Nov 22 2021

What IT Leaders Need to Know About SaaS Security Posture Management

K–12 schools must be sure the applications they’re using are properly configured and appropriately secured.

As K–12 districts use more cloud computing and Software as a Service applications, district leaders need to be sure the apps that students and teachers use are properly configured and appropriately secured.

Expert services can help schools configure new SaaS applications on their network properly, so IT leaders can rest assured they aren’t facing security concerns from the start.

However, schools can’t completely rely on the security of the SaaS platforms they are using, as responsibility for identity and access management controls typically lies with the user. In a 2021 survey, 85 percent of companies highlighted SaaS misconfigurations as a top threat, yet only 12 percent of companies with between 50 and 99 applications check them weekly for misconfigurations or concerns.

That’s where cloud security posture management tools come in. CSPM solutions are designed to help IT professionals identify and manage security risks. By reaching directly into cloud solutions to analyze configurations and detect potential security issues, these tools enable IT administrators to identify and fix misconfigurations before a cybercriminal can discover and exploit those vulnerabilities.

Click the banner below to access more cybersecurity content for your K–12 school district.

What Is SaaS Security Posture Management?

One of the newest CSPM tools is SaaS Security Posture Management, which applies specifically to SaaS applications. With SSPM, organizations can be more confident in their adoption of popular SaaS applications such as Microsoft 365 and Zoom, says Colby Proffitt, a cybersecurity strategist and director of public sector marketing at Netskope.

“The most common form of cloud security failure can be traced to a misconfiguration of some kind,” says Proffitt. “To complicate matters further, across the wide array of SaaS applications on the market — and there are more than 40,000 — there exists no standardized mechanism for configuring security features or even a standardized vocabulary to describe them.”

By using SSPM, “organizations can verify they have configured the application correctly and securely, and ensure their configuration is aligned with best practices and in compliance with well-known regulations. If any issues are found, SSPM also assists with the remediation,” he says.

LEARN MORE IN THE WHITE PAPER: As cloud adoption accelerates, security must keep pace.

The Education Sector Is at High Risk for Cyberattacks

Proffitt says K–12 schools tend to be more vulnerable to misconfigurations than other organizations because they have limited budgets and IT resources.

“Schools might not necessarily see themselves as a high priority for cybersecurity attackers, but when we look at the problem of ransomware, schools are actually the No. 2 targeted sector, after hospitals,” says John Yeoh, global vice president of research at Cloud Security Alliance.

Schools are particularly vulnerable to cyberattacks and data breaches, says Yeoh, because they have less funding for security and a lot of sensitive data with financial value, including students’ Social Security numbers and financial accounts tied to teachers’ pensions.

“If you look at students in K–12, these are young kids who haven’t established any credit histories yet, and of course, no one’s checking their credit histories regularly, so they are prime targets for fraudulent financial activities,” he says.

K–12 schools are also vulnerable to security breaches from disgruntled students who are looking to change grades or disrupt school operations. “There’s a lot at stake,” says Yeoh.

SSPM Can Help K–12 Schools Save Time and Money

The shift to remote learning due to the pandemic led to an explosion of new SaaS products in K–12 education, and schools are continually adding SaaS applications to their IT systems. If a school has SSPM in place, it’s easy to automate and scale the technology to accommodate new applications. However, while SSPM is trending as a cutting-edge technology, many school districts aren’t currently considering this solution.

“SSPM is still a fairly new technology, so it’s not widely adopted by K–12,” says Proffitt. “Schools are typically budget- and personnel-constrained, which would naturally place investigation of a new technology like SSPM at a low priority.”

But Proffitt says K–12 schools should consider SSPM because the technology will ultimately reduce costs and could offer bandwidth to IT teams that are stretched thin.

a cybersecurity strategist and director of public sector marketing at Netskope
[SSPM] will free up staff time now consumed by manually configuring and verifying SaaS security, and it will reduce the likelihood of SaaS security failure, thus avoiding potentially enormous recovery costs.”

Colby Proffitt Cybersecurity Strategist and Director of Public Sector Marketing, Netskope

“It will free up staff time now consumed by manually configuring and verifying SaaS security, and it will reduce the likelihood of SaaS security failure, thus avoiding potentially enormous recovery costs,” he says.

SSPM Helps Districts Comply with Laws and Insurance Requirements

K–12 districts can use SSPM to attest to required controls outlined by FERPA and requirements that are mandated by their cyber insurance carrier, says Proffitt. “Insurance premiums are up 200 to 400 percent for cyber as a result of ransomware increases, and schools are getting hammered by ransomware as they do not understand their attack surface,” he says. “SSPM can help them with that for their SaaS platforms.”

DISCOVER: What do K–12 IT leaders need to know about ransomcloud?

Melpomenem/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.