Dec 21 2015

Welcome to Bring-Your-Own-Access

As connectivity demands skyrocket, many colleges and universities frown on students providing their own wireless.

Take a quick peek around any campus and I bet you’ll find that students appear glued to their technology.

In fact, re:fuel Agency’s 2014 College Explorer report shows students spend average of 38.1 hours per week on computers, plus an additional 29.3 hours on mobile phones and 6.4 hours on tablets.

Thanks to rampant bring-your-own-device policies — EDUCAUSE refers to this as “the new normal” on campus — connected devices are just as prolific among higher ed faculty and staff.

And many colleges and universities strive to accommodate wireless infrastructure demands by diving headfirst into network optimization initiatives. Far fewer institutions have prepared for the latest growing IT trend: bring-your-own-access (BYOA).

The Trouble with BYOA

With BYOA, students, faculty, staff and visitors may circumvent university-installed wireless access points (APs) and instead use the AP capabilities of a smartphone or other devices to access the wireless network.

Personal or rogue APs are generally considered bad news for campus networks, particularly in terms of security. Users who connect to the campus network through a personal AP are invisible to an institution’s authentication infrastructure. Personal APs function as a back door to a campus network, granting access to unauthorized users and devices. They also increase an institution’s vulnerability to man-in-the-middle attacks aimed at stealing unencrypted data.

Equally problematic for IT staff, an abundance of personal APs on campus will significantly interfere with a university’s complex network design. IT professionals work hard to ensure that university-installed APs cooperate to create reliable coverage. A rogue AP will occupy one or more of the few available 2.4GHz channels, diminishing network performance for approved users.

Higher Ed’s Response

In answer to the serious security and connectivity concerns created by personal APs, many colleges and universities have chosen to prohibit or restrict BYOA. The University of Virginia, for instance, bans personal APs in its Security of Networked Devices policy and instead asks students and staff to contact the wireless team if greater Wi-Fi coverage is needed.

Iowa State University has taken a less hardline stance, stating in its wireless policy that departments may purchase and install APs as long as they meet current and future campus wireless standards.

The University of California, Davis allows students to install personal APs in certain residential buildings, and offers detailed guidelines for registering hardware addresses and securing APs and routers. The university holds students accountable for all traffic running through their APs.

The University of Wisconsin-Madison offers similar allowances for dormitory residents; however, policies stipulate that university IT are not available to help personal AP users troubleshoot their connections.

A Look Ahead

While it’s clear that colleges and universities are taking a varied approach to controlling the use of personal APs, technology advancements and changing expectations could soon make it more difficult for institutions to continue restricting BYOA. IT teams may want to get a head start on developing local policies, procedures and workarounds that will protect and maintain the integrity of their campus networks as the trend continues to take hold.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.

Rawpixel Ltd/ThinkStock