The Top Cloud Computing Security Challenges in Education
What exactly are schools and districts dealing with? Here’s an overview of the common cloud security risks they should be ready to tackle:
- Loss of visibility: Today, most students and school employees are accessing cloud-based tools from multiple locations, networks and devices. This makes it harder for IT teams to maintain visibility into their users, Narahari says. Also, with everyone remote, location-based security and privacy assumptions are no longer as valid as they were before the pandemic, he adds.
- Data breaches and data loss: Leaking or losing student data is the biggest fear of educational organizations, especially when it comes to minors, says Stephen Manley, chief technologist for data protection company Druva. The U.S. Government Accountability Office found that between 2016 and 2020, thousands of K–12 students had their personal information compromised in data breaches. “When a student’s personal information is disclosed, it can lead to physical, emotional and financial harm,” notes the GAO’s report.
- Insider threats: Aside from outside hackers, IT teams also need to be watchful of threats inside their environment, Narahari says. Unintended sharing and other human errors also pose risks to data stored in the cloud, he explains. Students and educators may also misuse cloud services and applications; they may download unauthorized apps or post sensitive information in chat rooms.
- Videoconference bombing (Zoombombing): Cloud-based videoconferencing platforms are also vulnerable to hackers. Mainstream media has covered this extensively: bad actors jumping on calls to share inappropriate images, yell profanities and so on. Disruptive attacks may also involve students who are intentionally hijacking and interrupting online classes, Narahari says.
- Advanced malware and phishing: Manley says malware and phishing attacks are also becoming more sophisticated. For example, ransomware has evolved to where it’s not just about encrypting data. “It’s now about exfiltration as well, where [cyberattackers] will pull your data out before they encrypt it and threaten to post it if you don’t pay a ransom,” he explains. Right now, shared documents are the number one threat vector for ransomware in the education space, Manley adds.
How Can Schools Mitigate Cloud Threats?
IT teams need to ensure they’ve adopted security approaches, such as understanding vendor security mechanisms, leveraging single sign-on and multifactor authentication, setting up appropriate permissions and controls, and providing cloud governance and compliance training.
It’s also important to have cloud security tools that will give IT staff better visibility into how students, educators and other school employees are using popular cloud tools such as Google Workspace and Microsoft 365 Education, which are outside of the traditional security perimeter, Narahari says.
Cloud access security broker solutions can help simplify that task by giving IT teams the ability to monitor student and employee use of cloud services. Additionally, cloud security posture management tools help IT teams assess any vulnerabilities, check for compliance risks and manage identity and privileges more efficiently.