70% of educational orgs don’t have an appropriate cloud security budget

Even though cloud technologies are becoming more popular in the education sector, management is still reluctant to invest in cloud data security initiatives, a Netwrix study finds.

53% of educational organizations are ready to start deploying a cloud-first strategy for all new services and technologies, up from 40% last year. However, every third organization in this sector experienced a cloud breach in the previous year.

One critical factor is that IT teams at 70% of educational organizations don’t receive a sufficient budget for cloud security. Only 12% of them saw their security budgets increased in 2019, and 98% say their management is not choosing to hire dedicated IT security staff to support cloud security.

Other findings revealed by the research:

• 71% of organizations that were breached in the previous year never classified all the data they store in the cloud.
• 65% of organizations say business users were responsible for the incidents.
• IT teams plan to strengthen data security in the cloud by enforcing stricter security policies (41%) and training employees (39%). They are likely choosing these less costly measures due to lack of financial support from management.
• Only 19% of educational institutions are ready to move their entire infrastructure to the cloud, down from 32% in 2018.

“Cloud technologies help educational institutions manage vast amounts of data cost efficiently. However, these organizations cannot rely solely on their cloud providers for cybersecurity.

“To keep sensitive data like student information secure, security pros must: 1) help their business colleagues understand that while security might be expensive, being insecure is even more so; 2) work with management to learn how to use their limited budgets more efficiently to keep find and secure sensitive data,” said Steve Dickson, CEO of Netwrix.

“While the top-tier cloud providers do an excellent job of securing the services they provide, they do not secure the applications or data that you host there. You are responsible for making sure that the data you put on IaaS is locked down appropriately. It’s not the provider’s fault if you leave your data unprotected. Identifying responsibilities is critical to secure use of the cloud.”