5 minute read time

Safeguarding Education: The Non-Negotiable Imperative to Protect Sensitive Data

by   in Portfolio

Like any other sector, the education sector is immersed in a digital transformation process to adapt to new trends and needs. One of the main drivers of this digital transformation was the global pandemic that forced us all to find new ways to connect and collaborate online, but which especially impacted the technological needs of the education sector.

Universities and colleges are investing in new technologies and consider digital transformation as a “essential” or a “high priority”[1] step and moving into cloud and online applications.

The implementation of these new technologies plays a critical role as educational institutions are increasingly relying on IT Services to manage student records, assignments, and other critical information. Students, teachers, professors, and other faculty members are using new technologies like Microsoft 365 for education to communicate in new and innovative ways. These new technologies offer a myriad of benefits, including interactive learning and collaboration, increased student engagement, and unprecedented access to teaching materials and tools.

Because of the aforementioned reasons, education is experiencing an explosive growth of information, but it also brings new risks and educational institutions need a secure and compliant environment to protect highly sensitive information and avoid damaging personal or institutional reputations.

[1] Inside Higher Ed., 2022 Survey of Campus Chief Technology/Information Officers, 2022


The Need to Protect Sensitive Data

Educational institutions are poorly prepared to defend their data and as shown in different tests, a skilled hacker can access sensitive information in a very short period. If we look at the student population, we can find that the “addressable market” is large, highly sensitive and potentially lucrative and according to a Microsoft report, 13% of the higher education sector has been infected with ransomware.

European Union figures:

  • In 2020, there were 93.3 million pupils and students enrolled in the EU across 6 education levels: pre-primary, primary, lower and upper secondary, post-secondary non-tertiary and tertiary[2].
  • 18.5 million of them were tertiary education students in 2021, of which 59 % were studying for bachelor's degrees[2].

US figures[3]:

  • If we look at US figures, 49.4 million students were enrolled in public elementary and secondary schools in 2021.
  • And about 19.0 million students attended colleges and universities (including non-degree-granting institutions) in fall 2021.

As technology evolves and transforms the learning experience, ensuring the security and privacy of the data of this large community has become a primary concern.

[2] https://ec.europa.eu/eurostat/web/products-eurostat-news/-/ddn-20220428-3 & https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Tertiary_education_statistics

[3] https://nces.ed.gov/fastfacts/display.asp?id=372#

The Rise of Microsoft 365

More and more schools and universities are adopting Microsoft 365 for education as it´s a platform that allows academic community meet, collaborate easily, organize classrooms and assignments, and access valuable information.

Microsoft 365 for education has been designed to maximize three key areas of the learning experience. Those are creativity, teamwork, and security:

  • Exchange 365 for education isn’t just email. Public folders, Calendars, Contacts, Teams messages and more are stored within Exchange folders.
  • Students and Teachers are using OneDrive for education to share files and folders internally more than ever.
  • SharePoint data structures allow for continued scalability and are constantly expanding by adding new content from students or institutions.
  • Teams is a platform that lets educators and staff meet, collaborate with ease, organize classrooms and assignments, and access insights for students and the school.

But is Microsoft 365 safe to use in the education sector? The short answer is “no”. As referred in our blog “What to Do if Your Country Has Banned Microsoft 365”, many countries have enacted bans on Microsoft 365 arguing that they took that step because they needed to protect the privacy and security of their citizens.

Schools and universities are managing highly sensitive data, and there´s a need to address compliance regulations. If we look at some of them:

  • In the US, one of the primary laws governing data security in higher education is the Family Educational Rights and Privacy Act enacted on 1974 (FERPA). It´s a federal law that grants specific privacy rights to students and their parents regarding education records. FERPA applies to all educational institutions that receive federal funding, including colleges, universities, and K-12 schools.
  • In UK, under UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA), schools must comply with the legislation and demonstrate that they’re complying. Everyone responsible for using personal data must follow strict rules called 'data protection principles’.
  • Within the EU, and under the terms of the General Data Protection Regulation (GDPR), an organization may be obliged to carry out a data protection impact assessment (DPIA). Educational institutions will become more accountable for the data they possess. In short, all organizations that process personal data regarding data subjects residing in the EU are subject to GDPR. 

In summary, Microsoft 365 is not safe when managing sensitive information and more importantly, it doesn´t backup institutions´ data on its own....

Why Educational Sector Needs a Unified Backup Solution?

With so much operational and sensitive data stored digitally, it is crucial for schools and universities to prioritize data backup to ensure that this information remains secure and accessible in the event of unexpected data loss. But why a robust backup solution is needed?

  • Protection Against Data Loss. The main reason for backing up data is to protect against data loss. As mentioned, the education sector is relatively large and vulnerable. In addition, Microsoft 365 is not safe for education as it offers no real data protection but data retention. In a school environment, data loss can be catastrophic, resulting in the loss of years of hard work, critical student records, or even financial data.
  • Maintaining Academic Continuity. Like in any other IT environment, natural disasters, power outages, or cyber-attacks can also occur. With a unified and reliable backup and recovery solution, educational entities can recover data quickly and efficiently, minimizing downtime and avoiding the need for expensive data recovery services. Furthermore, a unified approach will allow optimization of implementation as well as management costs.
  • Compliance with Data Protection Laws. Educational institutions are responsible for protecting student and staff data and ensuring that it is not accessible by unauthorized third parties. Data protection laws such as GDPR (General Data Protection Regulation) require institutions to implement appropriate security measures to protect student data.

OpenText Data Protection for Educational Institutions

Educational institutions across the world are using new technologies to teach, communicate, and collaborate in new and innovative ways. OpenTextTM Data Protector and OpenTextTM Data Protector for Cloud Workloads deliver trusted and proven Backup Solution for hundreds for institutions for over 30 years.

OpenText can provide these institutions with a unified approach to overcome key challenges, regardless of the type of environment. Who cares wins.

Be sure to connect with OpenText on Twitter and LinkedIn.

We’d love to hear your thoughts on this blog. Comment below.

The Online Community Team

Know your data | empower your people | drive your future


Data Protection