Due in part to widespread remote learning, the public cloud has claimed an even greater role in K–12 education over the past year than it held before. Public cloud resources bring benefits such as elasticity, but they can also put school systems at risk of cyberattacks and data breaches if organizations don’t take appropriate security measures.
The following five steps can help K–12 schools keep their cloud environments as secure as possible.
Adopt the Principle of Least Privilege
Too often, IT personnel have broad access to systems as a matter of convenience rather than necessity. And 80 percent of CISOs say they’re unable to identify excessive access in their cloud environments. This means that if even one employee’s credentials are stolen, a hacker will have the proverbial keys to the (cloud) kingdom. To minimize exposure and limit potential damage, schools should adopt the principle of least privilege — granting even trusted IT employees access only to the systems and data that are necessary for them to do their jobs.
Implement Multifactor Authentication
Any account that accesses core public cloud resources — but especially root user accounts maintained by administrators — must be protected by more than just a password. Multifactor authentication (MFA) solutions give schools a safety net of sorts, preventing system intrusions even in cases where a password becomes compromised.
Implementing MFA across an organization may not be as simple as it sounds, because many employees will need to access the same systems multiple times per day, making it burdensome to enter a new security code each time they log in. But for the most sensitive systems and data, MFA is a must.
Enable Disaster Recovery
Ransomware is a threat across industries. And when a successful attack hits an organization that lacks robust disaster recovery systems and processes, it can be truly disastrous.
Disaster recovery is not the same thing as backup; even if a school district has all of its data backed up, it will take a huge amount of time to rebuild an entire environment from scratch. Fortunately, solutions such as CloudEndure can provide organizations with a cost-effective way to recover their environments.
Many organizations fail to encrypt their data, either in transit or at rest. This eliminates a crucial layer of security for sensitive data, especially employees’ and students’ personal information. By encrypting their data, school districts can ensure that only people with the encryption keys will be able to read it.
Conduct a Security Assessment
An engagement such as CDW’s Cloud Security Posture Assessment can uncover previously undetected vulnerabilities, such as unnecessary open ports, poor password hygiene, firewall misconfigurations and ineffective log management. This last point is often overlooked, but it is critical: It takes an average of 280 days from the time a breach occurs for it to be identified and contained. Without accurate logs, it becomes difficult to detect unusual activity.
An unprotected cloud environment is a massive liability. But with the proper tools and practices, cloud security can become one of a school district’s greatest assets.