We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Categories
Articles

BYOD: About the Owners, not the Devices

The UCISA Networking Group’s conference BYOD: Responding to the Challenge looked at new developments in an area that has actually been an important part of Higher Education for at least fifteen years. Student residences have offered network sockets since the 1990s and staff have been using family PCs for out of hours work for at least as long. This has always created two challenges – supporting users on an apparently infinite range of hardware and software, and ensuring that user-owned devices do not create an unacceptable risk to users and information. More recently the growth in the number of devices per user has challenged wireless network provision (Loughborough University recently exceeded 8000 simultaneously connected wireless devices), but here it seems that new designs, standards and technologies are available to help.

On support and managing risks the best approaches seem to depend on engagement with device owners rather than technology. Since it is impractical to offer the same level of support for all devices and all applications, service users need to be involved in setting priorities. Here it is worth looking both for quick wins and applications where ‘BYOD-friendliness’ will have a high value to users and the organisation. Creating self-supporting communities of users is particularly helpful – IT services can facilitate this through on-line groups and face-to-face surgeries, then concentrate efforts on guiding users to the right approaches, rather than trying to provided detailed instructions for everything.

Working with device owners also seems to be critical to keeping information secure. BYOD could represent a risk to both the owner’s information and that of the organisation so there should be a shared interest in security measures such as good passwords, screen locks when devices are idle, encrypted communications and storage. The ability to remotely wipe a lost device can protect both owner and organisation, but there needs to be agreement on when and how it will be triggered (Mobile Application Management software may in future allow wiping of specific applications and their data). Sharing a device requires both the owner and the organisation to accept limits on how they will behave: organisations that insist on excessive monitoring and control represent a threat to device owners and family members who may share the device, just as owners who behave unsafely with information represent a threat to organisations and themselves. If the mutual benefits of convenience and efficiency are not sufficient to make these limits acceptable then BYOD is probably not the right solution.

An approach used by commercial organisations is to group services based on the technologies and behaviours required to protect them: access to calendars or room booking systems may only need encrypted communications (to protect passwords) and the ability to disable access if the device is lost; access to corporate applications may require additional authentication, filtering and the ability to remotely wipe stored information. Access can then be granted or denied based on the capabilities of the device and its owner and the importance of that individual having access to that application. The best approaches protect both owner and organisation, for example agreeing to keep personal and business information separate allows both parties to keep reasonable control of their information. Getting these benefits right will require discussions with owners on how they use their devices, how BYOD might change that and the supporting advice and services they will need. Pilot studies with volunteers seem most likely to produce effective approaches. BYOD will not be appropriate for all applications: if particular information or services require more intrusive protection than can safely be applied on a personal device that is likely to be shared with family members, then it’s in both parties interest to do that on a separate, organisation-owned device.

Some references:

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *