Government Technology | Survey Identifies Gaps in K-12 Cloud Security, Knowledge

A report from EdWeek Research Center and ManagedMethods finds many K-12 districts lack adequate cloud security protocols, despite their move to cloud applications for data storage purposes and a rise in cyber attacks.

While K-12 schools are becoming increasingly reliant upon cloud applications for data storage, many still lack the cybersecurity protocols needed to adequately protect their sensitive data, according to a recent online survey by the EdWeek Research Center.

The resulting report, titled “What You Don’t Know Can Hurt You” and sponsored by the ed-tech company ManagedMethods, asked more than 200 K-12 district administrators with at least “a medium level of influence” on technology decisions whether their districts had platforms in place to secure data stored on cloud systems, as well as resources devoted to cloud security.

Of those, 30 percent said their districts lacked security systems that protect cloud collaboration and storage applications. About half either said they did not have such a system in place or were unaware whether one had been implemented. Among other notable findings, 28 percent were unsure whether their current IT security programs could adequately monitor risks related to file-sharing within district domains, as well as who has access to those networks.

According to another study earlier this year from the K-12 Cybersecurity Resource Center and the nonprofit K12 Security Information Exchange, 2020 marked a record-breaking year for cyber attacks on schools, with about 40 percent of those incidents involving data leaks and breaches. Researchers in that study also noted concerns about how K-12 cybersecurity vulnerabilities could compromise student data, leading to identity theft.

Despite the numbers and concerns, 60 percent of respondents in the ManagedMethods report had “a high level of confidence in the privacy and security of the data stored in their cloud applications,” and 37 percent said they weren’t concerned about data breaches and leaks. The study said nearly 90 percent of administrators also already use or are planning to use cloud-based systems, with about 70 percent being designated for human resource-related information.

The report broadly recommended that school district administrators who make tech-related decisions brush up on their infrastructure, learn which of their district’s systems are cloud-based and what their cybersecurity posture is, and devote more resources to regular upgrades and security.

ManagedMethods CEO Charlie Sander said the findings suggest more focus and dedicated resources for cybersecurity are necessary, as schools increasingly turn to cloud applications for storing sensitive data.

“School districts have long led the charge into cloud technology by embracing Google Workspace and Microsoft 365 cloud applications. This new research tells us that some district administrators are unaware of the cybersecurity, safety and privacy risks that come with using them,” Sander said in a public statement. “Technology leaders need to know their cloud environments may be vulnerable, and that it’s their responsibility to secure them.”