Education Horizons’ Cloud – Staying ahead of school cyber threats

More sophisticated attacks, more often: The modern school cyber threat environment

All schools today, and private schools in particular, face significant threats from a widening range of malicious Cyber Threat Actors (CTA) across an even wider range of attack routes – including phishing, brute force attacks, malware and ransomware. The recent Australian Signals Directorate cyber threat report for2024 confirmed that private schools remain a primary cyber target for malicious actors – due to the volume of sensitive data that schools hold (across enrolments, community records, finances, payments, learning progress, well being and medical care etc). While education technology is now increasingly common across schools, the quality, coherence, strategic deployment and security posture of these system is highly variable – reinforcing the attractiveness of schools as targets. Constant investment in new and more powerful cyber-attack tools and approaches – including turbocharged AI-driven cyber-attacks – means it is harder and harder for schools to stay ahead of modern cyber threats. To access the sophisticated modern security defences required to stay ahead of an evolving cyber-threat environment, more and more schools are turning to modern cloud architecture and design –including Education Horizons’ Cloud model developed in partnership with AWS.

‍

Education Horizons’ Cloud –Modern Architecture, Modern Security

Education Horizons’ Cloud draws on modern cloud architecture and design, in partnership with AWS, to deliver everything schools depend on in their core education technology systems together with all of the modern security and reliability benefits of the cloud. At its core, modernCloud architecture and design shifts schools away from the cost and risk of dedicated server models to an “ephemeral computing” approach across the AWS server network – supporting virtually infinite scale, unparalleled reliability/ uptime and full browser access.

Alongside performance and cost benefits, modern ephemeral computing is inherently more secure than on-premise and other hosting options – because it shifts away from reliance on dedicated services. This important because dedicated servers represent potential static points of vulnerability where threat actors can focus their attacks. In contrast modern ephemeral computing architecture and design removes these static attack points from school systems. In addition, modern cloud architecture and design allows for next generation cyber security to be deployed in a multi-tiered security model known as “Defence in Depth”.

‍

Defence in Depth – multifaceted threats require integrated multi-tiered security

Modern cyber-threat actors come in different shapes and sizes. From individuals and local actors to organised multi-national criminal groups and even sovereign states – the sheer diversity of threat actors is matched only by the growing diversity and sophistication of attack tools and methods. This means any modern security system must work across multilayers, or tiers in a coordinated way to stay ahead of evolving threats. This is basis for adopting the military defensive strategy “Defence-in-depth”.

Defence in depth is “an architectural design based on military strategy that requires attackers to breach multiple lines of defence.”In information security terms these layered defences have been categorised asVisibility, Prevention and Remediation – or:

• The right underlying server model
• A strong front door and perimeter defences;
• Active in-system detection and response;
• Automatic software upgrade management; and
• Fast and effective restoration of service post incident – or powerful business continuity

Together with our partner AWS, Education Horizons developed out Cloud model to specifically provide schools with fully integrated defence-in-depth for our software across all 5 tiers. Given the legal, ethical, financial and reputational risks school leaders face, Education Horizons’ Cloud defence-in-depth is essential for schools to stay ahead of the evolving cyberthreat environment.

When considering the timing of each school’s shift to modern cloud architecture and design, it is important to understand how each of these defence in depth layers work together to secure data.

‍

Underlying server model

Ephemeral computing and the move away from dedicated servers

On premise, traditional hosting, lift-and-shift hosting and co-locate hosting options all rely on dedicated servers. Whether they are physically on site at a school or present at a co-location hosting facility – each school’s system is reliant on a few fixed points of vulnerability.

Modern cloud architecture and design has shifted beyond these fixed points of vulnerability. Instead, a new computing model known as ephemeral computing is allowing cloud providers to deliver improvements in security, reliability and performance.

“In the context of infrastructure, the term “ephemeral infrastructure” refers to computing resources or components that are created dynamically and destroyed as needed, rather than being persistent and long-lived. This allows for greater flexibility, scalability, and ease of management in cloud-based or other dynamic computing environments.”

Why ephemeral and immutable infrastructure is so important in Cloud Native environments | by Luis Serra | xgeeks | Medium

Instead of drawing on one or more dedicated servers, ephemeral computing models aggregate server capacity from across a network of servers based on continuously changing configurations.

“Ephemeral systems are designed to have a short-lived lifespan, minimising the exposure of sensitive data and reducing the attack surface. These systems leverage ephemeral computing resources, such ascontainers and serverless functions, which are created on demand, used for aspecific task, and then discarded.”

Enhancing Security with Distributed,Immutable, and Ephemeral Systems | by Hong | Medium

Moving away from dedicated servers and fixed points of vulnerability is the first critical step in establishing modern defence-in-depth for schools, made possible by modern cloud architecture and design. This “ephemeral” underlying server model represents the first layer or tier in Education Horizons’ cloud security.

‍

Securing the ‘front door’ and perimeter of your system

User authentication – Single-Sign-On (SSO) + Multi-Factor-Authentication (MFA)

The first step to securing the “front door” of any cloud-based system is user authentication – or how the system ensures that only those with access are allowed to enter the system.

Basic authentication through traditional usernames and passwords remains subject to a range of threats and risks, including:

• Weak and easily identifiable username and password combinations that are more vulnerable to “brute force” attacks – turbo-charged by modern computing capabilities;
• Poor username and password management by users makes it more likely that unauthorised actors will be able to gain access to credentials and systems; and
• Traditional / Basic authentication practices make usernames and passwords vulnerable at multiple points including when they are created, updated and shared between system administrators and users

Modern tools, architecture and design are allowing users to move beyond basic authentication through traditional username and password options, to access advanced user authentication via a combination of:

• Single Sign On; and
• Multi Factor Authentication

With modern cloud architecture and design, system owners can apply their own trusted user authentication method (often Microsoft or Google) across all their applicable cloud software via a Single Sign On user authentication. As the name suggests, users can then avoid the need for multiple usernames and passwords with each held separately and each presenting a separate point of vulnerability.

In addition to SSO, modern cloud architecture and design supports combining Multi-Factor Authentication processes to elevate each school’s user authentication. This means that in addition to their single sign on username and password, users are required to confirm their identify through one or more additional means – such as an email confirmation and or a mobile phone confirmation. It is important to note that “phishing” is one of the first cyber-attack vectors in the world and remains one of the most common threats today. Cyber threat actors use phishing to contact people with access to a system and trick them into providing their user credentials – allowing the threat actor to gain access. The advent of Generative AI has turbo charged the ability of threat actors to conduct broad scale and highly believable phishing attacks, increasing the likelihood of malicious actors getting access to valid user credentials. In these instances, MFA becomes an essential tool to ensure such breaches do not result in unauthorised system access.

This is a good example of the power of multi-layered or multi-tiered defence-in-depth, even at the point of system entry– where a potential breach of one layer of front door security (username and password) is not enough to breach the system.

By combining a trusted single user authentication tool, with Single-Sign On capability and Multi-Factor Authentication, through modern cloud architecture and design, schools materially reduce the risk of unauthorised access via the “front door” of their systems.

‍

WebApplication Firewalls (WAF)

In addition to stronger user authentication practices, continuous protection across each system’s perimeter is available in modern cloud environments through next generation Web Application Firewall technology– delivered as part of Education Horizons’ Cloud.

Web Application Firewalls work dynamically across ephemeral computing cloud environments to detect and block potentially malicious cyber threat actors from accessing a cloud system

These systems protect against a number of threats including:

• Distributed Denial of Service attacks which can shutdown critical software by disrupting the normal traffic of a targeted server, service or network by overwhelming the target – or its surrounding infrastructure with a flood of internet traffic; and
• Approaches from users who are working from a known dangerous IP address

Modern cloud architecture and design allows for theseWAF defences to operate across the ephemeral computing environment in a controlled way – ensuring users can safely enjoy direct database access in a secure and controlled environment. In traditional and alternative hosting options, WAF tools are of limited utility and where they do function to do not allow direct database without corrupting the system’s perimeter defence.

As a result, effective WAF tools are only available in modern cloud computing environments such as Education Horizons’ Cloud.Traditional hosting, lift and shift and co-located self-hosting environments generally lack the architecture or design to support this modern defence in depth layer. Transitioning to modern cloud environments is the best path to access the additional perimeter strength and security of modern WAF tools and technology.

‍

PhysicalSecurity

In addition to security in the cloud, physical security of Education Horizons Cloud infrastructure is a critical component of the system perimeter defence layer. Education Horizons; cloud physical security is provided by our partner AWS delivering:

• Redundancy through multiple data centres and automated traffic management;
• Continuous layered employee and third-party access controls;
• Continuous access monitoring, logging and review;
• Integrated physical entry-point controls, CCTV and electronic intrusion detection;
• Central asset management and media destruction (NIST800-88); and
• Industry leading operational system and infrastructure management

By combining these layers of physical security, AWS delivers the highest standard of physical system security available in today.As a modern cloud provider, AWS is able to combine investment from its entire customer base to deliver industry leading security at scale – elevating the security of school systems and the data they hold.

‍

In-system detection and prevention

Education Horizons’ ephemeral compute model means cyber threat actors cannot focus their entire capacity on dedicated servers, until a breach is identified and exploited. However, with the benefits of ephemeral computing through modern cloud architecture and design comes the need for next generation security tools and approaches. The most important of these is next generation 24/7 pattern monitoring and identification as part of a structured, multi-layered Defence-in-depth approach.

In this model, 24/7 pattern monitoring and identification operates by identifying and responding to activities which are outside the normal or expected patterns of system access and use. For example, modern monitoring tools and approaches focus on deviations from normal or expected:

·      Behaviour – abnormal data ingress regress; functionality being used abnormally;

·      Timing of activity – access and activity outside of normal business or waking hours for a particular user; and

·      Unexpected source countries for different actors

Modern monitoring and detection tools rely on a layered combination of technology-based and human analysis to review and escalate potential threats. Within the Education Horizons’ Cloud model, concerning activities are then made available to the Education HorizonsInformation Security team for review and response.

While similar tools are deployed in traditional hosting environments, dedicated server vulnerabilities in less sophisticated hosting environments and on-premise environments limit the overall security benefits of monitoring and detection approaches.

Only by fully integrating Ephemeral computing,Advanced user authentication (SSO + MFA), Network perimeter defences (WAFs and physical security), with modern Detection and response tools can schools stay ahead of modern cyber threats. Education Horizons’ Cloud, in partnership withAWS, delivers these security layers in a coherent integrated defence-in-depth model for every school – alongside

·      Education Horizons software upgrade management to ensure schools are on the latest version; and

Advanced business continuity to protect schools in the rare instances when a full system defence breach occurs

‍

Latest version – EducationHorizons software upgrade management

In addition to the underlying server model and tools protecting against unauthorised system access, securing school data depends on maintaining use of the latest version of your school software. Continuous investment by the world’s cyber threat actors demands continuous investment to protect school data. Our teams are continuously identifying potential threats, and constantly developing upgrades to our software to address these risks. This work can include both threat specific security upgrades or patches, as well as general software upgrades that deploy stronger design-based security within each system alongside new feature and functionality improvements.

For on-premise and self-hosted or lift and shift models, software upgrades require specific work by each school’s IT teams. This often requires setting aside time and resources to execute software upgrades.As a consequence, schools are often unable to maintain latest version software upgrades, potentially exposing them to known cyber threats for which there is an existing security measure.

By shifting to Education Horizons’ Cloud, schools can ensure they are maintaining latest version status without having to set aside upgrade time or resources. As a result school leaders know they are running the most secure version of their critical school software, without having to take responsibility for time, cost and hassle of latest-version software upgrade management. Together with integrated defence-in-depth across the underlying server model, system access, perimeter security and in-system monitoring, automatic latest-version software upgrades are a critical component of true defence-in-depth security for schools.

‍

Advanced Business Continuity

No matter how advanced a system’s on-premise, basic hosting, self-hosting or modern cloud architecture and design, it will never be possible to completely rule out malicious attacks. The fifth tier of true multi-layered Defence in depth is therefore post-incident response and remediation – or business continuity. Through advanced business continuity, made possible via modern cloud architecture and design, systems and users can get back up and running much faster and with minimal damage, disruption or dataloss compared to on premise, traditional and alternative hosting models.

The major focus for this area of work is lost data and time to restore function, measured by two key metrics:

• The Recovery Point Objective or RPO; and
• The Recovery Time Objective or RTO

‍

RecoveryPoint Objective

Recovery Point Objective refers to the point after a system issue when the system is able to recover data – or put another way, the maximum amount of data as measured by time that can be lost after recovery from an incident. This in turn determines the age of files that must be recovered from backup storage for normal operations to resume.

For on-premise systems, RPO is generally the responsibility of each school and the RPO standard will be determined by each users’ own recovery processes, tools, investment and response. Meanwhile for traditional hosting options, RPO standards can be up to 24 hours.

From early 2025 Education Horizons’ Cloud will deliver an RPO of 15 minutes – demonstrating the significant step forward in business continuity and incident response made possible by modern cloud technology.

‍

Recovery Time Objective

Alongside RPO, Recovery Time Objective refers to the upper limit of time required to restore service following a failure incident

For on-premise systems RTO, like RPO, is entirely the responsibility of the software user and the RTO standard is determined by each users own recovery processes, tools, investment and response. For traditional hosting options the RTO standard tends to sit again around the 24 hour mark.

For modern cloud offerings such as Education Horizons’ cloud, the RTO standard is significantly reduced to around 8 hours –demonstrating again how modern cloud architecture and design represents a critical step forward for schools in staying ahead of modern information security threats, attacks and malicious actors.

‍

Staying ahead of modern cyber threats withEducation Horizons’ Cloud

Shifting to modern Cloud architecture and design is the strongest method for schools to stay ahead of the rapidly growing cyberthreat environment they face today.

School cyber threats are only going to increase in volume, frequency and sophistication – with a particular focus on the significant volumes of highly sensitive data schools hold. To stay ahead of this threat, schools need to adopt multi-layered defence-in-depth strategies and systems that address vulnerabilities across each aspect of their technology operations:

• The underlying server model;
• “Front door” and perimeter system security – including physical security;
• Within-system monitoring, detection and response;
• Up to date software management and version control; and
• Post-incident business continuity

Modern cloud technology offers an inherent uplift insecurity through the move away from dedicated servers and toward ephemeral compute models - drawing on shifting configurations of temporary server capacity and removing static points of vulnerability.

However, along with the benefits of ephemeral compute models comes the need for next generation security tools to operate across all layers of the defence in depth approach, including:

• Strong user authentication through Single Sign On +Multi Factor Authentication;
• Network perimeter protection through Web ApplicationFirewalls and next level physical security;
• In-system 24/7 monitoring, detection and response through combined technology and human systems;
• Continuous delivery of latest-version EducationHorizons software upgrades; and
• Advanced Business Continuity through next level RPO and RTO capability

By building and integrating all of these next generation security layers into our modern Cloud offering, Education Horizons’Cloud schools are able to stay ahead of the rapidly evolving cyber threat environment that schools face. Together with our strategic partner AWS,Education Horizons is working with schools across all of our systems to move to next generation Synergetic Cloud, Engage Cloud and SEQTA Cloud options alongside our Cloud Native next generation Zunia platform.

To learn more about how Education Horizons’ Cloud can help your school stay ahead of modern cyber threats, please reach out to your customer success manager at customersuccess@educationhorizons.com, or our expert information security team at security@educationhorizons.com.

‍

Set your school up for success 

Take the next step in your school’s cyber security with Education Horizons’ Cloud developed in partnership with AWS. Talk to our experts about how we can help your school succeed. Call +61 1800 498 642 or +44 1935 403 020 or email customersuccess@educationhorizons.com or sales@educationhorizons.com