By Charlie Sander, Chief Executive Officer, ManagedMethods. ManagedMethods was a SaaS Awards finalist in 2020.

Cloud computing in K-12 schools isn’t new. Districts have used cloud apps, such as Google Workspace and Microsoft 365, in the classroom well before the COVID-19 pandemic arrived. But, when schools closed their doors due to stay-at-home orders, districts increased their use of cloud apps to keep students and teachers connected from home.

Remote learning is starting to go away, but cloud applications aren’t. Google and Microsoft apps became the go-to option to keep students, teachers, and staff connected. It made the vulnerabilities created by the cloud more apparent to district administrators. For IT teams, the focus must turn to cloud security.

K-12 Education’s growing cloud environment

Cloud applications are critical for districts to continue schooling. Students now have a school-provided device—or their own—that they take to and from school. For those districts that weren’t one-to-one before the pandemic, there are now thousands of new access points into their Google and Microsoft domains. And this access can come from anywhere, at any time.

Cloud-based learning management systems (LMS), such as Google Classroom, are increasing the amount of sensitive data stored in the cloud. Districts are storing grades, coursework, attendance, individualized education programs, and more. This is in addition to the personally identifiable information (PII) and credit card information districts keep on file.

Since this activity takes place in cloud apps, it circumvents traditional on-premises security measures. This includes firewalls, antiviruses, and endpoint protection. IT teams need to focus more on securing their data—not just their networks.

Improper data sharing violates district privacy laws

When data is shared improperly, districts violate data privacy laws. These laws include federal laws like the Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), and Children’s Internet Protection Act (CIPA).

There are also data privacy laws at the state level, such as the California Consumer Privacy Act (CCPA), Virginia’s new Consumer Data Protection Act (CDPA), and Illinois’ Student Online Personal Protection Act (SOPPA). Violating these laws puts districts at risk of paying large fines or not receiving extra funding to make necessary purchases.

ManagedMethods helps IT admins track and control file sharing activity. The platform will identify files containing sensitive information, how they are shared, and who they are shared with. It can then revoke access permissions manually or automatically. Monitoring activity in cloud apps not only maintains privacy. It also protects school districts.

Changing cybersecurity in schools

Schools will get back to in-person learning. But not every student will return to the classroom. Some may opt for a remote learning option and many districts are making plans to accommodate them.

Without proper cloud security, sensitive data is exposed. Most often, sensitive data is exposed accidentally by authorized users—students, teachers, and staff. Detecting these incidents and educating users is a challenge for IT teams with little visibility and control.

Districts use ManagedMethods’ cloud-native API integrations to monitor their Google Workspace and Microsoft 365 environments. This helps IT admins secure sensitive data in the cloud, no matter where users are accessing it from.

Artificial intelligence protects against malware

The platform uses artificial intelligence to protect districts against malware and phishing threats, detects and remediates compromised accounts. IT teams can use out-of-the-box or customized policies to automate enforcement, such as notifications, password resets, revoke file sharing, and other tasks all from one platform.

When securing against cybersecurity risks, most attention is on external threats. But it’s the internal activity that can cause the most problems, and be the most difficult to detect. For IT teams, watching for unusual and anomalous behavior is critical. This includes student and staff logins from unauthorized locations, more email activity, increased file sharing, external accounts with access to district cloud drives, and more. This activity indicates an account may be compromised, which causes problems if undetected.

Beyond cybersecurity risks, these applications also pose student safety risks. Especially now that students are learning from home more. Districts tend to focus on social media and online browsing behavior. Yet, Google and Microsoft cloud apps contain many signals indicating student safety risks.

Student safety signals in school technology

Google and Microsoft applications are full of safety signals. Students leave clues about their thoughts and actions in chat apps, documents, and emails. Risks are also hidden in files and images in a district’s cloud storage. As these apps get more use, IT teams become the first line of defense in finding safety signals.

Student safety signals can include cyberbullying, self-harm, racial and LGBTQ+ discrimination, threats of violence, and explicit and sexual content. District IT teams use ManagedMethods Signals to monitor for these safety signals in the apps most used by students and teachers.

Signals is an industry-leading, AI-powered student safety monitoring tool built and trained with data specific to K-12 education. Most importantly, Signals helps administrators detect when a student is in crisis and in danger of potentially harming themselves or others. Signals sends an alert to designated school administrators in near real-time with all the information available to understand the incident and help the student in need.

With the introduction of video into classrooms, IT admins are faced with another challenge to make sure districts are better protected, and students and staff interactions are safe.

Many lessons have to be taught remotely, with some pupils not returning to the classroom

Increasing use of video conferencing in classrooms

Google Meet, Microsoft Teams, and Zoom are now ingrained in schools and the classroom. These applications help keep students and teachers connected from anywhere. But they also open districts to more security vulnerabilities.

According to The K-12 Cybersecurity Resource Center, 45% of publicly-disclosed K-12 cyber incidents were due to the invasion of virtual classes and meetings held on these video conferencing platforms.

Video is still somewhat new in schools. The virtual classrooms set up by teachers are often not configured and aren’t as secure as they need to be. Students are also far more tech-savvy than teachers and cause disruptions during class. These disruptions can be because a student not in the class found the ID and password somehow. That student can then enter and conduct inappropriate behavior that disrupts the class.

Monitoring and reporting essential

Examples of inappropriate behavior include uploading discriminatory and explicit content, writing threats of violence, shouting obscenities through their microphone, and more. When a class is over, teachers may leave the online meeting without fully closing the session. This lets students then use it as a place to hangout with no supervision.

This is why ManagedMethods provides monitoring and reporting features for Google Meet, Chat, Microsoft Teams, and Zoom. The collaboration and productivity benefits of cloud applications offered by Google and Microsoft are now a critical part of schools—and are here to stay.

It’s no secret that K-12 schools are underfunded and overwhelmed. Unfortunately, this reality is making them perfect targets for cybercriminals. The learning environment now expands outside of school buildings and networks. Now, IT teams must also expand their thinking around how to secure the technology they’re providing to support students, teachers, and staff. Doing so will make schools safer, more secure places to learn and work.