Apr 06 2021

SD-WAN Solutions Boost K–12 Cybersecurity

With cyberthreats on the rise, schools need improved cybersecurity frameworks. Here’s how SD-WAN can help.

Cyberattacks against K–12 schools are increasing. In part, the rise in attacks is a product of the pandemic. Like other industries that made the switch to remote work, many schools have been targeted by malicious actors looking to exploit the rapid shift to remote learning. Also contributing to the growing number of attacks: outdated network configurations, undetected software vulnerabilities and unintentional insider compromise.

All security compromises pose significant risk for K–12 schools. Mitigating this risk is crucial as districts look to expand remote learning initiatives and deploy IT infrastructure capable of supporting hybrid learning environments in the “next normal” of education.

Software-defined wide-area network (SD-WAN) solutions offer a way to boost cybersecurity for schools, reduce total complexity and enhance IT control. Essentially, SD-WAN helps reinforce a school’s defenses against cyberattacks.

What Are the Impacts of Poor Cybersecurity?

Before diving into the benefits of SD-WAN security for schools, it’s important to recognize the wide-ranging impact of weak cybersecurity across K–12 environments. Without appropriate cybersecurity measures, students’ extensive personal data can be lost or stolen as part of an attack. Remote learning environments historically have been compromised to varying degrees. These mishaps can have far-reaching effects on students, staff and administrators.

Amy McLaughlin, project director for the cybersecurity and Smart Education Networks by Design (SEND) initiatives at CoSN, points to three main areas of concern for schools. She says schools need to be particularly conscious of endpoint management, targeted attacks and unmanaged software.

Endpoint management: As the sheer number of devices and access points in use across school networks increases, effective endpoint management is essential to mitigate security risk. “Because devices are running on home networks and wireless hotspots, schools can’t easily get to these devices, even though active maintenance and monitoring is critical,” says McLaughlin.

Targeted attacks: Email-based attacks remain one of the most common threat vectors, McLaughlin says, adding that “instructors and students are now being targeted with phishing attacks to expose their devices, and in turn more of the technology stack.” In effect, successful hooks from phishing efforts let hackers get their foot in digital door and once inside school networks, bad actors can move laterally to compromise key services or exfiltrate valuable data.

Unmanaged software: McLaughlin also highlights the increasing risk of unmanaged software on school networks from teachers and students installing software that hasn’t been approved for use on their devices. In the context of remote learning, this approach isn’t malicious. “People are often just trying to solve a problem,” McLaughlin says, “but unmanaged software and unapproved web apps aren’t necessarily safe or secure.”

Amy McLaughlin
Because devices are running on home networks and wireless hotspots, schools can’t easily get to these devices, even though active maintenance and monitoring is critical.”

Amy McLaughlin CoSN, Project Director for the cybersecurity and Smart Education Networks by Design (SEND) initiatives

What Are the Security Benefits of SD-WAN for Schools?

To help manage security at scale, many schools rely on familiar digital defenses such as perimeter firewalls, data encryption and intrusion detection. And while these remain critical components of effective defense, the diversification of K–12 technology stacks across in-house, public and private cloud networks creates a complex, interdependent landscape that requires more robust security control.

SD-WAN solutions offer a way to improve security at scale by decoupling two key network functions: data and control. By using software rather than hardware to monitor and manage network traffic, SD-WAN solutions reduce overall complexity and improve performance. These solutions also offer the key security benefits of transparency, control and simplicity for K–12 districts.

Transparency: When it comes to cybersecurity “anytime you’re working on incident management or response, the ability to see integrated components is key,” says McLaughlin. “This buys you time and efficiency in response and gives you a better idea of the scope.” By aggregating network management in a single place regardless of where network traffic comes from, SD-WAN solutions provide improved transparency to boost visibility.

Control: It’s one thing to see what’s happening on school networks, and it’s another to be able to do something about it. SD-WAN solutions “allow you to isolate certain components without isolating everything else,” McLaughlin says. This, in turn, provides more precise defensive control and takes care of potential problems efficiently.

Simplicity: The decoupled nature of SD-WAN solutions changes the way network traffic is routed. Specifically, SD-WAN reduces the need for backhauled traffic to undergo security screenings at a centralized location. Instead, site-to-site traffic is naturally encrypted and many common security functions, such as incident detection and identification, are natively integrated into SD-WAN solutions. Thus, with SD-WAN, K–12 IT leaders can simplify security management at scale.

RELATED: Fortinet's Renee Tarun explains how schools can prevent ransomware attacks.

What SD-WAN Solutions Should IT Decision-Makers Purchase?

Evolving SD-WAN technologies coupled with expanding cloud use means a growing market for software-defined solutions — and more choices for K–12 IT decision-makers. With so many options on the market, it’s often difficult to determine which solution offers the best fit for current IT needs.

While every district is unique and every network distinct, schools can realize substantial benefits with these market leaders.

  • Cisco: Arguably the most well-known name in business networking, Cisco’s SD-WAN solution offers built-in security features including advanced malware protection (AMP), intrusion detection systems and intrusion prevention systems. It additionally leverages up-to-date information from Cisco AMP Secure Malware Analytics (formerly Threat Grid) to reduce total risk.
  • Citrix: SD-WAN offerings from Citrix support zero-trust security models with a combination of cloud-based secure internet access and built-in stateful firewalls. These help empower protection along the edge of existing WAN infrastructure.
  • VMware: VMWare’s secure access service edge framework focuses on delivering holistic security across SD-WAN deployments with robust support for zero-trust network access, secure web gateway and cloud security access broker solutions to help streamline cybersecurity for schools.

Protection is now a paramount concern for K–12 schools nationwide as evolving endpoints, targeted attacks and insider compromises increase overall risk. Districts that prioritize robust cybersecurity can rest assured their students are protected. SD-WAN solutions offer the transparency, control and simplicity schools need to deliver powerful and reliable security on demand.

MORE ON EDTECH: Learn why cloud infrastructure matters to K–12.

gorodenkoff/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.