Nov 17 2013

Colleges Take a Practical Approach to Mobile Security

Whether it’s using an MDM tool from an established security vendor or even using extensions within Microsoft Exchange, colleges look for cost-effective ways to manage mobile devices.

Thomas College in Waterville, Maine, had about 50 tablets in its library, elementary education lab and administrative offices, but lacked a way to secure the devices or keep abreast of what was going on with them.

About two years ago, the small liberal arts college with just under 1,000 students turned to Absolute Manage MDM. Vice President of Information Services and CIO Chris Rhoda says the mobile device management software gives him a framework to more effectively manage tablets and other mobile devices.

“We’re able to track usage, which applications were used and what’s changed, especially on devices students take out from the library,” Rhoda says. “We can also restrict certain settings on the device from being accessed by general users, push out standard settings and do automated distribution of mobile apps.”

Another big advantage: The software enables the IT department to remotely wipe a device if it’s lost or stolen.

Rhoda says the college uses the MDM software only for college-issued devices. Students, faculty and staff who bring devices to campus are segmented to another part of the network.

Phil Hochmuth, program manager for security products at IDC, says Thomas College’s adoption of MDM software makes sense. “Most of the traditional security vendors now have an MDM offering,” he says. “The MDM products are especially useful for organizations looking to lock down non-BYOD devices that are controlled by the IT department.”

Using Existing Tools

While many colleges opt for an MDM tool, Hochmuth points out that some organizations may prefer to use the security tools within existing products.

Berea College CIO John Lympany is exploring MDM, but in the meantime, uses the features in Microsoft Exchange 2013 to remotely wipe lost or stolen smartphones and to require smartphone users to employ passcodes to access campus email.

Lympany says this protects sensitive college communications and files that might be stored on the devices. He says Berea College also fully encrypts notebooks used by staffers who handle sensitive information.

36.5%The percentage of IT managers who say they have experienced a breach or data loss in which a mobile device was a factor

SOURCE: “U.S. Mobile Security Survey, 2013” (IDC, April 2013)

Berea College also recently upgraded network access control systems that are designed to ferret out devices connecting to the network that might be corrupted. The system places devices into remediation if virus protection is out of date or if the latest security patches aren’t installed. Lympany says the NAC tool focuses on BYOD mainly because updates are automatically pushed to college-owned devices.

“It’s nothing big, but these base system features give us the ability to manage multiple mobile operating systems, as well as notebook computers,” Lympany says. “For a small school like ours with about 1,600 students, they are great tools that we’ve been able to enforce with practically a 100 percent success rate.”

3 Tips for Mobile Security

Phil Hochmuth, security products program manager for IDC, offers IT managers these mobile security tips:

  1. 1. Use what you’ve got. Think about the mobile extensions to existing products or the mobile option to traditional products, such as those from McAfee, Symantec and Trend Micro.
  2. 2. Prioritize different types of users for BYOD. Assess the bring-your-own-device requirements for certain kinds of tasks. For example, in a business, it makes sense for knowledge workers and salespeople to have BYOD privileges. In a school or college, most teachers and professors would require BYOD.
  3. 3. Focus on the data. Ultimately, it’s the data that IT managers are concerned about. Take a data-centric approach to mobile security by, for example, installing data loss prevention tools.

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.