While investigating a data import issue with a 3rd party data warehouse, I am slowly discovering the many ways 3rd parties can extract data from our Skyward database. With all the different ways 3rd parties can access our student data (APIs, ODBC, Scheduled Tasks, SkyBuild Exports, SIF), I'm worried about where my ignorance will get me in the event of a data breach. I am especially concerned that API access does not let us restrict or whitelist specific data fields 3rd parties have access to. It also cannot verify what data these 3rd parties are accessing.

With data security being an important focal point in today's digital age, I recommend Skyward add a tool that allows administrators to monitor and log 3rd-party access to our data via these data sharing tools . I also recommend Skyward add the ability to whitelist access to specific data fields through their API interface.

Thanks for your consideration.