All Hands on Deck for Zero Trust
From a cybersecurity perspective, zero trust refers to a security posture based on the premise that every interaction or transaction begins in an untrusted state. For K–12 environments, zero-trust models close the security gaps on both sides of a school’s firewall.
The notion that a secure, hardened perimeter should protect everything inside the network no longer holds true; many districts learned this the hard way when they found themselves victims of successful cyberattacks.
When considering a zero-trust model, IT admins should remember that it must be a schoolwide initiative. When the entire school is involved, all departments and users operate with the same security standards in mind, which ensures the school is better protected on all fronts. Everyone on staff must understand the zero-trust approach.
Involving the entire school is important because breaches in schools tend to be initiated through phishing and social engineering campaigns that target educators or financial and human resources administrators with direct access to valuable information.
When considering zero-trust models, it is imperative to have the superintendent’s support. This helps get other staff on board with the initiative. Technology leaders also often report to superintendents.
Along with any implementation of a zero-trust strategy, schools must have reliable disaster recovery and backup plans. A dependable partner can help schools respond to incidents faster and more efficiently.
Peeling Back the Layers of Zero Trust for K–12
It’s important for schools to recognize that a zero-trust model is a multilayered approach to protection. It involves budget, people, endpoint protection, identity management, data center protection, backups and disaster recovery plans, firewalls, network monitoring, cloud security, and more.
Schools building awareness around zero trust will want to focus specifically on insurance, budget and support.
K–12 districts must meet compliance standards and maintain insurance in case of attack. This means carefully evaluating their cybersecurity budgets.
Bringing in certified and skilled professionals to support the initiative, either by hiring them or accessing them through a partner, is crucial to maintaining and following best practices for zero-trust models. It’s not effective to introduce the rigor and thoroughness that come with a zero-trust strategy if the people tasked with implementing and maintaining it are not supported or trained.
CDW can help K–12 schools evaluate their security posture and offer guidance on implementing the layers of zero trust in a school environment. IT professionals can reference many frameworks to create their own zero-trust approaches.
The Consortium for School Networking provides a framework for establishing security plans at all levels of a school district, from the school board and superintendent all the way down to the teachers and students. The National Cybersecurity Center of Excellence also has a good framework to reference, and schools can also look to the National Institute of Standards and Technology’s 800-207 framework for information.
It’s important for districts to understand that zero trust is not a magic wand. It’s a complex, matrixed security framework that utilizes a variety of solutions and best practices to look at security through a different lens and, hopefully, achieve a safer outcome for all.
This article is part of the “ConnectIT: Bridging the Gap Between Education and Technology” series. Please join the discussion on Twitter by using the #ConnectIT hashtag.