Security Experts:

Education's Digital Future and the End of Snow Days

Healthcare may be the first industry that springs to mind for many people when thinking about sectors that have had to suddenly, dramatically adjust due to the COVID-19 pandemic. 

But ask parents around the world, and they’ll likely say “education.” The traditional classroom was turned on its head in a matter of weeks, and some of those changes will be here to stay. 

Back in February there were no capabilities at scale for kids to attend classes from home. Fast forward a few weeks and millions of kids were attending classes and completing assignments remotely. 

As has happened in many other industries, apps are also getting their chance to disrupt the education paradigm. Application portals like j2launch and others are delivering an array of learning and quiz apps. Established apps like Kahoot! have been retooled for an educational setting. As a natural evolution of this phenomenon, gamification is being much more widely used to engage kids in learning.  

The results of all these efforts have been mixed, but the progress has been remarkable given the nature of education as an industry. It’s easy to imagine the highlights from school board meeting transcripts had this wave of change occurred any other time.

From a cybersecurity perspective, perhaps the greatest risk for digital education comes from the wide variation across districts in terms of resources. For some, laptops, apps and other technologies were already part of curricula. But in many areas, those assets are harder to come by, let alone IT departments and cybersecurity staff. 

And the concerns for online learning are legitimate: Malicious actors are always looking for new opportunities, and there’s evidence they’re already focusing on the education sector. Data from Microsoft has shown that education as an industry accounted for 60% of reported malware encounters in June — affecting more than 5 million devices in just 30 days. 

Legacy systems prevalent in many districts present other problems: misconfigurations, bad setups, software that goes for long periods without updates and patches. 

Add to all this the flood of devices connecting to these new systems and applications. An enterprise organization can maintain some control over the devices on its network. Those used by students could come from anywhere, and ensuring easy access is critical. 

BYOD and shadow IT are challenges for sophisticated organizations. Now districts with thousands of students and teachers face a world where every one of those users accesses their systems via multiple unknown PCs, laptops, tablets and phones. Since those devices are in the home, they could become a risk for other devices, potentially being used to attack a parent’s work laptop or to exploit other vectors. 

The trend toward gamification also represents both a huge new opportunity for education and new challenges. On one hand, having widespread data on success rates and trends that can be sorted by school, grade level and geography could offer real insights into education that we’ve never had before. Yet there’s potential to misuse this new flow of educational data to target students, teachers or districts. 

And then there’s that lingering difference between districts that have the resources to contend with these issues—and as a result perhaps offer a better experience for students, teachers and parents—and those that may be further behind. Will some districts offer high-end, bulletproof educational software while others are serving up marketing-laden freeware? 

Clearly there are many variables to contend with. District IT departments, already strained in normal times, simply cannot offer the cybersecurity resources to protect this kind of mass-scale rollout of new technologies in these highly unusual circumstances. 

Although the digitization of classrooms has exciting potential to help us build a more strategic and effective education system overall, we need broad engagement to make it really work for students. 

Vendors serving education and the security community must work hand-in-hand with districts to keep these new digital environments safe. Districts themselves should emphasize training programs for students and teachers that cover the basics of safely using technology, just like enterprises do.  

How will these new tools impact learning going forward? There’s clearly a widespread sense that kids do best in a physical classroom, but we’re likely to see a mix of in-the-room and online schooling for some time to come. 

Which leads us to perhaps the biggest risk to our education system as we know it, and the foremost question on students’ minds: Will there ever be another snow day? 

view counter
Preston Hogue is Sr. Director of Security Marketing at F5 Networks and serves as a worldwide security evangelist for the company. Previously, he was a Security Product Manager at F5, specializing in network security Governance, Risk, and Compliance (GRC). He joined F5 in 2010 as a Security Architect and was responsible for designing F5’s current Information Security Management System. Preston has a proven track record building out Information Security Management Systems with Security Service Oriented Architectures (SSOA), enabling enhanced integration, automation, and simplified management. Before joining F5, he was Director of information Security at social media provider Demand Media where he built out the information security team. Preston’s career began 18 years ago when he served as a security analyst performing operational security (OPSEC) audits for the U.S. Air Force. He currently holds CISSP, CISA, CISM, and CRISC security and professional certifications.