A Multi-Layered Cybersecurity Infrastructure Protects Data Both Inside and Outside Your Network
Everyone is aware that cybersecurity is critical for school districts. Ransomware attacks and data breaches are impacting hundreds of schools and thousands of students and employees every year. But with cloud computing being relatively new, many don’t fully understand where cloud security should fit in their cybersecurity infrastructure.
The goal of each component, or layer, of your cybersecurity infrastructure is to protect against malicious or improper use of your school district’s information systems and/or data. But each does it in very different ways, based on the underlying technology of the system it’s designed to protect. These systems often include databases, endpoints, networks, and cloud applications.
Let’s take an overview of a multi-layered cybersecurity infrastructure, and discuss where and how cloud security fits into it.
What is Multi-Layered Cybersecurity?
Multi-layered cybersecurity is an approach to network and data security that uses a number of different components to achieve prevention, detection, remediation, and discovery objectives. Your infrastructure is simply the tools, appliances, platforms, etc. that you use to maintain your cybersecurity strategy.
A multi-layered approach is considered a best practice for a couple of reasons. First, though there has been a good amount of consolidation in the cybersecurity market, no one solution does everything. Nor is there one solution that does everything very well. A multi-layered approach allows IT and cybersecurity teams the ability to integrate “best of the best” solutions to their infrastructure’s various needs.
Second, a multi-layered approach builds redundancy, or “defense in depth”, into your district’s cybersecurity infrastructure. We tend to think of redundancy as a bad thing in everyday life, but in cybersecurity it is critical. By creating layers that overlap a little, yet work well together, your cybersecurity infrastructure is better configured to prevent—or at least detect and remediate—incidents.
Why? Because, simply put, there is no perimeter in the cloud. Traditional security solutions, such as firewalls (even Next Gen firewalls), secure web gateways (SWG), and message transfer agents (MTA) don’t protect cloud applications. They are built to protect your network perimeter, not data stored in the cloud.
Once unauthorized access is able to break into your perimeter, none of these devices are going to protect the information stored in your district’s cloud applications. Or, worse yet, if someone within the school district is using information inappropriately (either intentionally or accidentally), these devices won’t detect that kind of behavior at all.
This is why zero trust security is becoming a popular approach to K-12 cybersecurity. Zero trust security puts checks and balances into place that trust no one, whether it’s seemingly an authorized account or not.
Your Layered Cybersecurity Infrastructure
While a multi-layered cybersecurity infrastructure approach is preferred, it can also get out of hand. The dizzying array of different products and vendors available makes it all a bit overwhelming. This is why it’s important to have a strategy that outlines the specific needs of your district and the information you store.
Your cybersecurity infrastructure should cover the following six categories.
1. Infrastructure Security
Infrastructure security refers to securing the critical infrastructure underlying your entire IT system. Your approach to infrastructure security depends heavily on how your environment is configured. For example, if you have a lot of data assets stored on-premise, in servers, your infrastructure security approach will look one way. If your school district has migrated most or all of your data to the cloud, it will look very different.
With cloud computing, the majority of infrastructure security is outsourced to the vendor. Meanwhile, on-prem infrastructures require internal staff or a managed service provider to maintain infrastructure stability and security.
2. Identity and Access Authentication
Also often referred to as identity and access management (IAM), this layer of your cybersecurity infrastructure is like the lock on your front door. When a user tries to access their account, they need to authenticate that they are who they say they are and should be granted access. This doesn’t just refer to platform or application logins. It also includes phone and laptop passwords, network access, etc.
3. Endpoint Security
Endpoint security, or endpoint protection, covers the devices that are used to access your district’s network, cloud applications, and other data systems. Endpoints include things like computers, laptops, smartphones, tablets, and servers.
4. Network Security
Network security protects the underlying connections and interactions between all endpoints connected to the network. Network security is the layer of your cybersecurity infrastructure that most of us think about when we think about cybersecurity. It is where your firewalls, SWGs, MTAs, etc. are organized in the infrastructure.
Some cybersecurity infrastructure models separate network security and perimeter security. This isn’t wrong. But my argument here is that network security mostly focuses on defending the perimeter. While there are differences, network and perimeter technologies have largely consolidated over the years.
5. Cloud Security
Cloud security protects information stored, accessed, and shared in the cloud. It is very different from network security, mainly due to the fact that the cloud is outside of your network. This placement renders network security basically useless.
For the most part, this information is being stored, accessed, and shared in cloud applications, such as Google Workspace and Microsoft 365. But districts also use a large number of other cloud applications that collect and store student, staff, and business information. There are a number of benefits to working in the cloud with reputable application vendors. As mentioned previously, it allows IT teams to outsource infrastructure security and maintenance to these vendors (which, most likely, have far more resources to hire top talent and maintain large teams).
They also tend to build great native cloud security controls. These controls help system admins properly configure authentication and security settings. Because, while the vendor is responsible for the infrastructure security layer of their own cybersecurity infrastructure, they are not responsible for the service level security. Securing and monitoring access to information stored in cloud applications is the responsibility of the customer (a.k.a. you!) This is referred to as the shared responsibility model.
6. Incident Management & Response
Finally, you will need to integrate an incident management and response layer into your multi-layer cybersecurity infrastructure. If (or, more likely, when) an incident occurs, you’ll need a plan and process for responding to it. Depending on the scale and/or seriousness of the incident, the attack vector, and the type of data that was exposed (if any), your processes may need to look a little different.
Incident management and response processes generally include the following steps:
- Detection & analysis
- Containment, remediation, & discovery
- Reporting & communication
- Post-incident retro
How To Incorporate Cloud Security
The first step in incorporating cloud security into your school district’s cybersecurity infrastructure is to make sure that you have properly configured your various apps’ native security settings. Using this cloud application security checklist can be very helpful in accomplishing this first step.
Next, you will want to incorporate the 5 cloud application security best practices into your processes and your tech stack. These best practices include:
- Don’t ignore due diligence in cloud app selection & sanctioning
- Manage access to cloud applications & user behavior
- Cloud phishing & malware threat protection
- Automate & remediate cloud application security risks
- Audit & optimize cloud security settings
Finally, circling back to our earlier discussion about layering and redundancy, it may be a good idea for you to look into a 3rd party cloud application security platform.
Commonly referred to as a cloud access security broker (or CASB), a CASB can provide several benefits to your cybersecurity tech stack. It can provide an additive layer of protection to your data stored in the cloud, providing more security than exists with the app’s native functions. CASBs also pull all your cloud application security monitoring, auditing, and policies into one dashboard. This makes monitoring and incident response much easier for IT teams because they don’t have to spend time logging into multiple different platforms and navigating different UIs to find the information they are looking for.
Cloud security is a critical layer of cybersecurity for school districts that are storing, accessing, and/or sharing information in the cloud. Relying on network security controls to protect the cloud layer is risky at best. The good news is that incorporating cloud security into your cybersecurity infrastructure isn’t complicated (nor does it need to be expensive).
The biggest problem I see right now is awareness. Many people are not fully aware of the unique cloud security threats they are exposing their data to. Others simply don’t realize that their network security tools don’t have them covered—until it’s too late. But now you know!