Our statement on the recent PowerSchool Data Breach:
The recent data breach at PowerSchool demonstrates the critical importance of cybersecurity across our nation’s schools. Data losses impact parents and students, with young people suffering potentially severe consequences as identity fraud can go years before being detected. This incident should serve as a wakeup call for school administrators and IT professionals.
GG4L, like most vendors, takes data security seriously, and we have invested to secure SOC2 certification. But we believe this is not enough for the EdTech ecosystem. As one of the leading data exchanges in K12 education, we help connect thousands of districts to their digital application vendors. However, the current model for cloud applications requires copying data from districts to all their vendors. This creates significant risk, as K12SIX, an industry association, has found that over half of student data breaches occur in vendor systems, not districts.
The IT industry is moving toward “zero trust” models across technology infrastructure. That means no system should be trusted and barriers should be erected to reduce and restrict avenues of loss. GG4L believes this model should be adopted for school EdTech ecosystems, where data is not copied to vendors, therefore removing them as avenues of data loss.
To accomplish this, GG4L has been working with the 1EdTech community to introduce tokenization as a standard for data sharing. This approach is common in financial technology and involves replacing personally identifiable data with tokens. In the case of a breach, all that cyber criminals can access are tokens, not data.
This proposed “OneRoster Privacy” model will allow districts to mask various fields they send to vendors, substantially lowering their cyber risk. Our platform also provides services to make this transparent to vendors, allowing easier adoption. We call on our vendor colleagues and school district leadership to use this unfortunate incident as an impetus to adopt a “zero trust” ecosystem approach using OneRoster Privacy.
For more information on implementing a zero-trust ecosystem in your school, please read the following:
Urgent Call to Adopt a Zero-Trust Ecosystem
Zero Trust for K-12 Schools
Implementing Zero Trust in K-12 Schools
