Baking a Security Layer Cake for K-12

Baking a Security Layer Cake for K-12

Remote learning has been a hot topic for many years in K-12 education, but the current pandemic has brought a renewed focus on the inadequacies of secure remote learning, equitable access and much more.

Today we’ll focus on the basics: security. With so many solutions for remote learning today, from cloud resources to learning management systems, real-time video instruction, recorded video instruction, email, text messaging applications and more, what should school districts prioritize to enhance safety and security for students and staff related to remote instructional and business support?

Well, they should think about baking a cake.

K-12 must focus on providing layered security models in order to enhance data security and privacy. Think of baking (or eating) a cake: more layers are better. All districts should enable solutions that provide a safe layered approach for the access of these resources such as two-factor authentication, virtual private networks, cloud access security brokers, security information and event monitoring and more. Providing staff with secure access methods will help ensure that private, sensitive data is accessed by the appropriate staff members – and no others. Moreover, these solutions will allow student data privacy and security to remain top of mind when accessing resources from anywhere.

Two-factor authentication (2FA) provides a method for staff to utilize something they own (phone, security key, keycard) with something they know (username and password) to enhance access security. By utilizing 2FA, bad actors will have a much more difficult time accessing and harvesting data owned by schools. 2FA also provides for much tighter security in helping to eliminate many of the domain account ransomware attacks affecting school districts across the nation.

When staff are accessing school resources from outside of the district, schools should utilize virtual private networks (VPN) for data confidentiality. VPN connections encrypt traffic to and from district resources while providing capabilities for specific targeted access. With VPN and identity combined, both staff and students can be directed to only the resources to which they have access.

As more districts move to public and private cloud solutions, cloud access security brokers (CASB) are quickly becoming necessary to enforce security policies for services that are out of the school districts’ control. CASB solutions provide for granular access and control while providing enhanced awareness, visibility and protection of data assets. Additionally, CASB allows for specific policies for data loss prevention and compliance (PCI, HIPAA, COPPA, FERPA, etc).

Security information and event monitoring (SIEM) enhance the visibility of incidents and events that occur over a period of time. By understanding how individual staff and students access resources over time, a SIEM solution can provide much-needed visibility into abnormal or anomaly behaviors. When anomaly behaviors occur, such as accessing too many files over a specific time period, logging in from two computers that are located in diverse geographic areas, failed login attempts in the middle of the night, or other events, then actionable steps can be automated to protect the safety of data.

Parents and guardians want assurance that their child’s information is always safe. Providing these additional layers of access methods are like putting virtual roadblocks, so that the data accessed is safe and secure. Just like baking a cake, more layers are better than one.

If you would like to discuss more or see how these recommendations can apply to your K-12 district please contact security@redriver.com

Adam Feind has been involved in K-12 education for the last 21 years as a former K-12 CTO. During his tenure in K-12, he has been involved in many aspects of Technology in Education including president of Texas CoSN, TEA Cybersecurity committee, Region 12 infrastructure committee and much more. Adam is an advocate for all technology items supporting student education on K-12.