Welcome!

Cloud Security Authors: Elizabeth White, Maria C. Horton, Liz McMillan, Ravi Rajamiyer, Pat Romanski

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Machine Learning , Agile Computing, Cloud Security

@CloudExpo: Article

Five Tips for Securing Student Data in the Cloud

... and on premises

There are a few absolutes when it comes to school. First, lunches will always be terrible. Second, your locker will be too small to fit your oversized textbooks. Finally, there's a high likelihood that some of your student data will be stored in the cloud.

This student data includes demographic information, test results, transcripts, email exchanges, grades, attendance history, contact information and more. It's a sensitive mix of detail that, if exposed, could prove damaging to the affected students and the educational institution. According to privacyrights.org, more than 1.8 million student records have been breached in the last 18 months. In one frightening incident earlier this year at the University of Tampa, a breach exposed the social security numbers, photo IDs and dates of birth of thousands of students and faculty members.

Keeping sensitive data firewalled in your on-premises data center doesn't eliminate the threat of exposure. Consider that tens of thousands of student records are breached each year because someone lost a laptop, smart phone or thumb drive containing information. Device theft is especially common in the healthcare industry.

Here are a few tips to help you secure student data in the cloud or your on-premises datacenter:

  • Backup your data - If you're storing data in the cloud, make sure you have a copy of the data stored locally or in another cloud. This won't prevent data theft or breach obviously, but it will ensure data integrity in the case of a loss.
  • Require multi-factor authentication - While not an absolute failsafe, requiring an extra step in the authentication process is a good way to keep password theft from resulting in a full scale attack. Multi-factor auth requires a user to provide something they know (a password for example) with something they have (a smart card, security token or third-party authorization via email).
  • Use FERPA as your starting point - The Family Educational Rights and Privacy Act states that any identifiable student data should be properly collected, maintained and safe from improper disclosure. This is a fairly vague policy and should be looked at as the minimum an institution should do when it comes to security.
  • Encrypt your data at rest and in transmission - FERPA actually recommends using encrypted email to transfer student data, but true data security must go a step further to cover data on disk. Think of encryption as your last line of defense; the free safeties on your high school football team that prevent a running back, who's already broken through your first and second protection layers, from getting into the end zone. Encrypted data is absolutely useless to someone with malicious intent, just as long as you follow this last tip.
  • Secure your keys - In the same way you don't store the keys to your car in the ignition, you should never keep your encryption keys on the server along with your encrypted data. Instead, keep them in a separate server on premises or in the cloud, and set up access policies that control who (or in some cases, what) can access those keys.

Securing student data means adding multiple layers of protection. If you're using the cloud, be sure to understand your provider's security policies, and ask tough questions.

Following the above guidelines can help you maintain the privacy and confidentiality of student data, but it won't solve all your problems. You're still going to be stuck with Mystery Meat Monday.

More Stories By David Tishgart

David Tishgart is a Director of Product Marketing at Cloudera, focused on the company's cloud products, strategy, and partnerships. Prior to joining Cloudera, he ran business development and marketing at Gazzang, an enterprise security software company that was eventually acquired by Cloudera. He brings nearly two decades of experience in enterprise software, hardware, and services marketing to Cloudera. He holds a bachelor's degree in journalism from the University of Texas at Austin.

IoT & Smart Cities Stories
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
Rodrigo Coutinho is part of OutSystems' founders' team and currently the Head of Product Design. He provides a cross-functional role where he supports Product Management in defining the positioning and direction of the Agile Platform, while at the same time promoting model-based development and new techniques to deliver applications in the cloud.
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in ...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
LogRocket helps product teams develop better experiences for users by recording videos of user sessions with logs and network data. It identifies UX problems and reveals the root cause of every bug. LogRocket presents impactful errors on a website, and how to reproduce it. With LogRocket, users can replay problems.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secu...