AWS Public Sector Blog
Five need-to-know facts about using the AWS Cloud for K12 cyber-resiliency
K12 and primary schools across the US have experienced increased cyber threats in recent years, with cyberattacks jumping from 400 to 1,300 over a three-year period. As a result, sensitive information—including personal family issues, behavioral data, and financial information—was stolen by hackers and disclosed. The negative impacts of a cyberattack can be long-lasting, with loss of learning ranging from three days to three weeks and recovery time requiring anywhere from two to nine months.
K12 leaders need tangible solutions and tactics for improving their school’s or district’s cyber-resilience in the coming school year, and Amazon Web Services (AWS) is committed to supporting schools and districts as they enhance the cybersecurity of their networks. Recently, AWS joined the White House, the Department of Homeland Security, and the Department of Education—among other leaders in the government and education community—to commit to improving the cybersecurity resilience of K12 education.
As part of this commitment, AWS created the K12 Cyber Grant Program, offering up to $20 million in AWS Promotional Credits to both new and existing K12 customers. Across 42 states, AWS garnered 400 applications from educational institutions, encompassing more than 20 million students, and has been collaborating with customers nationwide to promote school safety.
Education is also part of the ongoing effort by AWS to help schools stay safe. According to Arden Peterkin, executive director of information security at Gwinnett County (Ga.) Public Schools (GCPS), the business value of implementing a cyber resiliency and disaster recovery (CR and DR) capability—which GCPS embarked on with AWS in 2022—is multifaceted.
“(CR) and (DR) ensure the continuity of the school district’s technology-driven educational and operational processes, minimizing downtime and the loss of instructional time. This capability gives us confidence that we can sustain mission-critical services under emergency conditions and defend against cybersecurity threats, such as ransomware, that could lead to severe financial and reputational damages,” said Peterkin.
“Most importantly, it instills a sense of security and trust amongst our stakeholders, assuring them that the school district is proactive in maintaining the confidentiality, integrity, and availability of its information and technology resources.”
Read these five facts to learn more about using the AWS Cloud to make your school or district cyber-resilient.
1. It’s easy to customize your school’s cybersecurity
AWS supports 143 security standards and compliance certifications, including the Family Educational Rights and Privacy Act (FERPA), making it easy to customize solutions to meet your school’s unique security needs. Whether your school follows the National Institute of Standards and Technology (NIST) or Cyber Security and Infrastructure Security Agency (CISA) guidelines, AWS’s offerings allow K12 leaders to tailor their infrastructure to meet district or state Department of Education requirements.
2. Cyber-resilience doesn’t have to be expensive
K12 schools have a tall task: addressing rigorous security and compliance requirements while also managing tight budgets. The AWS Cloud aligns with common compliance standards while providing cost-effective security services that allow schools to identify and respond to cyberattacks proactively.
Recently, the Kalamazoo Regional Educational Service Agency (KRESA) was under pressure to scale its infrastructure without raising costs and while keeping student data secure. “After extensive research, I saw that Amazon’s infrastructure was miles ahead,” said KRESA’s IT infrastructure manager Michael Coats. “Coupled with significant cost savings, the AWS Cloud provided security tools and services like Amazon Inspector that would be otherwise unaffordable on premises.”
3. Upskilling your staff doesn’t have to break the bank, either
Cyberattacks and cybersecurity best practices are constantly evolving, but schools and districts may not have the budget or resources to consistently train and retrain their IT team to keep up with the latest malware.
AWS offers no-cost AWS security training to upskill and reskill K12 IT staff through the AWS Skill Builder, a digital learning center. AWS Skill Builder features 600-plus no-cost courses, including more than 40 security-focused courses like “Getting Started with AWS Security, Identity, and Compliance” and “Getting Started with AWS Security Hub.”
4. Choose EdTech vendors built on the AWS Cloud
Education technology companies (EdTechs) built on AWS are supported by the same 143 security standards and compliance certifications that protect K12 schools and districts. That means you can trust that EdTechs built on AWS are invested in their customers’ security, data privacy, and resilience.
When a cyberattack impacted the digital infrastructure of Baltimore County Public Schools (BCPS) in November 2020, operations were disrupted for three days. One of the few systems unaffected by the attack was Focus School Software, an EdTech that runs securely on the AWS Cloud. Locked out of their other systems, BCPS officials were able to use Focus to handle master schedule-building because the data was protected in the AWS Cloud.
As an additional security measure, AWS offers no-cost Well-Architected Framework security reviews to all EdTechs providing mission-critical applications to the K12 community. This ensures that schools and districts remain resilient and secure—even when a third party manages their data and infrastructure.
5. Streamline the procurement and implementation of security software
Procurement is a major pain point for many school IT leaders. With AWS Marketplace, the software procurement process is streamlined, making purchasing the security software you need more efficient and cost-effective. AWS Marketplace also provides a complete view of your school or district’s technology purchases, allowing you to manage spending in one place.
“Seeing our subscriptions from various software vendors and resellers holistically in one place has been super beneficial. Being able to click a button to purchase was also fantastic,” said Arizona Deputy State Chief Information Security Officer (CISO) Ryan Murphy.
Committed to K12 resilience
Meaningful cybersecurity should be available to all K12 schools and districts—regardless of your budget or team’s skill level. If you’re interested in learning more about the K12 Cyber Grant Program as well as other AWS initiatives to improve K12 cyber resilience, check out our program site.
To learn more, check out our solutions to support disaster recovery preparedness, data backups, and distributed denial of service (DDoS) protection:
- AWS Elastic Disaster Recovery will minimize downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.
- AWS Backup is a cost-effective, fully managed, policy-based service that simplifies data protection across on premises VMWare and AWS environments, creating immutable backups to protect against accidental and malicious incidents.
- AWS Shield is a managed (DDoS) protection service that safeguards applications. Together with Amazon CloudFront, Amazon’s content delivery network, AWS Shield can protect web applications hosted anywhere in the world.