Netwrix: Educational Institutions Not Staffing for Cloud Security

Many educational organizations aren’t receiving enough budget for cloud security, while many are ready to start a cloud-first strategy.

That’s according to the global 2019 Netwrix Cloud Data Security Report for the education sector.

Ken Tripp, Netwrix’s director of channel accounts, tells Channel Partners the findings indicate that insider threat is still an issue for educational institutions as 65% of organizations said business users were responsible for data security incidents in the cloud. This is not surprising given that most of the regular users in this sector are non-tech and may not understand that their actions can lead to data compromise, he said.

“IT teams plan to target this issue with enforcing security policies, automating data manipulations and training employees,” he said. “These are the areas MSSPs should cover to assist educational institutions. At the same time, this industry continuously experiences acute employee and security budget shortage. This problem can be targeted by both automating routines mentioned above and finding cost efficient security solutions. Thus, MSSPs must consider flexible pricing options for this sector. Finally, [the] cloud skills shortage hinders educational institutions from leveraging cloud securely and efficiently. MSSPs may consider expanding their offering with consulting services tailored to this industry, so the IT staff would understand how to manage data security in the cloud correctly.”

Some 53% of educational organizations are ready to start deploying a cloud-first strategy for all new services and technologies, up from 40% last year, according to Netwrix. However, every third organization in this sector experienced a cloud breach in the previous year.

One critical factor is that IT teams at 70% of educational organizations don’t receive sufficient budget for cloud security. Only 12% saw their security budgets increased in 2019, and 98% said their management is not choosing to hire dedicated IT security professionals to support cloud security, according to Netwrix.

Other findings revealed by the research include the following:

• Seventy-one percent of organizations that were breached in the previous year never classified all the data they store in the cloud.
• IT teams plan to strengthen data security in the cloud by enforcing stricter security policies (41%) and training employees (39%). They are likely choosing these less costly measures due to lack of financial support from management.
• Only 19% of educational institutions are ready to move their entire infrastructure to the cloud, down from 32% in 2018.

“It is common for this sector to migrate to the cloud in order to share responsibility for the data security and availability with the cloud provider,” Tripp said. “However, it is mostly organization’s internal IT staff responsible for this matters. So the first thing to do before deploying a cloud-first strategy is to assess whether there are enough in-house skills to manage the cloud, since at the moment the top reason to uncloud is its poor manageability (30%).”

“Cloud technologies help educational institutions manage vast amounts of data cost efficiently,” said Steve Dickson, Netwrix’s CEO. “However, these organizations cannot rely solely on their cloud providers for cybersecurity. To keep sensitive data like student information secure, security pros must: 1) help their business colleagues understand that while security might be expensive, being unsecure is even more so; and 2) work with management to learn how to use their limited budgets more efficiently to keep find and secure sensitive data.”