As we move more and more to the cloud, a school district needs to ensure that its internal business rules and board policies and procedures are applied to cloud resources. This applies to both files and applications.
Before cloud, software as a service (SaaS), and the ubiquitous edtech apps, file access and applications could be controlled on site by IT. Today, to better control cloud access, a cloud access security broker (CASB) can enable IT to add an extra level of security to cloud services accessed by district users. IT can apply policies and actions to cloud resources as users access resources. This improves the security posture for the district as otherwise unmonitored resources are checked.CASBs are helpful initially with extra file security. Not all CASB vendors provide the same services, but most provide, in equal importance A) visibility into what is sent to the cloud storage provider (Google Drive, One Drive, Dropbox, etc.) B) compliance controls C) data security and D) threat protection. Combined, they provide the ability to manage who has access to what data (monitoring sharing), enforce rules around use of the data, ensure integrity of the data, and provide threat assessment and response. CASBs can have the automation capabilities to actually train the users on document security and to assess their sharing practices. When applied systemically and with governance controls, it can help users follow best practices. It allows the district to lead with a carrot rather than the more typical compliance stick.
For applications, districts can first block then ultimately properly onboard new applications or IT can drive users to the preferred and supported cloud resource. Since users can easily allow a third-party access to data by agreeing to terms and allowing a web application access to the district app ecosystem, having controls is an added benefit when staff try to add applications to the Microsoft 365 or Google environments.