Cloud technologies are becoming a commodity for education sector. According to Netwrix’s 2019 Cloud Data Security Report, 53% of educational organizations are ready to start deploying a “cloud-first” strategy for all new services and technologies, up from 40% last year. This is not surprising. As the volume of student information and research data continues to skyrocket, educational institutions are migrating data to the cloud in order to manage it in a more cost-efficient manner.
Also, according to the survey, every third organization in this sector experienced a cybersecurity breach in the previous year. 71% of them never classified all the data they stored in the cloud, leaving them unable to ascertain whether the breached data contained sensitive or confidential information, estimate the damage and improve security in the future. The main reason for this failure is lack of management support: 70% of those who had a breach claim they don’t receive sufficient budget for cloud security. This is unlikely to change soon, since only 12% of IT teams had their security budgets increased in 2019. Moreover, 98% of educational organizations surveyed say management is not choosing to hire dedicated IT security staff to support cloud security.
What lessons can IT teams at educational institutions learn from the Netwrix study? Based on conversations with security pros I have had, it seems that poor communications between IT and management is still an issue. Often, heads of educational organizations have little strategic IT vision and are not paying sufficient to the importance IT can play to the business and security. IT leaders need to better explain how educational process can benefit from cloud technologies and why security needs more attention and resources. They also have to learn how to use their limited budgets more effectively to improve security.