Zero-trust security is the new gold standard for many businesses and organizations. Yet, in a recent CDW report, only 23% of education respondents said that their organization is in the advanced maturity level when implementing zero-trust initiatives. The largest proportion (38%) said they were in the initial stages of these implementations.
To find out what K–12 schools are doing well and where they are facing roadblocks, EdTech: Focus on K–12 spoke with technology consultant Jill Pierce. Pierce now works with school districts throughout Tennessee and beyond after a 30-year career as a K–12 CTO.
EDTECH: What does the current zero-trust landscape look like for K–12 schools? Are they moving toward this cybersecurity standard?
PIERCE: There are certainly schools that have been on top of it for a really long time, and there are others that are just learning.
KEEP READING: Avoid zero-trust tool fatigue in your organization.
When we talk about zero trust, the problem is, how do we identify what really is zero trust? It’s such a new concept. People are just beginning to understand what personally identifiable information is.
Most schools have already been doing this to some degree; they just didn’t call it zero trust. Twenty years ago, when we talked about Wi-Fi, we didn’t ever think that we would be able to do what we do now. We’ve had artificial intelligence for a long time, but we didn’t call it AI. AI was something Steven Spielberg put in a movie, and now it’s a real thing. If you use spell-check, that’s a simple form of AI.
When it comes to zero trust, school districts are generally informed. They’re going to do their due diligence, they’re going to be protective, and they’re going to do the best they can.
Click the banner to explore zero-trust solutions for your K–12 school from CDW experts.
EDTECH: What are some of the biggest challenges in cybersecurity for K–12 schools?
PIERCE: Typically, when a breach happens, it doesn’t happen at the school district level. It’s a breach that happens to a third-party company. We’re seeing these large companies that have a lot more money than K–12 schools, so they are able to implement more zero-trust solutions. Whereas if something happens to a school, how do we identify it and get our systems back up so that we can continue the business of educating children?
There’s also a lot of fatigue in technology staff, because schools are understaffed in most cases. If schools weren’t one-to-one, they had to get there very quickly during COVID. For teachers, admins, everybody who works in a school district, kids and parents, the mindset was, “Let’s get this done.” But now we’re seeing fatigue set in.
School districts are doing the best they can with what they have to make kids and employees secure. If the parents don’t feel like their kids are safe at school, whether it’s physical or digital safety, those kids are not going to learn.
EDTECH: What elements of zero-trust security are schools doing well?
PIERCE: The terminology that we’ll hear for zero trust is “never trust, always verify.” On the surface, that’s easily understood. But what does verify mean in the IT world? How far does that verification go? Where does that verification stop? Where does it start?
Most schools have already been doing this to some degree; they just didn’t call it zero trust.”
Jill Pierce
Technology Consultant
In most cases, schools are verifying the devices. That device is tied to a login that is specific to that child with the device. So, the devices that schools give to kids are automatically verified on the network, or there is some other technology making sure that anything accessing the network is verified and supposed to be there.
When I was a CTO during COVID and we were out of school, we put Wi-Fi in our parking lots. Most people live near their schools in rural Tennessee, so they could go to that parking lot, and the only way they could download their data is that their machine had to be verified on the network with that user’s data. You had to have one of our devices and logins so that not just anybody could get on the Wi-Fi.
In most cases, schools do not let outside devices connect, or if they do, they have to have some solution that verifies that machine. It’s about making sure that you double-verify everything.
MORE ON EDTECH: Independent and private schools address unique cyberthreats.
porcorex/Getty Images