KADERA
Dashboard Districts Assessments Reports Vendors Renewals E-rate
Break glass
JR
Cloud & SaaS infrastructure
The off-prem cloud surfaces that touch district data — IaaS the district provisions and non-productivity SaaS holding district data — and the practice around securing them. Microsoft 365, Google Workspace, and the identity backbone are captured in their own domains, not here.
Capture progress
5 of 5 fields captured
Maturity preview · Defined

Inventory

Every cloud surface that touches district data — one row each. IaaS and SaaS share one list, distinguished by the surface type. Tag each surface's data sensitivity and its actual access posture; the access posture here is per-surface reality, distinct from the estate-wide practice captured in F2.

Cloud surface 1
Cloud surface 2
Cloud surface 3
Cloud surface 4
Cloud surface 5
Cloud surface 6
1 sensitive surface without SSO+MFA · operational risk surface

Practice

Security controls applied across the cloud estate. Check all that the district enforces as standard practice. Anchor: NIST CSF PR.AA-3, PR.AC-7, DE.CM-7.

Who has the keys to manage cloud surfaces — billing, user provisioning, tenant-wide configuration. Distinct from server admin (captured in Servers F4) — this is cloud-tenant admin. Anchor: NIST CSF PR.AA-1, CIS Control 5.

How new cloud subscriptions and SaaS tenants get provisioned. Captures shadow-IT risk — departments procuring SaaS without IT review is a common K-12 pattern. Anchor: NIST CSF ID.GV-3, ID.SC-2.

Notes

Free text — migration planning, vendor relationships, mixed-tenancy detail, anything the rubric doesn't otherwise capture.