Tyrell Schwab, Ana Escamilla, Director of Information and Communication Technologies Felix Salinas, Maria Moreno and Lee White at Northwest Vista College

Oct 27 2017
Digital Workspace

Mobile Management Solutions Keep Data Safe on Campus

With users on the move, software solutions manage access to protect institutional data.

With data breaches occurring at a record pace this year, IT Director Felix Salinas has done everything he can to ensure Northwest Vista College in San Antonio isn’t victimized, including investing in an enterprise mobility management solution this past summer.

Salinas is still in the early phases of deploying VMware’s AirWatch EMM software, but what he’s done so far — securing employees’ email on college-owned tablets — is already giving him peace of mind.

“Data security is the main reason,” he says. “Our employees use the devices for business-related situations, but they also work with students and handle a lot of student data.”

As personal and campus-owned mobile devices continue to proliferate in higher education, many institutions are implementing EMM, a suite of software that lets IT staff centrally configure, manage and secure smartphones and tablets.

In recent years, software vendors that initially offered mobile device management have added application and content management tools, empowering IT departments to effectively manage and secure mobile apps and data. EMM solutions from the likes of Citrix, IBM, Jamf, Microsoft, MobileIron and VMware help to enforce security policies, such as password protection and access control.

IT administrators can also encrypt data and block users from copying and pasting, printing or sharing files. For users’ personal devices, IT can isolate institutional apps and data in an encrypted, secure container that’s separate from personal apps and data, says Jack Gold, principal analyst at J.Gold Associates, a technology analyst firm.

“It’s like an encrypted vault that keeps university applications and data away from your personal stuff,” he says.

IT leaders say that EMM also complements BYOD policies and supports device agnosticism, both important in higher education.

“With mobile protection tools, we can craft a strategy that achieves balance, protecting institutional information and people’s privacy,” says David Hotchkiss, vice president and CIO of the Medical College of Wisconsin.

SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!

Email and File Encryption Allows for Safe Sharing

At Northwest Vista College, Salinas and his team have used AirWatch to secure about 100 college-owned tablets that administrators and faculty use: a mix of Apple iPad devices, and Samsung Galaxy and Microsoft Surface Pro tablets.

Salinas subscribed to the cloud version of AirWatch, but he’s also testing the on-premises version. His staff uses a web-based management console to remotely set security policies. The first rules he’s enforcing for those tablets are password protection and email encryption.

The college provides a portal website for more than 17,000 students and 1,000 staff to securely access email and university applications. However, many employees prefer to set up email on their devices’ built-in email app because it’s a better user experience. As a result, email security is priority, Salinas says.

“AirWatch is like a middleman for security, and encrypts our email,” he says.

Next, he plans to explore encryption for documents, such as files downloaded from cloud storage.

Personal Device Management Remains a Sensitive Topic

Northwest Vista College doesn’t need to require students to enroll their personal devices on AirWatch because they access everything from the secure portal. But the IT department has launched a test pilot with staff as it considers requiring employees to install the EMM platform on their personal smartphones and tablets.

Most employees bring at least one mobile device to campus, and some use them for work. While campus policy requires employees to use the portal, the IT staff knows that employees can easily use the email app and store college data on their personal devices. Both practices ­create risk.­

At the same time, Salinas says, IT staff must tread carefully, because managing personal devices is a sensitive subject for employees accustomed to academic freedom. His strategy is to educate users on how EMM will maintain their privacy while protecting the college against data breaches.

“They may be concerned about the ‘Big Brother’ aspect, but we have to explain that we are not monitoring them, and that this is really helping to protect the business and data,” Salinas says.

Medical Schools Require Additional Security

In Milwaukee, the Medical College of Wisconsin has deployed a different strategy by managing all mobile devices, including employees’ and students’ personal devices. That’s because MCW deals with a lot of sensitive and confidential data. The college has about 1,470 students, 700 recent graduates in residency programs at its affiliated hospitals and 5,660 faculty and staff.

The IT department manages traditional campus data, such as student and employee records, but the college is also a national research center, so that information must be protected as well. In addition, clinical faculty and residents often use personal smartphones and tablets to access patient records and other hospital resources, so those devices must be secured.

MCW uses AirWatch to enforce whole-device encryption on about 4,000 smartphones and tablets, 80 percent of which are personal devices, says Hotchkiss. “Our policy is, we don’t care if you own it, it has to be secured if you are using the device for MCW business,” he says. “Some organizations do a siloed approach around email or a group of apps. The problem is that people can still use their personal devices any way they wish. They can photograph or text something or use an insecure app, so we believe it’s best to encrypt the entire device.”

There are exceptions to MCW’s EMM policy. If faculty members only need email access and are willing to access it over Outlook Web Access, then AirWatch is not required. IT enforces this policy via monthly audits. If it finds that users are retrieving email using their personal device’s email client, without AirWatch installed, then staff will disable access.

Privacy isn’t a concern, Hotchkiss says, because IT staff can’t see what apps people use on personal devices. For college-owned devices, the IT department can see only the list of apps used.

The college also does not turn on location services. But if college-owned devices get lost or stolen, IT staff will use AirWatch to remotely erase them, Hotchkiss says. And if a personal device goes missing, IT administrators will encourage the user to approve a remote wipe. Regardless, college data is protected. “It’s encrypted, so we don’t lose information,” he says.

MDM Adoption Rises at Penn State

Pennsylvania State University takes a decentralized approach, letting each unit decide whether to use mobile device management (MDM) software. But in the past two years, adoption has increased, says Justin Elliott. He’s an IT manager in the Teaching and Learning with Technology (TLT) unit, which helps faculty incorporate technology in the classroom.

For the past several years, TLT has used Jamf’s Casper Suite (now called Jamf Pro) to manage its own mobile devices (almost 700 managed iPads that are available to the entire campus), Elliott says. But last year, TLT opened up its MDM service to the rest of the university. It hosts the software on its servers, letting the IT staff of individual units manage devices through a web-based portal.

So far, 16 IT units have subscribed to the service to manage university-owned devices used by students, faculty and staff. That includes Penn State’s Intercollegiate Athletics, which gives iPads to student athletes for both academic and team resources, such as playbooks, says Gretchen Kuwahara, TLT’s lead for the MDM service.

One benefit of participating, she says, is that Athletics IT department staff can centrally configure and manage these devices, which speeds up deployment and saves hours of time that they used to spend configuring each iPad.

Each unit uses MDM differently. When iPads are used in a shared space, some units lock them down to only a single app. For example, iPads are sometimes used as digital signage or to check students in to class, says TLT Systems Administrator Matt Hansen.

The athletics department requires passcode protection and configures its iPads to authenticate and connect to the Wi-Fi network and sync students to their email and calendar.

“Athletics took a fairly hands-off approach. They don’t lock things down,” Hansen says. “But if an iPad gets lost or stolen, they can wipe the device and make sure data is destroyed, like academic work.”

Overall, IT leaders say EMM is a key tool in safeguarding data on mobile devices on campus.

“Data breaches are occurring at an alarming rate in higher education,” says Salinas. “We have all these mobile devices coming on campus, and it’s continuing to grow. We have to manage them like we do desktops and notebooks to ensure that our data is secure.

photography by Josh Huskin

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.