Trust no one: The only effective approach to data security

A 'Zero Trust' mentality is key when implementing data privacy policies and practices for districts.
By: | July 28, 2021
Richard Quinones is senior vice president at iboss.

Richard Quinones is senior vice president at iboss.

The National Center for Education Statistics reported that in September 2020, more than 67 percent of adults who had children under age 18 enrolled in a public or private school had reported that their children’s classes had moved to a distance learning format using online resources. Of this, over 59 percent also reported that computers were provided by the children’s schools or school districts.

Today, virtually all districts have incorporated some form of cloud-first strategy and solutions to help support day-to-day learnings, which has presented unique challenges and concerns. Alongside the remarkable and mostly successful efforts to connect students and teachers in digital spaces during the pandemic, the past year has also brought stories of zoom bombing, data breaches and inequitable student access to technology. These conditions have had a direct impact on privacy concerns related to educational data, including the ever-growing reliance on cloud applications for teaching, learning and student mobility.

As we approach the 2021/22 school year, we anticipate seeing administrators take additional measures to promote student data privacy, including greater attention to data governance. K-12 IT leaders will be focused on increasing security measures. This will likely include actionable data privacy policies and practices, including a ‘Zero Trust’ mentality to safeguard the tremendous increase in the reliance on cloud-based teaching and learning applications. Over the last 18 months, digitalization and ‘learn from anywhere’ have surely accelerated the need for Secure Access Service Edge (SASE) offerings that offer secure connectivity to any educational resource from any device, from anywhere. With SASE, security follows the student, as it is delivered in the cloud. This ensures that the same level of protection and compliance is applied to a student regardless of whether they are in the classroom or at home.

According to the 2021 Strategic Roadmap for SASE Convergence report from Gartner, “Digitalization, work from anywhere and cloud-based computing have accelerated cloud-delivered SASE offerings to enable anywhere, anytime access from any device. Security and risk management leaders should build a migration plan from legacy perimeter and hardware-based offerings to a SASE model.” Gartner also forecasts that by 2025, “at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.”

What is Zero Trust and what are the benefits for my school district 

Zero Trust is just that: no trust in anyone or anything that could possibly breach data security. This approach, now increasingly embraced across K-12, includes an integrated defense strategy that addresses threats to security – particularly the cloud, where sensitive data is transacted and stored (often between an on-premises school network and outside locations). A Zero Trust model forges a data-centric perimeter around school information comprised of powerful encryption methods—as well as stringent authentication techniques. Connectivity is only granted after identity is authenticated, the security posture of the connected device is verified, and the user is authorized to access the desired application, service or information.

As IT leaders look to strengthen their defense strategies, it’s essential to find the right platform that offers consistent policies to help keep students secure, without hindering productivity. The pandemic has opened the need for secure connectivity, from anywhere. It is time to ensure each district embraces a Zero Trust mentality.

Richard Quinones is a senior vice president at iboss. He has spent over 20 years taking on important IT leadership roles at the county, state and national levels. His past experience includes being appointed Los Angeles County’s first chief education technology officer, where he led the delivery of IT services across 80 school districts and five community colleges. 

More from DA

Interested in edtech? Keep up with DA's Future of Education Technology Conference®.