From tablets to notebooks, students and faculty are increasingly bringing devices from home to the college classroom for both educational and personal reasons. Once they arrive, they expect to be able to join those devices to the network, either to access shared resources or simply to connect to the Internet. Whatever an college's stance on the “bring your own device”(BYOD) trend, a few simple tips can help protect the network.
1. Start with policy.
As with any IT security matter, it’s always best to start with a statement of the college’s policy on BYOD. This requires coordination with any applicable security requirements as well as with the IT chain of command inside the college. A policy governing this type of activity in the agency may already be in place. Both users and administrators will appreciate a clearly written statement of what is and is not acceptable use of personally owned devices and who is eligible for BYOD programs.
2. Consider segmenting the network.
One of the best controls for protecting the agency network from the risks borne by personally owned devices is to create a separate wireless network specifically for these devices. This restricts users’ ability to put university-owned devices at risk by limiting their access to other parts of the network.
In the case of faculty and students who simply want to gain access to the Internet, this approach should be sufficient. If users need to access university resources, they may do so by first connecting to a virtual private network from the BYOD network. Chances are good that the college already has a VPN set up for teleworkers and has controls in place to limit the damage that outside computers can cause higher ed systems.
3. Develop security configuration requirements.
The college should also clearly state the security requirements for different devices and may wish to consider limiting BYOD devices to those that have been preapproved and are governed by configuration standards.
Want to Learn More? Don't Miss Our Free BYOD Webinar!
Thursday, May 3, at 2 p.m. Eastern
For example, security requirements for smartphones might dictate the following:
- Devices must be configured with a screen-lock passcode;
- The college retains the ability to remotely wipe the device if lost or stolen, or if the individual’s employment is terminated;
- The college retains the right to prohibit certain risky applications from being installed on devices connected to university networks;
- Representatives from the college may audit the device for compliance with security requirements at any time;
- Devices must be configured to encrypt all user data using a university-approved encryption algorithm;
- Users are prohibited from storing university data on cloud services through the device.
4. Draw the line between agency and personal responsibility.
It’s easy for users of BYOD devices to quickly blur the line between university and personal responsibility. The university support staff should clearly define the level of service that it will provide for personally owned devices, from some support to no support, and varying amounts in between; for example:
- BYOD support may be limited to certain university-approved activities, such as checking university e-mail accounts, using a calendar and expense reporting;
- BYOD support may be provided “as available,” or by limiting the time spent on BYOD support tickets;
- BYOD support may be provided only for initial setup when connecting BYOD devices to the university network;
- BYOD devices, while allowed, may not receive university IT support.
The BYOD movement is being propelled by the rapid adoption and ubiquitous nature of smartphones. As these devices increase in variety and number, colleges undoubtedly will encounter a growing number of users who want to connect to university networks. By following the advice presented here, colleges can ensure that they remain a step ahead of this trend.