Aug 26 2019
Security

CYOD Programs Balance Mobility and Security in Higher Education

This BYOD alternative gives IT staff more control over mobile device management.
by

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

Colleges have saturated their campuses with Wi-Fi, and students, instructors and staff members have embraced mobility, using personal smartphones and tablets as part of their day-to-day routines. 

For most of this population, IT staffers need only provide lightweight support and training. 

But when mobile devices are not just personal conveniences but part of the institutional workflow, IT needs to step in and drive a more controlled, designed deployment. Here are three best practices to achieve great results with your next rollout.

MORE FROM EDTECH: Check out how the next generation of higher education students will push the demand for mobile-first education.

Get Executive Buy-In for a CYOD Program on Campus

Higher education is a stronghold of BYOD programs, especially compared to the corporate world. Good managers understand the limits of these programs, especially when it comes to specialty applications and data protection issues

In most cases, BYOD outsources the security of the device and any private data to the end user, along with the management burden. However, there are cases where BYOD is not a responsible way to provide mobile access

For example, the user and/or the device may have too much access to sensitive or protected information, or it may be a critical aspect of the workflow, and thus a job requirement as opposed to a convenience. 

56%

The percentage of organizations that have increased their investment in workplace solutions

Source: CDW, “The Modern Workforce Insight Report,” April 2018

This is where choose-your-own-device (CYOD) programs come into play. CYOD gives users choices among a predetermined set of devices, with IT controlling configuration, management and security to meet institutional and compliance requirements.

One caveat: IT managers must avoid the slippery slope of repurposing an existing BYOD program. If the institution hasn’t built a CYOD program from the outset, both management and users may resist a more formal mobility program. 

Leaders can overcome this with clear buy-in from the executive side of the institution. Explain why basic BYOD won’t work. 

This usually comes down to data and device security (including compliance and liability), application and device compatibility, and the ability to ensure high availability with quickly swappable devices in case of loss, theft or failure. 

If leaders can clearly articulate to executives why CYOD may be a better alternative, they can extend that communication to the rest of the users to get everybody on board.

Define the End State of Your Mobility Program and CYOD Policy

As part of a mobility rollout, define a clear picture of the desired end state for mobile devices. If a CYOD program is for a single application or small workgroup, this step may be option. 

But try to look at the big picture and long-term requirements for the institution, keeping in mind a framework of about six to 12 months. Use the following questions to guide this exercise. Having the answers written down and clearly stated will make subsequent steps of the process much easier.

  1. Who are the users? Are they a particular vertical group? Are they a horizontal slice of a group, such as faculty or certain levels of administrators? How wide will this program go?

  2. What devices are involved? CYOD usually means smartphones and tablets, but some people will interpret this to include laptops as well. Be explicit.

  3. What level of support will IT deliver? Support is one of the highest costs in any mobility program. Deciding where IT will draw the line between devices and applications is important to setting cost and staffing expectations.

  4. How much choice among various devices and operating systems will the institution offer? While the open nature of higher education means that users may chafe at restrictions, more choice means more costs to support the program. A single device usually isn’t enough (except for certain dedicated applications, such as in medical schools), but narrowing the pool to four or five options (plus variations such as memory and screen size) makes a manageable set for support and quality assurance.

  5. Who’s footing the monthly bill? Devices and carriers cost real money, on top of other overhead. There are lots of models: stipends, reimbursement, cost sharing and so on. Pick one and make sure everyone knows how it’s going to work.

  6. How will IT infrastructure have to change? All CYOD programs require a mobile device management (MDM) or enterprise mobility management (EMM) tool, but IT leaders may also need to select an endpoint security suite (if risk management requires it) or bring on additional application delivery and security tools, such as load balancers or VPN concentrators. Plan for what’s needed so there won’t be any surprises.

  7. After answering these questions, use the information to develop the CYOD policy: institutional responsibilities (scope, support and financial issues); end-user responsibilities (acceptable use, exceptions and loss/termination scenarios); and security (privacy, security management and policy enforcement). 

MORE FROM EDTECH: Hear from some of higher education's most notable online voices in this year's Dean's List.

Before You Deploy Mobile Devices on Campus, Prep for Logistics

Review existing infrastructure to be sure it meets the performance needs of the CYOD user community. A wireless audit, whether of Wi-Fi or carrier services, to ensure devices work well in critical parts of the campus is a good start. 

Check bandwidth bottlenecks as well. Performance bottlenecks can also be on the application side. If this rollout is to support a significant new application, be sure the data center team knows how many new users will be coming online

Tools such as MDM and EMM may require procurement and installation. Microsoft Exchange and Office 365 come with a lightweight MDM system that may be enough for some environments, which can shorten the purchase and installation cycle. 

Joel Snyder headshot
IT managers must avoid the slippery slope of repurposing an existing BYOD program."

Joel Snyder Senior Partner and Owner, Opus One

For more feature-heavy deployments, IT managers will have to decide on on-premises versus cloud-based solutions

The MDM/EMM market is a big one, so finding the right product won’t be hard, but it must be in place and well-understood by IT staff before devices are deployed. If a new endpoint security suite will also be part of the mobile CYOD deployment, that’s got to be in place too. 

Physical device delivery also needs to be carefully planned. Think through how users will receive their devices and what the state of the devices will be when they turn them on. 

In the best deployments, the devices are shrink-wrapped when the users get them, then automatically self-configure and self-enroll into the MDM as soon as they are powered on. 

This may require working with device vendors to preload serial numbers and configuration profiles. A little planning and design here — and perhaps some third-party consulting — will save huge amounts of time later.

SDI Productions/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now