3 in 10 Districts Lack Cloud Security Coverage

• By Dian Schaffhauser
• 11/18/21

A vendor-sponsored survey found that a large share of IT people who have some influence over technology in their school districts don’t believe they have security for protecting key assets maintained in the cloud. A survey run and reported on by the EdWeek Research Center and sponsored by K-12 cloud security company Managed Methods revealed that 30% of respondents lack a security platform to protect cloud applications. Another 20% didn't know if such a platform had been implemented in their districts.

The survey was issued online during the summer and received responses from 214 district-level administrators who identified themselves as having at least a medium level of influence on technology decisions. Respondents included technology managers, superintendents and curriculum and instructional directors.

Among the respondents, a comparable share said their schools were primarily running either Google Workspace (43%) or Google Workspace and Microsoft 365 (41%); fewer numbers said they had only Microsoft 365 (9%) or something else (1%). Just six percent said they used no cloud-based environment whatsoever.

Three in five respondents said they had a high level of confidence in the privacy and security of the data stored in their cloud applications.

Furthermore:

• 37% weren't directly concerned about data breaches and leaks;

• 45% weren't worried about compliance with state and federal laws that protect student data; and

• 36% weren't bothered about the possible sharing and viewing of explicit content on their devices.

Of the respondents who said they operated in a cloud environment, 28% didn't know if they had a monitoring solution in place to protect shared data in the school-provided cloud applications. A slightly higher number, 31%, said they didn't know whether or not their cybersecurity platforms consistently monitored potential violations of various federal or state regulations on data privacy. The same number said their districts failed to monitor the level of risk of files shared with users outside the district's domain.

The median annual budget district people dedicated to cybersecurity was $20,000, with about a fifth of that set aside for protecting cloud applications in 2022.

While school systems "have clearly committed to the cloud," the report noted, "their appetite for cloud applications may have outpaced their ability to protect the sensitive and important student and employee information currently stored there."

"This new research tells us that some district administrators are unaware of the cybersecurity, safety and privacy risks that come with using them," said Charlie Sander, CEO of ManagedMethods, in a statement. "Technology leaders need to know their cloud environments may be vulnerable, and that it's their responsibility to secure them."

The report is openly available on the Managed Methods website.