September 25, 2012 - Business Wire Press Release
More student data, including demographic information, grades, test results, transcripts and personally identifiable information, will be stored in the cloud this school year than ever before. Today, Gazzang, a leading provider of enterprise data security solutions, released five tips to help educational institutions reap the benefits of cloud computing without putting sensitive data at risk.
According to privacyrights.org, more than three million student records have been breached in the past two years. Many of these data breaches resulted in the exposure of social security numbers, photo IDs, birth dates, financial aid details and other sensitive information. Such breaches can be damaging to the affected students, not to mention embarrassing for the educational institution.
As the volume of sensitive data in the cloud and the use of big data stores continues to climb, so too do the concerns about hacking attempts, malicious activity from rogue insiders, and unauthorized access by cloud and software-as-a-service providers. Below are five steps that universities, school districts and any other entity handling student data in the cloud can take to secure that information:
- Use FERPA as a guideline -- The Family Educational Rights and Privacy Act states that any identifiable student data should be properly collected, maintained and safeguarded from improper disclosure. While no specifics or requirements are offered for how to maintain and secure sensitive data, FERPA guidelines should always be considered when you are transferring or storing student information.
- Encrypt your data at rest and in transmission -- FERPA recommends using encrypted email to transfer student data, but true data security must go a step further to also encrypt data on disk. Think of encryption as the free safeties on a football team that prevent a running back who's broken through the first and second protection layers from getting into the end zone. Encrypting data at rest is one of the best ways to ensure it is protected from unauthorized access, provided you follow the next step.
- Secure your keys -- In the same way you don't store the keys to your car in the ignition, you should never keep your cryptographic keys on the server with your encrypted data. Instead, keep them in a separate server and set up well-constructed policies that control which processes can access those keys.
- Require multi-factor authentication -- Requiring extra steps in the authentication process is a good way to keep password theft from resulting in a full-scale attack on your cloud. Multi-factor authentication requires a user to provide a mix of something they know (like a password) with something they have (security token, access to an authorized or third-party authorization).
- Back up your data -- If you store data in the cloud, make sure to keep an encrypted copy of the data stored locally or in a different cloud. This won't prevent data theft or breach, but it will ensure data integrity in the case of a loss.
“Leveraging the cloud for storage provides a number of great benefits including significant cost savings and operational efficiencies, but the cloud is only as good as the security that protects it,” said David Tishgart, director of product marketing at Gazzang. “The best way to limit the impact of a data breach and ensure the confidentiality of sensitive information is to add multiple layers of security to your cloud, before you begin storing the data. The steps outlined above can help keep student records safe in private, public or hybrid cloud environments.”
For more information about securing student data in the cloud, download the FERPA Compliance Guide.
Gazzang provides data security solutions and operational diagnostics that help enterprises protect sensitive information and maintain performance in cloud environments. The company has more than 200 customers across multiple industries including SaaS providers, financial services, technology, health care and government organizations. Gazzang is backed by Austin Ventures and Silver Creek Ventures. For more information, visit www.gazzang.com.