Learning technology in K-12 schools poses unique cybersecurity challenges that aren’t often considered by the broader cybersecurity industry.
Chrome OS is incredibly important in education, yet the industry is often less focused on Chrome OS than it is on Windows, Mac, and Linux systems, with Chrome OS security and security capabilities largely left up to Google and what it offers (or doesn’t offer).
The organizational and financial realities of K-12 schools mean that technology teams in primary education are less narrowly focused on critical vulnerabilities and up-to-the-moment mitigations and tools, particularly given the cost of the latter.
Meanwhile, the wide range in school systems scale, from mammoth school districts in major urban areas to tiny one- or two-schoolhouse organizations, means that universal best practices are hard to come by or define.
And of course, key parts of the primary education user base that must be protected—most notably students and teachers—are difficult to serve well with corporate cybersecurity training methods.
Lagging Capabilities and Real-world Struggles
For these reasons, schools tend to experience the cybersecurity tools they actually live with as systems whose capabilities lag behind schools' needs in various ways, in some cases failing to meet them altogether.
Device and Ecosystem Diversity
Faced with perennial funding concerns, school are often caught between the desire to provide students and teachers with a uniform fleet of state-of-the-art technology and the reality of finding ways to continue to use large numbers of legacy devices safely.
A fleet of Chrome OS devices must often co-exist with Windows and Mac devices, all of varying ages and performance levels. For already overstretched IT staffs on limited budgets, this can be something of a nightmare scenario—and a daily source of pain.
High Trust vs. Data Safety
Schools operate in a high-trust technology environment in which parents, students, and staff simply presume that learning technology is trustworthy. But for this reason, they are obvious targets for social engineering and ransomware attacks.
Meanwhile, issues of safety around computing—as relates to confidential information, cyberbullying, age-appropriate access, and similar concerns—are often difficult for schools to manage well given the practical constraints that they face. Unfortunately, for schools these kinds of concerns often veer into territory where best-of-breed solutions from the cybersecurity industry are often cost-prohibitive for anything but the largest organizations, even with educational pricing.
Use Policies vs. Software Controls
Education is often particularly careful to implement use policies around learning technology in the interest of student safety and compliance. But schools often struggle to find software controls that can be configured to enforce these policies, particularly when multiple kinds of devices and operating systems are in the mix.
While getting parents and students to agree to use policies in principle at enrollment or registration time is easy, ensuring that these policies are adhered to is anything but. Expecting K-12 students to adhere strictly to use policies they may only vaguely be aware of is often a losing battle, similar in scale to the losing battle that severely understaffed and resource-constrained IT teams face in trying to detect violations of use policies.
IT Administration Overhead
Serving a cohort of users that primarily consists of underage, FERPA-protected students means that what would be everyday end user tasks in the corporate world are pulled back to ownership by IT operation and administration staffs.
The heaviest of these is probably account management, where applications must be tightly configured for permissions on a capability-by-capability basis, yet even basic tasks like password resets and “forgot password” workflows must be handled by staff due to limitations in the software platforms—like Google for Education—upon which schools rely.
The Limits of Google
Google for Education has become dominant in many school systems, and for good reason, given the degree to which it offers a coherent, integrated platform designed for primary education. Yet for this reason, it is also often effectively the only true provider—or at the very least, the only pervasive provider—of cybersecurity capabilities and software controls in schools ecosystems.
To some extent this is fine for Chromebook users, though Google for Education can still fall victim to several of the other problems outlined above—but it does relatively little to provide security or safety beyond the web browser for users on Mac and Windows systems, who are often faculty and staff, and in some cases even cohorts of students and parents.
What K-12 Cybersecurity Needs
Given the realities outlined above, it’s possible to assemble the picture of a cybersecurity toolset or platform that would address the needs outlined above. This platform would:
-
Support non-Google devices. Rather than providing only tools to secure Chromebooks, or a different set of tools between Chromebook, Windows, and Mac OS, it would provide a single set of capabilities and controls that worked with all of them.
-
Enforce technology use policies. The needed platform would give K-12 IT staff the ability to craft software controls that closely match learning technology use policies, from context-oriented access controls to personal account and social media blocks.
-
Control the flow of data. Both for FERPA compliance and for other reasons related to confidentiality, student safety, and work sharing and plagiarism prevention, it would offer robust controls to appropriately limit the flow of data—enabling staff to decide what kind of information can be downloaded, emailed, posted, moved to a flash drive, or copy-pasted.
-
Reduce administrative overhead. The platform would need to enable students, parents, faculty, and staff to compute with a lower IT learning curve and set of management tasks to attend to, reducing the need for IT support. It would return tasks like password management and “forgot password” workflows back to users, but in a safe and secure way.
-
Be affordable and accessible at the K-12 level. Finally, such a platform would need to be affordable on a K-12 schools budget, not just to the largest districts, but to every school and district—and it would need to be accessible enough to be deployed and managed by very busy and often shorthanded or dual-role IT staffs.
The Solution is Plurilock AI
If you suspected we were building toward a claim here, you were right, and the claim we’d like to make is this: Plurilock AI DLP is the cybersecurity platform we’re talking about—one that ticks all of the boxes we’ve just outlined. Plurilock AI:
-
Works with Windows, Mac OS, and Linux in addition to Chrome OS, unifying security administration workflows and tools across all of them.
-
Provides single sign-on and deep-yet-flexible access controls to reduce complexity for users and staff while enabling software to enforce use policies.
-
Offers a mature data loss prevention platform to give IT teams the ability to define, enable, and constrain how (and which) data can be shared, uploaded, download, copied, or accessed.
-
Centralizes key parts of security administration, reducing load for IT staff and account and password management simple for users to handle safely themselves.
-
Is significantly more affordable than competing platforms even before educational discounts apply.
-
Was rated #1 in customer satisfaction by Info-Tech and SoftwareReviews.com in 2023, demonstrating its accessibility, ease of deployment, and simple operation in both large and small environments.
For readers in primary education, this is our pitch to you—give our sales team a call. Plurilock serves a number of schools and districts across the United States and we have teams on both costs that are happy to work with schools.
And if now is not the time for budgetary or practical reasons, or there are multiple solutions under consideration, use the checklists above as a guide to what you’re looking for as you continue to face an increasingly difficult cyber-threat landscape—with a flow of students, organizational constraints, and budgetary constraints that are very much the same, school year after school year. ■
