10 college and university CIOs from a diverse group of institutions around the country joined University Business on July 17 for an online roundtable discussion about bring-your-own-device (BYOD) environments, data security in the mobile age, the biggest challenges they face, and what it takes to create the mobile campus.
UB: How is your institution adapting to mobile technology?
Doyle Friskney, University of Kentucky: A survey of our students last fall found that 96 percent owned a laptop, 68 percent owned a smartphone, and 40 percent were carrying their laptops with them on campus. This translates to about 10,000 students bringing their own devices to campus. So we’re rethinking whether we need computer labs in their present form. We had 18 labs in 20 locations, and of course, were spending a lot of money maintaining about 1,200 computers. Part of our solution was to close several computer labs and convert them to BYOD study spaces. We also developed virtual software environments for students, and we are developing mobile versions of all our applications.
Frank Cervone, Purdue University Calumet: Like so many institutions, we’re also looking at developing mobile applications right now, and we have a couple different mobile initiatives in the works. Like the University of Kentucky, we’re also looking at redeploying our computer labs to better meet the needs of students today, who are bringing their own devices to campus.
Tim Ferguson, Northern Kentucky University: When we decided to start developing mobile applications, it was clear that our IT department did not have the expertise or manpower. So we went to our College of Informatics and recruited computer science students to develop mobile applications, and created a Mobile Academy made up of 70 of our top students. The applications these students have developed are in use here at NKU, as well as by companies all over the world; we sell the applications they develop and it has become a revenue stream for the IT department. When these students graduate, many of them go on to work at some of the best tech companies in the world because they have had four years of incredible experience.
Ed Clark, Minnesota State Mankato: In a BYOD environment, one of the things you have to worry about is the variety of software that your students need. You need a way to virtualize those applications to deliver them to tablets, smartphones and other devices. So we decided to create virtual desktop environments of all of our software in the cloud. At first, we tried it as a pilot program, and were surprised at how positive the response was from students and faculty, so we expanded the initiative. It is expensive, but it was worth it, and I think this is the future. Our students were fully in support of increasing their technology fee to help fund it. Like Northern Kentucky, we also have a mobile academy called Project Maverick, in which we tried to create device-agnostic environments. We developed an application that enables students to give feedback to the teacher during class through any device. This sort of environment has the potential to change teaching, learning, and support.
UB: What challenges has BYOD created on your campus?
Joe Moreau, Foothill-De Anza Community College District: As at most institutions, it has been a tidal wave of mobile devices coming at us. At the same time, we’ve seen a growing number of faculty and staff who are able to use increasingly sophisticated devices and applications, and have a growing expectation that they will be able to use these tools in a variety of ways wherever they are, including on campus. We’ve all spent many years making sure our computing environments are safe and secure, but mobile devices are designed for the consumer market. Users don’t understand the difference between being at home and being on campus, and frankly, they don’t care. They want everything to work. As CIOs, we clearly need to rethink how we’ve done things in the past 15 years, given this new age of mobility. We need to maintain the same level of security and safety around critical information resources, whether they are instructional, administrative or research resources, but we also need to find a way to provide a seamless transition onto campus.
Gloria Barlow, Wilkes University: I agree wholeheartedly with Joe that users don’t care about the technical details or problems; they just want their devices to work on campus. One of the challenges we’re confronting is an even greater resistance from the user community to an IT department providing any acceptable use standards or guidance, because these are personally owned devices. We are a smaller institution, but our size is not the problem in this area. What is a challenge is the need to develop a mobile device policy and process. I’ve been working closely with the faculty of our business school as they integrate iPads into coursework, but we’ve found that we need a new structure and new way of thinking about IT. I also agree with Doyle and Frank, who mentioned the need to redeploy computer labs in a virtual way; we’re looking at the same thing right now. Are we trying to impose the same old structure and way of thinking onto the BYOD environment? That’s the question. We need to approach everything differently.
Randy Williams, Benedictine University: We’re a smaller institution than some of the others here. We have a small IT department, so we have to rely on vendors and other sources for our programming and application development. Right now, we have a developer working on redesigning the recruiting section of our website so it is mobile compatible, and we’ll be doing more mobile development in the future. To add to what Gloria said, I think it’s clear that the regulatory environment is not going to be able to keep up with how rapidly mobile is moving. Congress is not going to keep up with the pace of change. Things like FERPA (Family Educational Rights and Privacy Act) are going to be big pain points for all of us in higher ed for a long time.
UB: How are you changing your IT infrastructure to accommodate mobile devices?
Patti Barney, Broward College: About two years ago, we started the process of making our entire campus wireless, and we recently started expanding that initial effort. At first, our community was asking for wireless but not in totality; most people didn’t think everyone needed it everywhere. We had to educate them about the future requirements we knew we would be facing in a BYOD environment. We started by installing about 600 wireless access points, and this year’s expansion is to add 100. Once that is complete, we will assess student needs to determine our next steps. There is some disagreement about what students need versus what they want; we all know these devices are not always used for learning. We have a lot of challenges in this area, such as understanding what students can afford at home versus what we provide for them on campus, and how best to support student-owned devices. We had to invest in an infrastructure product that had great security and monitoring built in. We’re always looking to reinvest in our infrastructure to meet the needs of users.
Eric Hawley, Utah State University: As Joe observed, users on campus want their devices to work the same as they do at home. When it comes to infrastructure, it can be challenging to help business officers or administration understand that the wireless access points required for enterprise installations—which could cost $500-$700—may not support the simple, easy-to-use applications they use at home. These same applications don’t scale well, and bring security concerns when used on a campus. How do you scale these broadcast-based systems that faculty and staff want to use when it isn’t that simple? Your users don’t care about those problems, and they don’t understand why these wireless infrastructure access points may cost 10-20 times what they have at home, but don’t support what they want to do. That’s a big challenge for us here.
Doyle Friskney, University of Kentucky: I’m sure every university has experienced what UK has, in that we have spent a significant amount of funds adding wireless access points across campus to deal with the demand. We have about 4,000 today; we’ve had massive growth of our wireless infrastructure. But now with smartphones, a number of students and faculty are asking for more cellular coverage on campus as well, so we’re using distributed antenna systems to meet that need. It’s ironic in a way, because we’re essentially putting in some of the technology that we took out 20 years ago. My question is, is there an end to this? I used to think we could cover the campus, but today, I realize we’re perpetually putting in more and more access points. It used to be a student with one laptop; now students have 2 or 3 mobile devices they carry with them.
UB: What new mobile device policies have you implemented?
Patti Barney, Broward College: We’re in the beginning stages of developing new mobile technology policies. We’ve created a task force not only to look at security concerns, but to examine how we control and manage devices that are college-owned versus those that are brought on campus by students and faculty. Part of the process is determining what needs to be a formal policy and what should be just a guideline. So we’re dealing with all of those challenges right now. Our approach was to start simple by looking at the hardware purchases we make today, and allowing mobile workers to select a device from a list we’ve created of approved devices. We’re not yet at a point to provide stipends towards purchases. We’re trying to work with our task force to decide what our guidelines should look like, and then we will consult with our college president and administration to decide what should be a formal policy.
Eric Hawley, Utah State University: People don’t like policies, no matter what they are. They tend to do what they want. So our approach has been to have everyone agree that it makes sense to have an integrated, common enterprise approach to this. Our mobile policy is fairly simple. It says to all our employees that if they want to do something on our network and are unable to do it, the policy doesn’t say you can’t, it says please let us know and we will find a way to make it happen safely. Better yet, if our IT department understands what you’re trying to do, it may be that we can extend that capability to the entire campus so everyone can benefit, instead of creating a Wild West atmosphere, where people install their own wireless access points, for example. The policy has teeth; if you do something on your own that does damage to the university’s network, we respond very quickly. It helps to let staff know that we’re not there to stop them from doing things, but we are there to help them accomplish what they need to accomplish. When they realize we’re listening to them, policy discussions and decisions become very different.
UB: How have you changed your IT security to deal with mobile devices?
Frank Cervone, Purdue University Calumet: We have a policy at the university system level of not providing devices, but instead providing a stipend for faculty and staff to purchase their own. We’ve had some issues with that, because there are some applications we’ve created specifically so that they can’t be used with a mobile device. We’ve also set up a virtual machine environment, where we deliver software to the devices, and any protected data cannot be downloaded. But, we’re still at the beginning stages. We’ve been very fortunate to be able to work together in the Purdue University system to develop these policies. Throughout the year at various campus leadership events, we remind people of our policies and remind them of their responsibilities. We remind everyone that, in fact, they are responsible for data breaches that occur as a result of their actions, and the university will hold them liable in many respects.
Tim Ferguson, Northern Kentucky University: We’re working on several fronts regarding security. Like other institutions here, we’re also in the process of converting to a stipend approach for devices for faculty and staff, and we’re working through the issues that come up because we no longer own the devices. We’re trying to address those with new policies. Another initiative we’ve undertaken is a security audit, with an outside firm reviewing all of our technology infrastructure and policies. We’ve done this in the past, but for the first time, we’re including mobile devices in that security audit, so we’re eager to find out where we stand. We still have an environment where, if you have a smartphone but are not connected into our private network, you won’t have access to our critical systems. But, we think that policy may have to change, as well.
Richard Anderson, Tidewater Community College: In the past year, we’ve seen growing demand for iPads, as well as for mobile access to data on our college network. But before I open it up and provide more access, we need to develop more comprehensive mobile policies, particularly about security. To me, students are not as much of a concern when it comes to security; they are mainly accessing their own information. Faculty and staff are a different story, because they have access to much more sensitive information on our college network, data that affects far more people. So security is a big concern, and we hope to address that at least in part with developing clear mobile device acceptable use policies.