For schools, cyber resilience starts at the data layer

Key points:

Cyber resilience in education starts at the data layer.

That is because the data layer is where schools’ most important information lives and where recovery begins when something goes wrong. It includes the storage, protection, backup, snapshot, and recovery capabilities that keep student records, learning platforms, research data, and administrative systems available and recoverable. If that layer is not protected, schools will struggle to restore operations quickly.

The recent Canvas ransomware incident is a reminder of how exposed education environments have become. K-12 districts and higher education institutions manage large volumes of sensitive data while relying on digital systems for instruction, grading, exams, communications, research, and campus operations. These platforms have become essential to enabling students and educators to succeed in modern learning environments–and there is no going back.

However, these systems also represent a massive attack surface. According to a recent report, ransomware attacks against schools, colleges, and universities rose 23% year over year in the first half of 2025, underscoring that the threat is accelerating across the sector.

When ransomware hits, the challenge is not only stopping the attack. It is restoring trusted data and getting essential services back online without prolonging disruption.

That is why network security controls alone are not enough. Schools need a cyber resilience strategy built around the data itself: keeping it protected, identifying clean recovery points, and restoring critical systems quickly when an incident occurs.

What is the data layer?

In practical terms, the data layer is the foundation underneath the applications schools use every day. It is the layer that stores data, applies protections, creates recovery points, enforces access controls, and enables restoration after an incident. When people talk about resilience at the data layer, they mean making sure the underlying data remains trustworthy, recoverable, and available even if the surrounding environment is compromised.

Open learning environments carry risk

Schools are becoming far more sophisticated in deploying cybersecurity technologies, and many now follow mature defense-in-depth architectures. But educational environments are inherently designed for openness, collaboration, and constant access across diverse devices and cloud-based applications–creating a uniquely complex attack surface where even strong defenses can still be penetrated by a determined adversary.

When a breach occurs, the real question becomes whether the organization can recover its data and restore priority services quickly. If schools cannot identify clean copies of critical data or cannot recover them fast enough, even a limited attack can turn into a long operational disruption. Cyber resilience therefore has to extend beyond prevention and into the data layer itself.

Building resilience at the data layer

For schools, resilience at the data layer means protecting the systems that allow the institution to keep functioning. That includes the data behind learning platforms, student information systems, exams, grades, research environments, finance systems, and parent or student communications. If those systems are unavailable, then instruction, advising, administration, and campus services all slow down at once.

A resilient data layer combines several capabilities: strong access controls, immutable snapshots, protected backups, integrated monitoring, and well-defined recovery workflows. Just as important, it gives IT teams a way to identify known-good data, confirm it has not been altered, and restore services in the right order. The goal is not only to have copies of data, but to have trusted recovery points that can be used quickly under pressure.

Storage plays a central role here. It is no longer just passive infrastructure waiting for a restore request. When storage is part of the resilience strategy, it can help detect unusual behavior, protect recovery points from deletion or tampering, and support faster restoration of critical systems.

What a successful recovery strategy looks like

A strong recovery strategy turns those technical protections into an operating plan. It defines which systems come back first, who authorizes restoration, how teams validate trusted data, and how the institution keeps essential academic and administrative functions moving while recovery is underway.

Rather than trying to restore every system at once, schools should build recovery plans around the data and services that keep learning and campus operations moving. That means identifying which systems and tools must be restored first–and which clean recovery points are required to bring them back safely.

Recovery plans should also account for the complexity of education environments, where data may be spread across on-premises systems, cloud applications, hosted services, and third-party tools. Without clear visibility into where critical data lives and how recovery workflows connect, restoration can slow down when schools need to move quickly. Adopting a unified system can improve visibility, streamline coordination, and help IT teams restore priority services with less uncertainty and fewer manual steps.

At minimum, every education organization needs clear answers to five questions: Can we recover quickly? Can we recover cleanly? Can we verify that restored data is trusted? Can we recover consistently across on-premises and cloud environments? Can we maintain learning and student services while restoration is in progress?

Those questions force organizations to plan for the realities of an attack–helping schools define what must come back first, who needs to be involved, and where gaps need to be addressed before an incident affects classrooms or campuses.

Protecting the academic mission

As our educational institutions depend more and more on digital systems, we must do what we can to prevent attacks, but we also must assume that some attacks will succeed. True cyber resilience for schools therefore requires both the deployment of proven security technologies and robust backup and recovery capabilities that allow critical systems and data to be restored quickly after an attack

This is how we preserve the continuity of learning, trust, and opportunity for the millions of students who depend on these systems every day.

Katherine Hennessey, Everpure

Katherine Hennessey brings more than 25 years of experience at the intersection of technology, policy, and national security. As Head of U.S. Government Strategy at Everpure (formerly Pure Storage), she helps federal, state, and local agencies modernize with a unified data and storage platform built to store, manage, and protect data across on-premises, cloud, and hosted environments – supporting mission readiness, resilience, and AI-driven innovation. Katherine has served as a teacher, professor, and administrator at high schools and universities, including Georgetown and Rice Universities.

Latest posts by eSchool Media Contributors (see all)

Katherine Hennessey, Everpure

Source link