BYO by Design

The recent invention of the phrase “Bring Your Own Device” seems to have got educational organisations agonising about something we’ve been doing routinely, indeed relying on, for at least 15 years. Whenever you send a member of staff home with some work to do but no laptop to do it on, or provide a webmail service for students, or invite a visiting academic connect their device to your network, you’re inviting BYOD. Most of the time that’s a benefit (imagine how inefficient we’d be if we could only work 9 to 5 in the office, or on corporate laptops the size of small suitcases), sometimes it creates a new risk to information.

Indeed, since people in education are generally smart and innovative, even if you don’t invite them to use their own devices for work, they’ll probably work out a way to do it anyway. Network sockets are fairly easy to connect personal devices to, wireless networks even easier. BYOD is happening, our choice is whether we ignore it or embrace it. So I’d like to propose another meaning for the acronym – Bring Your Own by Design.

Most universities and colleges already design their wireless networks on the assumption that foreign devices (whether owned by students, staff or visitors) will need to connect to them. The eduroam service provides a global authentication system for those in education so your wifi network can choose whether to offer no connection (or only local information) to a non-member, a connection to Janet and the Internet to authenticated visitors from other education organisations, or a connection to the internal network for your own users.

So maybe we should also be consciously designing our information services on the same assumption: that our users will be connecting and logging in from their own devices? There are still controls that can be implemented on the server side to manage whether such a device will automatically download a complete mailbox and calendar, only the messages that the user manually selects, or only ‘moving pictures’ of a remote desktop. And since users are already taking information out of the buildings, on paper even if not in digital form, we already need to raise their awareness of the risks of carrying and using information and help them do it safely. In most organisations there will be a few places where personal devices aren’t appropriate because of the sensitivity of the information and systems held there but, again, we should already be pointing out those areas to those who can enter them and requiring special policies and ways of working.

If we’ve designed our systems and processes to remain secure on the assumption that BYO will happen then it shouldn’t be an unpleasant surprise when, just after Christmas or a birthday, it does.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *