Many districts still prefer on-premises data centers but an increasing number are migrating their key applications and most sensitive data to the public cloud, according to a report in EdTech. One key reason is that it strengthens their security.
In a survey by the Consortium for School Networking (CoSN), school IT leaders said cybersecurity remains their No. 1 priority because they typically have staff shortages, which make the schools easier targets for cybercriminals. The same survey also found that 1 in 3 districts have at least one IT person focused on cybersecurity.
Many school districts don’t have a full-time CISO or a team of security experts. The answer is to put data in the hands of cloud providers and software companies that have skill sets and tools needed to keep up with the challenges of cyberthreats and attacks.
“It takes a lot of day-to-day operational risks out of your hands by putting it in cloud providers’ hands,” says Amy McLaughlin, CoSN’s cybersecurity project director. “Running a data center is their bread and butter. It’s what they do, and leveraging their services definitely has a great ability to improve your cybersecurity.”
Cloud vendors must answer security questions, such as how they manage access control, what their data recovery strategy is, and whether they do background checks and provide their employees security training. They need to follow certain industry standards and practices.
McLaughlin shared three best practices for migrating to the cloud:
• Read the contract. Don’t sign a contract with a cloud provider until you fully understand everyone’s roles and responsibilities. For example, does the vendor back up data automatically, or is that a separate cost? What is the process if an incident occurs? How long will it take to resolve an incident? Not everything is a boilerplate contract; if you see something that makes you uncomfortable, get clarity and negotiate if you need to.
• Double-check cloud configurations. When deploying apps in the public cloud, make sure they are configured securely. That might mean turning to a security consultant or to the cloud provider’s consulting arm to verify that your environment is secure.
• Use security monitoring services. Take advantage of monitoring and data protection services in the cloud but be aware that you must also have staff to review and take action on reports and real-time alerts that the monitoring generates. Staff should be trained and empowered to resolve or escalate issues quickly.