The introduction of Chromebooks in American schools has been instrumental in giving more students access to the internet. But the huge shift to remote learning for students and teachers — and the sudden reliance on networks that typically lack the security protections in place at most schools — has created new security challenges for most K-12 school districts.
One of the key challenges school districts now face is assessing the risks introduced by unmanaged assets, according to Sunny Suneja, former senior cloud security architect, U.S. Public Sector at McAfee.
“Educational institutions now have to take into account the increased attack surface because of unmanaged devices being used by user populations, connecting to school networks and platforms from untrusted sources and untrusted locations on the internet,” he says in a new EdScoop podcast, underwritten by McAfee and Carahsoft.
That’s forced K-12 school districts to “rethink how to implement good security controls, given the variables at play here,” especially given the disparity in how effectively different user populations and faculty tend to follow good cyber hygiene practices. “That could be from showing awareness of what URLs to click on; or what kind of apps to install on their Chromebooks; or … in terms of how they end up accessing school networks and platforms.”
Cloud’s impact on remote learning security
Asked what kinds of security threats should be of greatest to concern to educators and school administrators in remote learning situations, Suneja says, “it boils down to a few challenges associated with cloud adoption.”
“Cloud adoption has changed the way schools work and manage data — especially these remote distance learning platforms — because of the benefits that these platforms offer in terms of availability, scalability and cost reduction,” he says.
“A vast majority of web traffic is encrypted, making it extremely difficult to inspect, and take appropriate actions, using legacy tools and appliances in the default world,” he explains. These tools “tend to be overloaded. They report unnecessary details or lack the necessary details.”
In addition, he says, schools “are struggling with understaffed, exhausted teams that have to comb through multiple consoles to piece an incident together. And we all know that breaches aren’t slowing down.”
As schools have tried to overcome budget limitations, by increasing their BYOD postures, “they will need to be smarter about leveraging tools that help them scale, to meet demands and deliver a strong return on investment,” says Suneja.
“One of the big challenges,” he adds, “is the velocity with which threats can get into a student’s home environment. Students need to be more aware of where they’re connecting from, as they’re joining the school network. These entry points put the students at risk. But the security tooling effort we’ll need, has to take into account contextual access controls. So that’s a security architecture shift that we see K-through-12 systems implementing over the next few months.”
Those controls also play a key role in protecting student privacy, he says in the podcast.
Suneja highlights where McAfee has played a key role in helping school districts detect and respond to violations in district security rules. He cites one example where McAfee helped a district deploy agents that can sit on Chromebooks to prevent operating system exploits and application vulnerabilities.
Going forward, he concludes, “I think for leadership, my recommendation would be for them to recalibrate how they think about securing collaboration and distance learning platforms and tools. Let 2021 be a time when security teams are implementing additional guardrails.”
Sunny Suneja is a former Senior Cloud Security Architect for U.S. Public Sector at McAfee, a global security and privacy solutions leader. He has almost 15 years’ experience in cybersecurity, advising both public sector and industry clients on risk management practices.
Listen to the podcast for the full conversation on securing the remote learning environment. You can hear more coverage of IT modernization in education on our EdScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.