Cloud access security brokers protect student data in cloud applications, which nearly all districts are using in today’s education environment
At Hillsboro-Deering School District in New Hampshire, CISO Neal Richardson had a problem familiar to many K–12 IT leaders.
“We had a lack of visibility in the built-in Microsoft and Google tools,” he says. “The data is there — logon locations, where the connections to my cloud solutions are coming from, emails in and out — but it’s buried.”
What Is a CASB (Cloud Access Security Broker), and How Does It Work?
While nearly all districts are using cloud applications now, they may not realize that network-based security tools such as firewalls and content filters won’t protect the data in these apps. CASBs give them that higher level of control.
“A CASB gives visibility into what apps users are using, and it supports compliance —with IT policy and with any of the standards for data security and threat protection,” says Sateesh Narahari, chief product officer at ManagedMethods.
With these visibility and compliance features, CASBs allow organizations to better manage their cybersecurity posture. “The CASB solution looks at user activity: where they’re going, all the files they’re sending,” Narahari says. “Then, it applies the IT policy to prevent threats, prevent data loss and conform to compliance.”
Lately, cloud-native CASB applications have eclipsed on-premises solutions. This minimizes operational issues and is easier for IT admins to configure.
Why Do K–12 Schools Need CASBs for Cloud Applications?
K–12 technology leaders need CASB solutions because they have to be proactive in their cybersecurity. “There are federal and state regulations that require K–12 organizations to protect student data,” Narahari says. “They have to protect employee data as well, and it’s not as simple as publishing an IT policy document and asking everybody to follow it.”
At West Rusk County Consolidated Independent School District in Texas, for example, Technology Director Cody Walker says, “We didn’t know about phishing threats until the end user had notified us…”