Cloud Apps Audit: Complete Guide for Education Organizations

There is arguably no organization today that isn’t at least considering hosting business services in the public cloud. Cloud has revolutionized the way businesses thinking about their infrastructure. With little time and effort organizations can provision powerful and even complex systems. Public cloud has revolutionized processes and procedures for IT admins who are tasked with provisioning, configuring, and managing organization infrastructure. Additionally, organizations are able to take advantage of the wide range of third-party extensions that are available in public cloud environments by way of apps to extend functionality and features within the cloud.

Educational institutions have increasingly become heavy consumers of cloud services and data storage. Many cloud providers cater to the needs of educational institutions, often providing free services to public schools, colleges, etc. Colleges and school districts alike are using these rapidly developing technologies found in cloud computing to meet the educational needs of today’s highly demanding educational objectives.

Often, public cloud providers are able to provide the infrastructure and services that would simply not be possible or obtainable by on-premises offerings at most educational institutions and public schools. However, utilizing the public cloud for housing student data and resources can present challenges to transparency, compliance, and data security when meeting compliance regulations such as FERPA, PPRA, and COPPA. Let’s take a look at these challenges, and how educational institutions can take control of their data with Spinbackup, leveraging its powerful audit, data loss, and data leak protection capabilities.

Cloud Offerings for Educational Institutions

The shift to public cloud has been the mission for businesses and educational institutions alike over the past few years. The major public cloud vendors have rapidly developed their portfolio of products and services that provide appealing options when comparing costs, provisioning time, and ease of deployment of similar on-premises solutions. Cloud providers offer infrastructure that is simply not possible for organizations to achieve with on-premises infrastructure. The major cloud providers such as Amazon, Microsoft, and Google have world class datacenters in multiple locations around the world, providing highly resilient solutions and up-time ratings that are unobtainable for businesses and educational institutions with on-premises datacenters.

Focusing in on educational institutions and public schools in particular, major public cloud vendors even provide services and storage to educational institutions for free. This has made the move to public cloud extremely appealing for educational institutions looking for cutting edge solutions to keep pace with today’s education demands. Often, the first services that educational institutions look to move to the cloud are email and file storage.

Both Google G Suite and Microsoft Office 365 provide educational institutions offerings for free email services in their public clouds. Google’s G Suite for Education and Microsoft’s OneDrive solutions also provide free, unlimited storage for education users. Outside of the core email and file storage offerings for educational users, both Google and Microsoft provide a wide range of other features to educational institutions.

School districts and higher education institutions often use public cloud resources for many of the following:

Student reporting
Data hosting
Backups
Classroom activities

Let’s take a closer look at the services offered by both Google and Microsoft in the education realm for free.

Google G Suite for Education

Institution-wide email through Gmail
Shared calendars
Classroom Icon Classroom collaboration with Google Classroom
Video and voice conferencing
Dial-in access to meetings (US only)
Create docs Icon Documents, spreadsheets, presentations, and forms
Easy to create sites
Unlimited cloud storage
24/7 support by phone, email, and online
eDiscovery for emails, chats, and files
Retention and archiving for Gmail and Hangouts
Audit reports to track user activity
Security and administration controls
Device management (Android, iOS)
Data loss prevention for Gmail and Drive
Hosted S/MIME for Gmail
Enterprise-grade access control with security key enforcement

Microsoft Office 365 for Education

Web versions of Word, PowerPoint, Excel, OneNote, and Outlook
Desktop version of OneNote
Microsoft Teams, a digital hub that integrates the conversations, content, and apps your school needs to be more collaborative and engaged
Class and Staff notebooks
Professional Learning Community (PLC) groups
Self-grading quizzes with Forms
Digital storytelling with Sway
Inform and engage with communication sites and team sites throughout your intranet using SharePoint
Compliance solutions with a unified eDiscovery center
Rights management, data loss prevention, and encryption
Enterprise video service for creating, managing, and sharing videos securely across an organization
App development without writing code to extend business data quickly with custom web and mobile apps
Workflow automation across apps and services to automate business processes without writing code
Plan schedules and daily tasks with Microsoft Teams
Email with 50 GB mailbox
Unlimited personal cloud storage
HD video conferencing
Maximum number of users: unlimited
Unlimited email storage with In-Place archiving
Advanced email with archiving and legal hold

In addition to the free plans offered to educational institutions, both Google G Suite and Microsoft Office 365 have paid plans that supply additional features to the standard educational offerings. They are the following:

G Suite Enterprise for Education – All the features of G Suite for Education, plus additional enterprise-grade capabilities designed for large institutions.
Microsoft has a couple of paid offerings for Education:
- Office 365 A3 – All the features in A1 plus full access to the Office desktop apps, and additional management and security tools.
- Office 365 A5 – All the features in A3 plus Microsoft’s best-in-class intelligent security management, advanced compliance, and analytics systems.

It is certainly evident that both Google and Microsoft have a wealth of services and technologies that educational institutions can benefit from and most of the features are available for free. With the abundance of opportunities for educational institutions today to utilize public cloud services at no cost and access to the world’s best datacenters, it is no surprise that many are making use of the technologies available. However, there are certainly concerns both from a security and privacy perspective that education institutions must take into consideration in leveraging the power of the cloud. What are these?

Cloud App Data Security and Privacy Concerns for Education

With the widespread adoption by educational institutions, both in K-12 and higher education, a large quantity of student data is no longer housed in on-premises. What does this mean? Institutions are using the public cloud for various services and activities, including tracking student performance, classroom activities, and data hosting. This certainly raises concerns for many in regards to the way student data is being used and access in the public cloud. This also brings into question how housing data in the public cloud with the major cloud vendors falls in line with the various compliance regulations in the educational sector such as the following:

FERPA – Family Educational Rights and Privacy Act
COPPA – Children’s Online Privacy Protection Act
PPRA – Protection of Pupil Rights Amendment

All of the above regulations have as their goal the protection of student data, rights, and privacy. There have been many questions and concerns with public cloud environments since their beginning just a few years ago. When data is housed in someone else’s infrastructure, there have long been concerns that unlike an on-premises environment, you can’t say with absolute certainty from your own vantage point that unauthorized individuals do not have access to your data, even to the physical infrastructure. Public cloud vendors such as Google and Microsoft have made great strides in providing various means to ensure security of cloud data and the services that depend on the data.

However, there are still challenges for educational institutions looking to comply with the regulations under which jurisdiction they fall and still provide students with the best technological tools and learning experience possible. One of the big cloud security challenges that institutions face is understanding how student data is used or accessed by the public cloud vendor. Many have voiced concerns over the free offerings for student data to be housed such as email and file storage. Under the free use of certain services, there are often certain access privileges or information sharing that can take place. Oftentimes, these types of service offerings are poorly understood from a data privacy standpoint by the educational institutions that use them.

With this overall lack of understanding of how student data is shared or accessed by public cloud providers, there also exists a lack of policies and procedures that govern the online services and their use as well as how student information is shared with others. There also is an extreme lack of visibility across the board with built in public cloud tools to see how information is accessed in the environments by third-party tools or if information is being shared by faculty and staff in an unauthorized way, either accidentally or intentionally.

When complying with FERPA, educational institutions are required to have control of student information as it relates to being disclosed or shared with third-parties. There are also requirements regarding parental notice or consent when thinking about privacy policies and student data and again, this is poorly implemented if at all when public cloud services are utilized in education.

Organizations struggle to implement good data protection and data security when it comes to public cloud environments and this extends to educational institutions. The tools provided by public cloud vendors today are still greatly lacking in the ability to give organizations control over their data and the built-in security mechanisms needed to ensure data is safe and is not leaked from authorized use.

What about cloud data breaches? If data breaches happen in the public cloud, many contracts that educational institutions enter into with various providers do not expressly dictate the service level agreement as pertains to data breaches. In other words, the public cloud provider may not be contractually obligated to alert tenants that a breach has occurred. Along the same lines, the built-in tools provided by public cloud vendors often do not provide the visibility to the internal activities of end users which may indicate cyber security incidents are taking place. Centralized monitoring, reporting, and alerting are sorely lacking for educational institutions relying on the native tools provided.

There needs to be full-disclosure when it comes to the transparency that education institutions present to parents and students alike. The specific public cloud vendors that are aligned with to provide student resources and services need to be documented on organization sites and this information transmitted to parents. If student data is used by the public cloud vendor for advertising purposes, this type of information needs to be understood by all parties involved up front. If data is transmitted or harvested by third-parties, this information needs to be specified and understood. Limitations can also be placed on the sale or marketing of student information without parental consent which is also extremely important.

Educational institutions can also make use of technology as a means to help traffic the data usage, security, and sharing that happens from within the public cloud environment. Spinbackup is a state-of-the-art solution providing educational institutions with all the tools needed to have the visibility and control of data in the public cloud. Spinbackup significantly bolsters the tools, mechanisms, and intelligence across the public cloud environment. Educational institutions can greatly benefit by having the powerful tools provided by Spinbackup. Let’s focus on the specific Spinbackup technologies that allow educational institutions to have tremendous control on cloud applications, compliance, and securing student data.

Data Security, Protection, and Compliance in the Cloud with Spinbackup

Spinbackup is a solution that stands in a class of its own when it comes to being able to both protect data in the public cloud and provide data security in the cloud when compared to competing products. It does this all within a single pane of glass management interface. Spinbackup is a solution that has long been providing this protection to Google G Suite environments and recently has moved into the Microsoft Office 365 space, providing the same powerful protection for Office 365 as G Suite.

The Spinbackup solution is a multi-cloud aware, API-based cloud access security broker or CASB that incorporates some of today’s most powerful machine learning and protects both Google G Suite and Microsoft Office 365 environments from cybersecurity threats. In addition, it allows backing up organization data to a public cloud location of your choosing to align with current public cloud providers and to provide the opportunity for data diversity.

Spinbackup allows choosing where data backups are stored

This multi-faceted approach allows organizations to have visibility, control, and data protection to protect mission-critical data. Instead of having to put together multiple solutions from multiple vendors that may or may not provide the coverage necessary, organizations can utilize a single management console to oversee the protection and security of data as well as manage alerts and view real-time reporting of activity and audit information.

The control and security of data is arguably the primary concern for businesses and educational institutions alike that utilize public cloud environments for storing data and providing services. In the context of educational institutions, student data is at the heart data that needs protected and secured. Spinbackup allows having insights into how data is used and accessed and machine-learning enabled intelligence to constantly monitor the environment against threats and other anomalies.

Let’s focus in on the following Spinbackup features that can help educational institutions bolster their ability to control student data stored in the public cloud.

Data Leak Protection including Sensitive Data Control
Third-party Risky Apps Control
Data Audit
Ransomware Protection
Customizable Data Retention and other features

Spinbackup Data Leak Protection Including Sensitive Data Control

Data Leak is a disastrous result for businesses and educational institutions alike. Especially when thinking about compliance regulations that govern educational institutions, being able to guarantee information is not being accessed or leaked in an unauthorized way is extremely important. Spinbackup contains an intelligent machine learning engine that is able to parse through activity information and identify any actions or activity that may equate to an attempted leak of data or possible cybersecurity event in the public cloud environment. The data leak protection and alerting afforded by Spinbackup to educational institutions includes the following:

Alerts and visibility to suspicious data downloads
Transferring of data between an authorized public cloud environment and a personal public cloud environment
Downloading data to local storage
Sharing data outside the organization, either with third-parties or making it visible to the Internet
Access to organization data by risky third-party applications

Not only does Spinbackup help protect against the above actions, administrators can be alerted when the above events are detected in the environment. This allows administrators to be proactive instead of reactive when dealing with data leak or cybersecurity events.

As part of the robust data leak protection, Spinbackup is capable of sensitive data control. This allows administrators the ability to have specialized data leak protection involving sensitive information such as social security numbers and credit card numbers. The customizable data leak protection allows organizations to match patterns specified for controlling data from leaking outside the public cloud environment.

Third-party Apps Control

One of the value-added features of public cloud environments is the wide variety of third-party apps that can be added to the public cloud environment. Third-party applications allow administrators to extend the default functionality and features provided with additional capabilities. However, there can be security concerns with third-party apps that are allowed to integrate into the environment. End users often do not pay attention to the permissions requested when installing third-party apps. These are most often blindly accepted.

Spinbackup’s machine learning enabled algorithms constantly scan the behavior and access of third-party applications. Any activity that is deemed risky can be automatically remediated by revoking permissions to the application and sending alerts to administrators. Additionally, administrators can see all devices and user accounts with specific apps installed. An App “blacklisting” capability allows administrators to prevent certain apps from being installed into the environment, effectively preventing data leak by unscrupulous apps.

Data Audit

The Spinbackup Data Audit allows seeing the overall landscape of data that is shared across the organization. It provides information regarding the shared activity including:

Name of the resource
Owner
Shared With
Rules applied
Ability to cancel the share

This functionality allows administrators to quickly see potential data sharing violations that may expose sensitive student data outside the organization. Spinbackup provides tremendous visibility and control of data and data sharing.

Items-shared-with-third-party-users | SaaS security for Google Workspace, Office 365, Salesforce, Slack

Administrators can also configure daily security reports to be sent to both Email and or Slack channel. This is a great way to maintain visibility of possible security events that need attention in the environment.

Cloud Ransomware Protection

Ransomware poses a tremendous threat to data of all kinds. With the multitude of student files and potential files synchronized or saved to the public cloud, ransomware can be lurking, ready to infect files stored both on-premises and in the cloud. Cloud email can be infected as well. Spinbackup provides an industry leading Ransomware protection technology that allows an automated response to ransomware infection and the resulting damage to data.

The automated, machine-learning backed, ransomware response detects the ransomware infection and automatically remediates the damage. The malicious process is blocked and Spinbackup automatically restores files affected from the most recent backups! On top of the automatic operations, administrators are notified of the malicious event. This tremendously powerful capability allows a fully automated and effective response to remediate ransomware activity

The ransomware protection module dovetails into the data protection capabilities of Spinbackup. What are these?

Automated daily backups 1x to 3x daily
Configurable retention options – Allows configuring how long data is stored in backups
Protection reports – Know which data in the public cloud is protected and which data is not
Real time dashboard – Shows an overview of both data protection and cybersecurity in the public cloud environment.

By taking advantage of the robust ransomware protection features that leverage machine-learning and automated daily backups, educational institutions can ensure student data and other mission critical data is safe from today’s looming ransomware threat.

Concluding Thoughts

Public cloud environments provide tremendous advantages for today’s educational institutions. Most educational institutions and public schools are utilizing the public cloud in some way for classroom or other resources and data services to meet today’s educational demands. The challenge to make effective use of cloud and still maintain compliance with today’s strict compliance regulations can be very demanding.

At the heart of this challenge is controlling who has access to student data and effectively auditing and securing this data. Spinbackup allows educational institutions and public schools to meet the challenge of data privacy and security in the public cloud. It allows taking back control of data access and managing this data much as it is managed on-premises with often better visibility and auditing capabilities that are afforded by Spinbackup’s API based CASB engine. By leveraging the Spinbackup solution, education can effectively utilize public cloud and still meet the compliance regulations to ensure data security and privacy.