Research by ManagedMethods, a Google workspace and Microsoft 365 cybersecurity, student safety, and compliance platform for education, has found gaps in the cloud security strategies of district administrators when protecting their cloud collaboration and storage applications.
The report reveals 30% of district administrators with at least a medium level of influence on technology decisions do not have a security platform to protect cloud applications. Half of respondents either did not have a platform in place or did not know if platform had been implemented in their district.
“School districts have long led the charge into cloud technology by embracing Google Workspace and Microsoft 365 cloud applications. This new research tells us that some district administrators are unaware of the cybersecurity, safety, and privacy risks that come with using them,” said Charlie Sander, chief executive officer at ManagedMethods in a statement. “Technology leaders need to know their cloud environments may be vulnerable, and that it’s their responsibility to secure them.”
The report indicates among district administrators, cloud security, safety, privacy are not a concern, despite schools being heavily reliant on cloud applications. Only 60% of respondents have a high level of confidence in the privacy and security of the data stored in their cloud applications.
- 37% are not concerned about data breaches and leaks.
- 45% are not concerned about compliance with state and federal laws that protect student data.
- 36% are not concerned about the sharing and viewing of explicit content on their devices.
Of the district administrators surveyed that say they operate in a cloud environment, 28% do not know if they have a monitoring solution in place that protects the data in the school-provided cloud applications.
- 31% do not know if their cybersecurity platforms consistently monitor the level of risk of files shared with users outside the district’s domain or monitor for potential violations of government regulations.
- 28% do not know if their cybersecurity platforms monitor the level of risk of files shared within or uploaded into their domains, or report who has access.