A Colorado K-12 public school district’s IT security team encountered potential compliance and security challenges when it transitioned to Google G Suite for cloud email services, document collaboration, and sharing.
Compliance requirements mandated that the district must have systems in place to monitor for sensitive data such as FERPA, HIPAA/PHI, Individualized Education Plans, and ensure that data is not being stored or shared in a way that violates policies. In addition, the rise of 3rd- party connected applications was presenting a threat to school data due to potential phishing attacks or unauthorized access. The district also needed to monitor for policy violations and scan documents for objectionable content (e.g., adult content and profanity) and keywords and phrases that would indicate a student is in danger (such as threats, bullying, and harassment.) When student safety is at risk, time is critical, so the IT team needed to be alerted of potential policy violations, as well deviations from normal data access and sharing behaviors.