Securing the distance learning environment in K-12
The introduction of Chromebooks in American schools has helped give more students access to the Internet. But the huge shift towards distance learning for students and teachers – and the sudden reliance on networks that typically lack the safety protections in place in most schools – have created new security challenges for most. K-12 school districts.
One of the main challenges school districts now face is assessing the risks introduced by unmanaged assets, according to Sunny Suneja, former senior cloud security architect, U.S. public sector at McAfee.
“Educational institutions must now take into account the increased attack surface due to unmanaged devices used by user populations, connecting to school networks and platforms from untrusted sources and locations unreliable on the Internet, ”he says in a new EdScoop podcast, subscribed by Mcafee and Carahsoft.
This has forced K-12 school districts to “rethink how to implement good security checks, given the variables at play here,” especially given the disparity in how effectively different user populations and teachers tend to follow good cyber hygiene practices. “It could come from knowing which URLs to click on; or what kind of applications to install on their Chromebooks; or… in terms of how they end up accessing school networks and platforms.
The impact of the cloud on the security of distance learning
When asked what types of security threats should be of greatest concern to educators and school administrators in distance learning situations, Suneja said, “It comes down to a few challenges associated with the cloud adoption ”.
“The adoption of the cloud has changed the way schools work and manage data – especially these distance learning platforms – due to the benefits these platforms provide in terms of availability, scalability and cost reduction. He said.
“A large majority of web traffic is encrypted, which makes it extremely difficult to inspect and take appropriate action, using legacy tools and appliances in the world by default,” he explains. These tools “tend to be overloaded. They report unnecessary details or miss necessary details.
In addition, he says, schools “are grappling with understaffed and exhausted teams that have to comb through multiple consoles to piece together an incident. And we all know the breaches are not slowing down.
As schools have tried to overcome budget limitations, by increasing their BYOD postures, “they will need to be smarter in using tools that help them scale, meet demands and deliver significant return on investment.” , explains Suneja.
“One of the big challenges,” he adds, “is how quickly threats can creep into a student’s home environment. Students need to be more aware of where they are connecting from when they join the school network. These entry points put students at risk. But the security tooling effort that we will need must take contextual access controls into account. So this is a change in security architecture that we see implementing K-through-12 systems over the next few months. “
These controls also play a key role in protecting student privacy, he said in the podcast.
Suneja points out where McAfee has played a key role in helping school districts detect and respond to district safety violations. He cites an example where McAfee helped a district deploy agents that can sit on Chromebooks to prevent operating system exploits and application vulnerabilities.
Going forward, he concludes, “I think for leadership my recommendation would be to recalibrate their thinking about securing platforms and tools for collaboration and distance learning. May 2021 be a period when security teams are putting in place additional guardrails. “
Sunny Suneja is a former senior cloud security architect for the US public sector at McAfee, a world leader in security and privacy solutions. He has nearly 15 years of cybersecurity experience advising public sector and industry clients on risk management practices.
Listen to the podcast for the full conversation on ssecuring the distance learning environment. You can hear more coverage of IT Modernization in Education on our EdScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher, and TuneIn.