Despite the hype surrounding the bring-your-own-device (BYOD) trend, the reality is that BYOD has been around on college campuses for nearly a decade. Spurred by tech-savvy students who demanded internet access to their personal devices, forward-thinking administrations recognized early on that providing network access and resources to these students could improve the educational experience, while aiding recruiting efforts. These administrators were ahead of their time—realizing that if they did nothing to address the network demands, students would find a way onto their networks anyway.
Today, driven by a burgeoning market for smartphones, tablets and other personal computing devices, BYOD on campus has become the expectation, not the exception. A recent survey conducted by Bradford Networks found that 85 percent of education institutions (K12 and higher ed) allow some form of BYOD—while only 6 percent claimed they had no plans to implement BYOD in the future.
The network demands faced by these schools have also grown—10 years ago, students demanded access primarily for their laptops. In today’s connected world, students want network access for smartphones, tablets, recreational devices such as IPTVs and gaming consoles, and much more.
This demand for network resources will only grow as students become even more connected. If you don’t already have a BYOD policy governing personal devices on your network, the summer is a great time to put things in place, or to reevaluate your existing ones, before you face an influx of students and their devices in September. Here’s a checklist to help you prepare for BYOD while balancing the critical needs of security.
Conduct an in-depth analysis of your network visibility and security
If you can’t see what’s on your network, you can’t control it, which makes your campus network vulnerable. Without visibility and control, there will likely be numerous rogue, unknown, non-compliant devices on your network. What’s even more concerning is the potential damage these devices can do. Researchers at Purdue University found that malicious software can propagate to roughly 500,000 devices in just 100 seconds. In other words, a rogue device can bring down your entire network in a matter of seconds.
As you’re planning for the BYOD influx in the fall, you should ask yourself the following questions:
- How much visibility do you currently have into who and what is connecting to your network?
- Can you identify the types of endpoint devices that are connecting?
- Do you know who is actually using the devices that are connected to your network?
Determine your BYOD policy criteria
Once you have the visibility, you need to create a BYOD policy that is appropriate for your own specific campus and security requirements. Key attributes and factors to consider include:
- Which devices to support? (iPads, smartphones, PlayStations, Xbox, IPTV, etc…). New devices are continuously being released onto the market, so its important to consider those, too.
- Which operating systems should your school support?
- What AV software will be required? (This should include version numbers and at least one free AV option).
- Should we prohibit or restrict specific applications? (P2P music sharing, etc…).
- What role-based access policies are needed for the faculty, students and staff?
- Should we provision access to certain users based on location and time-of-day?
- What are the remediation policies for devices that don’t fit the profile? (this could include isolation, limited access and more).
Implement the BYOD strategy in phases and enable remote registration
After conducting the analysis above and developing an appropriate policy, you should now be ready to launch your BYOD strategy. The new BYOD policy should be rolled out in phases – residential halls are an excellent place to start. This is where students will have the most number of connected devices, including atypical devices such as TVs, video game consoles, even coffee makers. While worrying about things like coffee makers may be a funny notion, the reality is that any device connected to a network is a potential threat, and at the very least, a potential bandwidth hog.
Schools should make students aware of the new policy, clearly articulating what devices will be granted access, and which ones will be blocked. It’s best to provide a grace period to allow students time to become compliant with the new rules before taking action.
One way to ease the onboarding process is to provide students with the ability to remotely register their devices from their home before they get to school. Eliminating the traditional backlog of connectivity demands once students get to school will make life easier for both IT administrators and students.
Once the policy is implemented in the areas of highest network traffic, the phased roll out can continue onto other critical areas, such as guest management, the administrator’s network and across the school campus.
Plan for guests
College campuses by nature are social settings—students and faculty often entertain a multitude of visitors, and the campuses themselves often host conferences and meetings. Each visitor, however, represents a potential threat, which is why schools should take proactive measures to provide controlled guest network access. Otherwise, they’re likely to ask for a network password from whomever they’re visiting, resulting in another unknown device connecting to the campus network. Some recommendations include:
- Make guest access easy to find and connect, as well as manage;
- Limit guest access (network and bandwidth) or guest networks may become overused and overloaded.
Communicate the policy
Often times, this is the most important aspect of any good BYOD policy—communication. Keep the message simple, but make sure all stakeholders know the policy and the requirements and understand the rationale. A little communication goes along way. For example, letting students know about what devices are supported might help them make purchase decisions (technology isn’t cheap—no one wants to buy a device that isn’t supported by their school). It’s also important to offer an easy-to-use support system in the event of problems, to avoid unnecessary frustration.
One of the most important things to remember is that you can’t set up your BYOD policy based on a snapshot of security risks and your student/faculty at a single point in time. BYOD is an ongoing process that you must continuously review and update. Using the right technology solution is a key factor in ensuring your policy is up-to-date.
The ultimate goal is to find the right balance between enabling productivity and keeping your campus networks secure. With the appropriate policy and technology solutions, schools can have a secure BYOD policy up and running by the time students and faculty return to campus.
Frank Andrus is CTO of Bradford Networks.