform.
For the first time, Catholic Education Western Australia (CEWA) has complete visibility and control over its Microsoft 365 data.
CEWA operates 162 primary and secondary schools across one of the most geographically dispersed states in Australia.
They have more than 13,000 staff and 83,000 students, and everything – from email to classroom content to administrative records – runs through Microsoft 365.
The company needed data protection at scale and through IT solutions provider Insight, it implemented Veeam.
Mike Kovacevic, CIO spoke told CRN Australia while they were relying on Microsoft 365’s native backup capabilities, it was not sufficient for their needs.
“Some schools and the CEWA office had previously used Veeam for on-premise solutions but we needed a more robust and centralised solution for the cloud,” he said.
“That meant we were carrying serious risk, particularly around compliance and data retention.”
Australia has strict privacy and regulatory obligations, and failure to meet them could result in reputational damage and legal consequences.
“We also faced internal resistance,” Kovacevic explained.
“There was a common misconception that Microsoft 365 data was ‘safe enough’ in the cloud. We kept hearing, 'We haven’t lost anything yet, so why invest in backup?' That logic is fine – until it’s not.
“We’d seen other educational institutions struggle to recover quickly and effectively from cyber attacks, and we didn’t want to find ourselves in the same position. We needed a solution that could help us get ahead of the risk, rather than respond after a crisis.”
Partnership with Insight
CEWA self-implemented Veeam but also sought help from Insight, one of the vendor’s partners.
“They were absolutely fantastic,” Kovacevic said.
“We move quickly, but we hold a very high bar. We expect transparency, flexibility, and solutions that are tailored to our needs not cookie-cutter approaches. Veeam and Insight understood that.”
Kovacevic explained that they weren’t just technically strong; they listened.
“They understood our unique setup of 162 schools, each with different IT capabilities, strict compliance obligations, and minimal room for error,” he said.
“Thanks to Veeam and Insight understanding our needs we were able to implement the solution ourselves without disruption, and importantly, without compromising on any of our security or operational requirements.”
What Kovacevic appreciated most was no pressure to retrofit anything.
“The solution fit naturally into our existing ecosystem. That’s rare, and it speaks to the strength of both Veeam and Insight who helped us bring it to life,” he said.
Why Veeam?
According to Kovacevic, Veeam stood out for several reasons. He said their speed to deployment was “unmatched”.
“Within 48 hours, we had essential security and access controls in place. No massive project plan, no bureaucracy, just action,” he said.
The vendor is also helping CEWA to align with the Essential Eight, Australia’s baseline cybersecurity framework.
He also highlighted that Veeam approached this project as a partnership, not a transaction.
“They understood our budget realities, our user base, our compliance pressure and they worked with us to find a solution that fit,” he added.
Once CEWA had the green light, implementation was incredibly fast, Kovacevic said.
“When we secured approval in late 2023, we were up and running in under an hour. It was one of the smoothest rollouts we’ve ever done,” he explained.
“Our VIP users were fully backed up in days, and we quickly extended coverage to all our 90,000 plus users.”
Results from the project
CEWA implemented Veeam in late 2023, and said the impact of the technology was “immediate and measurable”.
“We now have complete visibility and control over our Microsoft 365 data, something we didn’t have before,” he said.
“All our users, both staff and students, are protected. That includes 90,000+ identities and more than a petabyte of data.
“Our backups are immutable, our access controls are aligned with the Essential Eight framework, and we’ve solved the challenge of our 99-year retention requirement for specific record types.”
CEWA has also reduced its operational friction.
“Local IT teams at our larger secondary colleges can now manage their own restores securely and efficiently without having to go through central IT,” Kovacevic said.
“That’s a huge time-saver and has improved responsiveness at the school level.”
He said the biggest outcome has been the peace of mind.
“We’re no longer wondering, ‘What happens if we lose access to key records?’ We know we’re covered. That kind of assurance is priceless in a sector like ours, where disruption directly impacts students and families,” he explained.
“It’s also freed up our teams to focus on what really matters – progressing national and state-wide education projects that support CEWA’s mission to deliver high-quality education.”
The feedback from the CEWA staff has been overwhelmingly positive, particularly from their security and IT teams.
“They were amazed by how quickly the solution came online. We’re used to long project timelines, steering committees, and layers of approvals. This was one 40-minute call, and we were live,” Kovacevic explained.
“At the school level, giving our IT staff autonomy to manage their own restores without sacrificing security has been a real win. They’ve felt empowered. And for central IT, it’s reduced the bottleneck.”
More broadly, there’s a real sense of confidence that we’ve closed a major risk gap, Kovacevic said.
“It’s hard to quantify that kind of cultural impact, but it’s noticeable. We’re no longer reacting to risk; we’re proactively managing it,” he ended.