Larger enterprises have the resources to not only afford the technology needed to grow in the digital age, but they also have the budget and manpower to build security into their overall ecosystems.
Does the K-12 education sector have the means to do the same? As the use of technology becomes more prevalent in public schools, will collecting more data potentially increase the cybersecurity risks for the K-12 sector?
Earlier this fall, the Center for Data Innovation released a report, Building a Data-Driven Education System in the United States, in which they said 93 percent of teachers are regularly using digital tools to assist classroom instruction in some capacity.
Researchers want to leverage that data to transform education; however, these escalating plans for using data collection to advance public education raise questions about the risks to schools.
Keith Lowry, senior vice president, Nuix USG, a global security intelligence firm, said, "K-12 runs at the state and local level, and they are individually going to be responsible for the protection of those infrastructures."
Who then, at the state and local level, is thinking about security in education? "In general terms," said Lowry, "most people and organizations including government agencies are either turning a blind eye or are not technologically tuned in to the tremendous threat that happens to be at our doorstep in our digital world."
Security begins with administrators and leaders. Before schools start collecting this myriad data on students, they have to spend some time and write policies and work out processes and procedures to plan for an attack, but are they too late?
The reality is that schools are not operating with no data right now.
Daniel Castro, director, Center for Data Innovation, said that in some ways the challenges in education aren’t too different from what you see in other industries. "We know there’s a lot of best practices from thinking about authentication to vulnerability testing, but school districts don't have to have all that expertise."
In addition to cloud services, Castro said that a lot of that security will come from the vendors themselves. "Schools, school districts, partners, and state governments can provide oversight of different vendors so that when systems have security vulnerabilities, they are identified and distributed widely," said Castro.
Being able to differentiate between secure and insecure products and having model clauses for cloud computing within the education sector are other ways to think about risk, said Castro, but "The solution can’t be each school needs to do X, Y, and Z. It has to be looking at how do you get vendors to secure the quality of their products?"
Creating a certification system for vendors to ensure broad commitments to security and getting the industry to agree to the same practices is another solution that Castro said could have great success.
Sign up for CIO Asia eNewsletters.