Is SASE a Good Solution for Securing K-12 Education This School Year?

  • By Bob Turner
  • 10/24/22

We’re still in the first quarter of the 2022–2023 school year, and districts are facing more cybersecurity risks than ever before. The recent FortiGuard Labs global threat report for the first half of 2022 brings many of the current K–12 cybersecurity challenges into sharp focus. Top threats from that report involve zero-day exploits, ransomware, data wipers and Operational Technology vulnerabilities.

The K12 Security Information Exchange found in its annual State of K–12 Cybersecurity report that there were 166 publicly disclosed cyber incidents affecting schools in 162 districts across 38 states in 2021. Given that many cyberattack incidents at public schools aren’t disclosed, the real number is likely higher.

State and local governments are working with K–12 district IT leaders to search for answers to address many of the cybersecurity issues, and they’re pushing for increased funding and adding more knowledgeable cybersecurity staff.

Amy McLaughlin, the Cybersecurity Program Director for the Consortium for School Networking, is one person leading the charge of helping government leaders understand the issues at hand. In a hearing this summer before the U.S. Senate Committee on Health, Education, Labor and Pensions, she offered insights from the CoSN 2022 Ed Tech Trends report, which identified cybersecurity as the top unmet technology need for K–12.

“Even before the pandemic required schools to move more services online, cybersecurity has been a top concern for districts,” she said. “In a situation where even well‐funded corporations in the private sector struggle to address cybersecurity issues, poorly funded districts are at a disadvantage. One respondent called the need for more cybersecurity funding ‘desperate’.”

Ongoing Remote Learning and Security Risks

There is no quick fix, as the K–12 security issues are happening while many school districts are continuing transformation from on-premises data centers to cloud-based teaching and learning tools. As long as the increased federal funding streams continue, the movement from data centers to Software-as-a-Service will continue, too, for many situations.

The use of education-specific SaaS grew significantly during the pandemic, with the current motivation shifting to initiatives that spread the costs over several years and enable IT leaders to scale services as student populations fluctuate. Along the way, a mix of hybrid IT and cloud-based services tend to provide better support for schools with 1:1 devices while providing flexibility for teachers, students, and parents.

Even with most schools and students returning to the classroom, periodic public health scares and other issues that interrupt the flow in the classroom mean that access to secure remote learning is still needed.

In several states, the pandemic created more opportunities for students to switch to learning situations that were fully focused on remote learning. In one report, Oregon state officials noted that the number of students enrolled in fully virtual schools nearly doubled from 2.7% to 4.8% in the 2020-2021 school year with only a slight decline to 4.5% for 2021-2022. And in southeast Virginia, a consortium of public school districts convened their “Virtual Academy” this year for students with short- or long-term attendance challenges, with an estimated enrollment of 180 elementary students, almost 200 middle school students, and nearly 650 high school students.

Because online activity in schools doesn’t typically occur within a defined perimeter that has complementary physical and cybersecurity controls in place, the continuation of online learning is a serious cybersecurity concern. Students, teachers, and administrators are spending significantly more time working online using cloud services and architectures, expanding districts’ attack surfaces.

Cybersecurity and Homeschooling

A final perspective comes from the not-so-insignificant homeschool population. While many of those students live in a SaaS world for portions of their learning, the quality of security rests with their provider unless the parents have awareness of security challenges. Providers must be in sync with tools and tactics to ensure data privacy give safe and effective learning experiences.

One perspective comes from a mother of four I spoke with who, along with her husband, schools the family using a hybrid mixture of courses provided by public sources, paid services, and homeschool groups in their neighborhood. She’s been teaching their “class” since the beginning of the COVID-19 pandemic, and aside from user interface guidance on creating strong passwords, she’s found the information provided on internet safety and security to be scarce.

This homeschool mother said any formal guidance or instructions on network and information security was “barely noticeable.” Also absent were any easily found instructions for teaching those students of hers about cyber hygiene. The “schoolhouse rules” are based in limited internet “freedom” with shared credentials as a path to monitor online activity.

Flexible Security for K–12

Is there a strong, yet affordable, technology-based solution to protect K–12 education leaders and learners? SaaS and its sibling, Infrastructure as a Service, are bringing much-needed flexibility to K–12 without the need for continual updates to data centers. Again, according to McLaughlin, this supports “more robust technology services and lower cost overall.”

Moving to cloud-based and so-called “converged” capabilities creates an opportunity for security where it is needed. This means policy- and technology-based secure access at the service edge, a.k.a. SASE. Perhaps it’s time for K–12 IT leaders to explore better and more cost-effective methods, like SASE, which moves the security tools from the data center to where they are needed – that device in the teachers’ and students’ hands.

Before that bus leaves the schoolhouse, K–12 educators need to understand the gaps between security in the on-premises data center and cloud services before they explore SASE. Then they should evaluate their readiness and migration plans.

That’s the homework for the fall term.

Featured

  • laptop displaying a glowing digital brain and data charts sits on a metal shelf in a well-lit server room with organized network cables and active servers

    Cisco Unveils AI-First Approach to IT Operations

    At its recent Cisco Live 2025 event, Cisco introduced AgenticOps, a transformative approach to IT operations that integrates advanced AI capabilities to enhance efficiency and collaboration across network, security, and application domains.

  • cloud icon with a padlock overlay set against a digital background featuring binary code and network nodes

    Cloud Security Auditing Tool Uses AI to Validate Providers' Security Assessments

    The Cloud Security Alliance has unveiled a new artificial intelligence-powered system that automates the validation of cloud service providers' (CSPs) security assessments, aiming to improve transparency and trust across the cloud computing landscape.

  • robot brain with various technology and business icons

    Google Cloud Study: Early Agentic AI Adopters See Better ROI

    Google Cloud has released its second annual ROI of AI study, finding that 52% of enterprise organizations now deploy AI agents in production environments. The comprehensive survey of 3,466 senior leaders across 24 countries highlights the emergence of a distinct group of "agentic AI early adopters" who are achieving measurably higher returns on their AI investments.

  • laptop with AI symbol on screen

    Google Launches Lightweight Gemma 3n, Expanding Emphasis on Edge AI

    Google DeepMind has officially launched Gemma 3n, the latest version of its lightweight generative AI model designed specifically for mobile and edge devices — a move that reinforces the company's focus on on-device computing.