Maintaining School-Based Data Security with Cloud Computing Services
Our educational institutions, whether universities or elementary schools, possess a tremendous amount of confidential and sensitive data. Unfortunately, the number of data breaches at educational institutes has been higher on average than those in other sectors, indicating that as yet, schools have failed to effectively make use of modern data protection methods.
Failing to Implement Effective Data Protection
Unencrypted data is a glaring security vulnerability from which many schools suffer. Should any storage media with unencrypted data be lost, it is almost certain that the data will be lost. By utilizing a centralized system with organization-wide access, cloud computing providers enable schools to reduce the danger that the theft of equipment will result in the loss of confidential data.
Improperly Secured Data and Equipment
In today’s world, the ubiquity of portable data storage equipment presents a challenge in maintaining data security. All too many schools have not set policies for what files may be copied to these items, nor have they created an effective inventory system to track the use and status of mobile computers and data storage systems.
By creating a policy that limits the distribution of confidential data to secure machines only, and by effectively tracking those devices at all times, the school can drastically reduce the danger of a data breach stemming from the loss of such a device. This is especially useful when all critical data is not stored on the device but in the secure confines of the cloud computing provider's datacenters.
Limiting Information Distribution
All schools have a wide variety of employees, including volunteers, student employees and outside vendors. Another source of data breaches is the failure to effectively limit system privileges to those who require them.
A cloud computing service can help ensure that all employees only have access to the confidential information they need to perform their duties. Using the management console provided by the cloud vendor management can revoke the access privileges of former employees, especially those who have been asked to resign or terminated to avoid the malicious vandalism or theft of privileged records.
Establishing a Clear Data Security Policy
The last and most serious source of data breaches is the failure to create and adhere to a clearly defined information security policy. Although the cloud computing service provides the back-end data security, schools fail to focus on making information security a part of the school culture, in addition to failing to establish managers who are clearly responsible for implementing the policy.
By creating such a policy, the school can ensure that its security policies are continually examined and updated for devices outside the control of the cloud provider, and that all employees are effectively prepared to maintain data security.
Data security requires a holistic approach on the part of the school. By working to deal with all potential weaknesses, a school can effectively protect the information of its educators, students and managers alike.
Additional Ways To Implement Security Programs
Identify goals of the security program, create a clear and defined process so that all parties involved know the correct protocol (i.e. Proper process after an employee is terminated is to immediately revoke all access etc)
Schools can implement access control management systems (there is both physical access control and logical) by implementing a logical access control system the school could restrict access to certain files or restrict users to read only so that information cannot be edited etc.
In addition to cloud computing, schools can print smart cards on-site and the cards can be used to control these access rights or used to create role based access control where based on the persons role they are granted access to specific information.
IT departments should ensure devices are regularly inspected for any malware, and updated, and should make sure that all employees are instructed on how to maintain the security of confidential information.
Special thanks to Rebecca Fischer at CardPrinter.com, a retailer providing identification printers and logical access control products to a variety of industries.
