Cloud Monitor Protects Student Safety, Data Security, and State Law Compliance in the Cloud
Hillsboro-Deering is a small school district located in Hillsboro, New Hampshire. Its IT team of two supports the technology needs of about 1,160 students and 300 faculty and staff. The district primarily supports learning using a 1:1 device model and allows students and staff to use their own devices if they wish.
“We use a zero trust security model, which means never trust and always verify,” explains Hillsboro-Deering’s Chief Information Security Officer Neal Richardson. “For that reason, from a security perspective, it doesn’t matter so much to me what devices they use or what network they’re on.”
Richardson comes from a cybersecurity background in both the private and public sectors. His security-first expertise is essential for keeping Hillsboro-Deering School District students and data secure online. This came in handy when New Hampshire passed RSA 189:66, a state law that, among other things, required school districts to comply with a subset of the NIST Cybersecurity Framework standard.
“Working with vendors can be frustrating for those of us in K-12. The cost conversation is a challenging conversation to have because they’ll often treat schools with limited budgets and resources the same as all their other customers. Cloud Monitor is different. The platform works, the price is right, and it’s focused on K-12 and our unique needs. On top of that, their customer service is exceptional. Every interaction I have had with every member of the team at Cloud Monitor has been positive.”
— Neal Richardson, CISO
The Challenge
Hillsboro-Deering had already made the move to Google Workspace before Richardson came on board. One of the main reasons why was to take advantage of the very low cost of Chromebooks.
“That’s kind of how Google ropes us in,” Richardson chuckles. “We get to have Chromebooks in the classroom at a very reasonable price. But of course, everyone needs a Google account to use them. This means you get a Gmail account and all the Docs and the Shared Drives and all that comes with it.”
Richardson built a solid multi-layered cybersecurity infrastructure to protect school data and students, including traditional firewalls, managed DNS security, endpoint detection, and of course, content filtering and GoGuardian for CIPA compliance and student safety controls.
“We didn’t have any major problems with our security and safety tech stack,” explains Richardson. “The primary challenge came when New Hampshire passed the state law that requires us to adopt NIST SP 800-171 controls. Though we have Google Enterprise Edition (now Google Workspace for Education Plus), it simply doesn’t have the tools we need to control the confidentiality elements of the law.”
Hillsboro-Deering School District is a Google Workspace for Education Plus edition and Microsoft 365 Education A5 level customer. Both were purchased for the additional native security and control tools, but Richardson still found gaps in what he needed versus what they provide.
“Either the functionality didn’t exist at all or it was a very manual process, where I had to wade through all of the alerts to try to figure out if there was really something that warranted an investigation,” says Richardson. “It was so time-intensive that it was just impossible to keep up with when you’re putting out multiple fires at the same time. The only usable notifications I was getting about improper Google Drive sharing issues were from teachers when they noticed something was going on with their students. Even then, the native Google tools don’t really help. You have to add yourself as a member of the file or drive to see what’s going on. And then, of course, that tips the students off that someone is looking into what they’re doing.”
Richardson knew that he had a visibility and control problem, and a compliance problem. He knew he didn’t have the tools natively in Google or Microsoft, but he wondered if there was a solution out there that could help him. Then, he found out about ManagedMethods.
The Solution
“One day, I received an email from ManagedMethods. So, I went to the website and looked around a bit, and then I signed up for one of their upcoming webinars. And the rest is history!”
From the start, Richardson liked that Cloud Monitor focuses on education. As many district leaders have experienced, working with vendors and solution providers—particularly in cybersecurity—can be frustrating. The cost conversation is a challenging conversation to have because they’ll often treat schools with limited budgets and resources the same as all their other customers.
“Cloud Monitor is different. The platform works, the price is right, and it’s focused on K-12 and our unique needs,” says Richardson.
Richardson wanted a platform that integrated seamlessly with Google. He needed a tool to provide advanced and automated controls to keep data secure and comply with the New Hampshire state law. This includes data loss prevention and improper student data sharing controls. He also wanted something that was going to be easy and efficient for him and his IT Admin to accomplish basic tasks. And, of course, the price had to be competitive because there really wasn’t a budget for it.
“Investing in Cloud Monitor is my number one recommendation for other school districts. Just one data breach can outspend the cost, both in terms of the financial burden and the time spent recovering from it. Cloud Monitor gives you access to information that Google and Microsoft have, but makes it much easier and faster to access it. Without it, I wouldn’t feel as good about our security standpoint as I do now.”
— Neal Richardson, CISO
After activating his 30-day free audit, Richardson was blown away by the level of visibility and control Cloud Monitor provides.
“There were the data security and compliance aspects that we were mainly focused on, like controlling emails and files containing personally identifiable information (PII) and social security numbers,” Richardson explains. “But there’s so much more. For example, the prolific storage of videos and music files in our Drives and Shared Drives. We thought that our filter was blocking that, but they were just logging in and uploading them from home. There are also the self-harm and student safety signals that we get email alerts on that have been very useful.”
When he demonstrated everything they could see going on in Google to district administrators, from a data security and compliance standpoint and a school and student safety perspective, the decision to purchase was relatively easy.
“Just because you’re not seeing it, doesn’t mean it’s not happening,” Richardson warns.
The Results
“How did I ever live without Cloud Monitor before!?”
Using ManagedMethods, Richardson can now automate many tasks that require untold hours of digging and frustration. For example, Cloud Monitor ensures that no one from outside of the continental United States is able to login to any Hillsboro-Deering Google accounts. It also sends alerts when there is an attempt to do so.
The platform also prevents its users from connecting unauthorized 3rd party applications to their school Google through OAuth. Richardson is able to pre-sanction applications that have passed his district’s data privacy and security vetting while removing anything that is not on his sanctioned list.
Cloud Monitor also automatically prevents sensitive information from being shared outside of the school domain. It breaks any sharing that violates the district’s data loss prevention policy and automatically sends a notification to the sender and Richardson. This helps educate his users on why they shouldn’t be sharing the data. It also gives him the visibility into sharing behaviors he needs to help improve users’ behaviors and comply with state data privacy reporting requirements.
“The new features that Cloud Monitor rolls out are fantastic,” says Richardson. “One example is their Google Classrooms management tool. It’s been a huge help and time-saver. We can now easily add ourselves to Classrooms as co-teachers to get in and help troubleshoot problems our teachers are experiencing.”
Richardson also finds Cloud Monitor to be better at flagging and investigating phishing emails than Google or Microsoft.
“We still get phishing emails that get past Google and Microsoft’s native filters. Cloud Monitor is really good about flagging those emails that are able to get through,” he explains. “We can also see if anyone in our domain has interacted with phishing emails, and quarantine or delete those emails directly from anyone’s inbox.”
Cloud Monitor was also there for them when a teacher’s account was compromised and the assailant was trying to harvest sensitive data through some of the district’s connected apps. The platform alerted Richardson that there was a login from an unrecognized location, based on the IP address, and he was able to quickly determine that it was an account takeover incident and lock down the account.
One of the many ways that Cloud Monitor helps support the unique needs of K-12 schools is that it integrates student safety monitoring with cybersecurity in one easy-to-use platform. Signals by ManagedMethods uses artificial intelligence to monitor district Google Workspace and Microsoft 365 emails, files, shared drives, and chat apps to detect student safety signals in school-provided technology. In addition, the platform monitors for red flags that can indicate safety concerns such as self-harm and suicide, cyberbullying, threats of violence, and explicit or sexual content.
“Unfortunately, there have been a couple of incidents flagged relating to suicidal language and violence issues,” says Richardson. “These give us indicators that we send over to the proper resource in the building to help the student with the problems they’re experiencing.”
To Neal Richardson, Cloud Monitor isn’t just a compliance platform. It’s an invaluable tool that helps him keep the Hillsboro-Deering School District community safe and secure.
“Just because you’re not seeing it, doesn’t mean it’s not happening. Start your Cloud Monitor free audit and you will be amazed by what you see.”
— Neal Richardson, CISO
“Investing in Cloud Monitor really is my number one recommendation for other school districts. Just one data breach can outspend the cost, both in terms of the financial burden and the time spent recovering from it,” says Richardson. “Cloud Monitor gives you access to information that Google and Microsoft have but makes it much easier and faster to access it. Without it, I wouldn’t feel as good about our security standpoint as I do now.”
