Ed Tech magazine | Security Tools for K-12 Districts in Today’s Cloud Environments


Before the cloud, schools hosted everything on premises. Servers, files, data – it all existed where users lived and where district IT teams could manage and secure them: locally.

Cloud users, conversely, rent space on a computer system that exists outside the walls of the neighborhood. For this reason, IT managers need to take a closer look at the security protections offered by the cloud providers they work with. Whether it’s Google, Amazon Web Services, Microsoft, or another vendor, these services help schools manage their data, but often only provide the most basic cybersecurity controls.

Since the data resides in the cloud, schools need to be more careful about protecting it. They need cybersecurity tools and solutions that provide visibility into their data as well as sufficient protection against malicious actors.

Identity Management Tools Protect Districts Against Credential Stuffing

A common and hard-to-detect security threat to cloud applications – and cloud access in general – is credential stuffing.

When users choose the same password for multiple websites and apps, they create vulnerabilities. It’s common for people, including school administrators and students, to reuse passwords. However, when a network is hacked, cybercriminals steal and sell the names, email addresses, passwords, and any other information they have acquired. Users who reuse their passwords for non-school sites, such as Target or T-Mobile, can use that same password to access their school’s cloud applications and on-premises systems. Unfortunately, credential stuffing ultimately puts the entire school at risk. Here’s how it works.

There are databases of stolen usernames, passwords, corresponding personally identifiable information, password reset security questions and answers, and other data collected from users – all intended to be sold to bad actors. Once they have this stolen information, they can use it to target a specific school or schools.

The hacker then chooses a stolen folder and creates a targeted plan, using information from public resources such as LinkedIn, Twitter, or even a school’s website to find where a K-12 administrator works. From there, they will exploit the stolen password using credential stuffing to attack the system and wreak havoc. A persistent threat actor will often create programs or scripts to try the password repeatedly to circumvent the password history and age policies that the institution has set.

The best protections against credential stuffing are identity and access management tools such as multi-factor authentication and single sign-on. Enforcing strict password policies outside of the institution is unrealistic. IAM solutions provide additional security to protect districts against credential stuffing by providing an additional layer of security that cannot be stuffed.

Cloud app protections for student data and mental health

A cloud access security broker is another protection district leaders can implement. A CASB functions as an intermediary between users and the cloud. It creates visibility and control over cloud platforms so that the institution can ensure that the policies it has set on-premises are also followed in its cloud environments.

This tool can also handle encryption of sensitive data, perform data loss prevention and much more. For example, if a user – or an attacker using padded credentials – tries to share vulnerable data, such as a social security number, the CASB will alert an administrator to review the data before sharing it. .

CASBs are used in computing environments across various industries, although K-12 have unique use cases and security considerations. iBoss and ManagedMethods are two CASB providers specific to K-12 education, where school administrators often have to worry about student self-harm and cyberbullying.

A school-specific CASB will alert administrators if students search or write anything in their cloud files that indicates potential harm to themselves or others. This gives educators and school leaders greater insight into student mental health that a CASB from a pharmacy or manufacturing company might not necessarily provide.

by Anthony Glowacki, EdTech Magazine


About Author

Comments are closed.