Emerging Technology (Enhancing, Engaging, Connecting)
BYOD Changes Everything
Institutions should develop effective "bring your own device" programs.
- By David W. Dodd
- January 1st, 2014
Today nearly all students coming to campus bring multiple devices. Research by the EDUCAUSE Center for Applied Research (ECAR) shows that nine out of 10 freshmen bring their own computers, and nearly seven out of 10 bring smartphones as well. Essentially all these devices have built-in WiFi. Yet many campuses are not prepared. Indeed, one of the common assumptions behind most technology programs is that of a “controlled environment.” That is, networked devices must be individually screened and certified for the network, computers are only fully embraced if they are part of the campus domain structure and security is oriented primarily to external threats. Successful BYOD initiatives change all of that.
Effective BYOD programs are based on a number of considerations Five are discussed here.
Policy and Legal — When personal devices replace institutionally owned computers, it is typically the case that institutional work-products and information is stored on personal devices. This is common when there is little in the way of a private cloud infrastructure and a secured intranet where these informational assets can be stored and accessed virtually. This can precipitate a number of issues including information security, intellectual property and e-discovery, among others. The proper time to deal with these issues is before an incident occurs, and the proper way is through a combination of policy and technology. Technology, because cloud-based systems that are accessed through the web typically have minimal need for storing information locally. Policy, because members of the community need to understand their responsibilities associated with institutional information as it relates to their personal devices.
Networking — WiFi networks have been engineered to prevent “rogue” devices from gaining access. In a BYOD environment, the challenge is differentiating legitimate user devices from those that are true threats, and facilitating the onboarding of legitimate user devices. For forward-looking network providers such as Aruba Networks, BYOD capabilities are engineered into the design. Aruba is recognized for their ease of onboarding and certification for users’ mobile devices while maintaining security. They even provide seamless wireless solutions for stadiums so that e-commerce can be conducted by event attendees from their devices with WiFi — no small task. Cybersecurity — Security practices must evolve in a BYOD environment. BYOD campuses are no longer trying to keep users’ devices off the network, we are welcoming them in — at least into a secured area. Those provisions, such as multilevel security zones, need to exist, and they must be effective. Mobile platforms such as Android and iOS are increasingly targeted for cyberattacks. Therefore users need to assume responsibility for properly safeguarding their personal devices, including virus protection.
Authentication — Two prevailing strategies have been employed for differentiating between legitimate users and their mobile devices and those that are threats. The first is to designate the device itself as “authorized” to access the network. This was long the practice in traditionally controlled environments where personal devices were anathema, and by their nature represented threats. But focusing on mobile devices is a time-consuming and often difficult task that represents significant delays and frustration for users. The other method is to perform the authentication based on the credentials of the user. In this approach, users with valid credentials log onto the network using their devices, which are then granted authorized access. (And remember, most users have several WiFi-enabled devices.)
This isn’t a perfect approach, of course, because a previously authorized device could be lost and in turn used by someone who isn’t a sanctioned user. Because savvy organizations utilize multilayered security, this shouldn’t represent a significant problem. User authentication is the emerging strategy for granting access in a BYOD environment. This assumes the user authentication system is up to date and has operational integrity.
Mobile-friendly information systems are an increasingly important part of effective teaching and learning environments. As noted by the Horizon Report by the New Media Consortium, and numerous other sources, today’s students expect mobile-friendly systems and respond very well to them.
Well-designed BYOD programs can leverage the technology already owned by users to create a more robust, seamless technology environment. Planning and forethought are key ingredients.
This article originally appeared in the January 2014 issue of College Planning & Management.
David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or email@example.com.