Keep data secure and students safe with a cloud security audit
K-12 school districts are at the forefront of cloud adoption, being among the first industry sectors to realize the massive benefits of cloud computing. One of several reasons school districts have been eager to make the move is that they need to be able to do more with less.
But while K-12 has adopted cloud computing eagerly, districts are falling woefully behind in cybersecurity—and cloud computing security specifically. Much of the gap has to do with budget and other resource constraints. But there are also understanding and mindset factors that are leaving student data vulnerable to exploitation in school cloud apps.
For example, many IT leaders believe that their content filter does what a cloud security platform will. This couldn’t be further from the truth. The two use completely different technologies, and are used for completely different use cases.
Even more people think that their firewall is enough to protect data in the cloud. In this mistake, K-12 is not alone. There are IT and information security teams in every industry type and organization size that make this mistake. Firewalls are built to protect your district’s network. But data stored in cloud applications like G Suite and Office 365 live outside your district network. Firewalls are no more capable of protecting your data in the cloud than your home security system is capable of stopping your car from being stolen.
Running a cloud security audit will help your IT team see potential data loss prevention, account takeover, ransomware, and other security vulnerabilities in your cloud environment. Using this four step process to auditing district cloud applications will put your team in the best position possible to secure information from identity theft—and help manage student safety risk factors.
Why Audit District Cloud Apps
If your district is using cloud applications for classroom and/or administration, you need to schedule regular cloud security audits. Most school districts that have moved to the cloud are using Google G Suite, Microsoft Office 365, or both to store employee and student data, collaborate on projects, communicate, and more. These cloud applications are built on very secure cloud infrastructures. But, it is your responsibility to secure your districts accounts from cyber attacks, data loss, and potential student safety issues.
Data security is an often overlooked, but increasingly important topic for K-12 school districts. According to the K-12 Cybersecurity Resource Center, 713 cyber incidents have been reported by K-12 public school districts since 2016. This year alone saw a veritable explosion of ransomware and phishing attacks targeting schools and other public institutions.
Though there is a lack of regulation governing district data security, the time is now to start getting serious about school district cybersecurity.
You can also include a student safety element to scheduling cloud security audits. As more students go online at school, district IT teams are finding themselves at the digital convergence between cybersecurity and cyber safety. At the same time, district IT teams are understaffed, under-funded, and overwhelmed as it is. The insurgence of student cyber safety responsibilities is new—and often unwanted—territory for K-12 IT.
Scheduling regular cloud security audits capable of detecting both data security and student safety issues with automatic reporting is critical for maintaining school infrastructures—and can be a huge win for IT teams.
Step 1: Discover Connected SaaS
OAuth is a fantastic technology that helps people use different SaaS applications without needing to create a separate account for each one. A person can simply login to the application using their Google or Microsoft account.
The downside is that it connects the 3rd party SaaS app to the cloud environment that is used to login through OAuth. System admins are finding it increasingly difficult to manage the explosion of connected SaaS applications to the district cloud environment.
Data security is the biggest concern here. Your district’s data is only as secure as the least secure SaaS application connected to it. If a SaaS vendor is not careful with the security of their own product, it makes your data vulnerable. Criminals are able to use an applications security vulnerabilities to access customer information through OAuth—exposing you to a data breach.
There are also many instances of hackers creating purposefully malicious applications. The goal is to trick someone into connecting to the app through OAuth so they can gain access to your Gmail/Outlook 365, shared drives, contacts, etc.
Auditing the 3rd party SaaS applications connected to your district account can also help control technology costs. You can pull a report of how many applications the district has in its environment to help others determine how much these apps are costing, if they’re being used, etc.
Step 2: Data Loss Prevention
The effectiveness of your data loss prevention rules and policies should be audited regularly. These tend to change as time goes on, and you need to make sure that edits in one place haven’t impacted security in another place.
Data loss can be either accidental or malicious. Most often, it is because an employee unknowingly sets a document to be able to be shared with people who shouldn’t have access to it. Or they accidentally include people on an email who are not the intended recipients. These types of data incidents happen all the time, but they are not harmless. Any time sensitive, personally identifiable information is exposed it can cause damage to the people whose information is shared.
Malicious data loss is what gets all the attention, and is certainly a risk factor that you need to mitigate. Running a regular DLP audit will help you identify if there are any DLP rules and/or policies that need to be adjusted, if new data was created that needs to be secured, or if any information is being used improperly.
Step 3: Account Takeover Detection
Account takeovers are becoming a more common source of phishing, ransomware, data loss, and other cyber threats impacting organizations in the cloud. An account takeover is notoriously difficult to detect, and can go on for weeks or months without detection. A cloud audit will help you see abnormalities in account behavior that may indicate an account takeover has occurred, or is currently happening.
Your cloud audit should pull data on:
- Account login location (by country and/or IP address)
- Number of login attempts, failures, and successes
- If phishing, malware, and other suspicious emails are originating from an internal account
- Abnormal file upload, download, and/or sharing activity
Using this information, you can determine if any accounts are at risk, and then take steps to mitigate and/or remediate the issue.
Step 4: Student Safety & Behavior
School districts are unique from other organizations that do business in the cloud in a number of ways. One of those ways is the responsibility you have for students’ safety—both off and online. If you’re like most school districts, you already have a content filter in place to comply with CIPA and qualify for E-Rate Program funding.
But what about the students that are bypassing the school network? Or using their device outside of the school network? Or students that login to school accounts on personal devices that don’t have the content filter installed? Content filters aren’t equipped to block these kinds of access activity.
We also know that students are using Google Docs as private chat rooms. They are uploading photos and videos to school shared drives. And they are using school email accounts to communicate with each other about personal matters.
Running a cloud security audit with student safety in mind can be made easy with the right kind of setup. You can use student safety specific policies, such as contextual keyword strings, image recognition AI, and sharing and editing behaviors to identify if there is an issue in your Google and/or Office 365 apps. If the audit does find an issue, you can find important information such as who was involved, who it was shared with, why information was shared, etc. All this information is helpful to school counselors and/or campus resource teams who can determine appropriate next steps.
Running regular cloud security audits is an important element of your data security and student safety process. An audit will help you identify potential weaknesses in your cybersecurity infrastructure, as well as detect potential safety hazards. If you’re using a cloud application security platform, you can simply set up automatic audits that will email you reports on a daily, weekly, or monthly basis.