In recent years, bring your own device (BYOD) has emerged as a go-to strategy for universities seeking improved productivity, collaboration, and flexibility. However, despite these benefits, BYOD can present various challenges to the security and privacy of universities as well as their wider communities.
What’s the issue?
BYOD has undoubtedly facilitated the rise of security threats like shadow IT (hardware or software used within an organisation without the knowledge of the IT department). Because BYOD allows users to work from their personal devices, it is now incredibly simple for students and staff to circumvent IT-sanctioned resources and use their preferred cloud applications. This results in a loss of visibility and control for IT teams – they are left in the dark as to where sensitive data is stored and, consequently, who is viewing it. Under impending moves such as General Data Protection Regulation (GDPR), shadow IT can lead to large fines as well as devastating reputational damage.
In addition to the above security concerns, privacy is a significant issue under BYOD. Recently, stories about Facebook and Cambridge Analytics misusing user data have dominated news headlines, suggesting that the importance of ensuring user privacy will continue to grow. Unfortunately, this leaves IT teams in a problematic situation. While they need to respect the privacy of individual users, they must also protect their organisations’ data – whether it rests on a corporate server or on a student’s mobile phone.
“Because BYOD allows users to work from their personal devices, it is now incredibly simple for students and staff to circumvent IT-sanctioned resources.”
What’s the solution?
One potential way to address these BYOD problems is to rely on mobile device management (MDM). MDM solutions require software to be installed on every mobile device accessing an organisation’s data. In this way, the IT department can control said devices and protect sensitive information. While this can address BYOD security problems, it also grants IT visibility into personal information on personal devices, creating privacy concerns. A recent Bitglass study on the use of agent-based mobile security found that only 44% of employees are willing to allow MDM to be installed on their personal devices. The report also found that the majority of workers choose not to enrol in their employers’ BYOD programs because of privacy concerns. These user acceptance problems leademployees to work around IT departments, rendering MDM self-defeating.
In light of these difficulties, some organisations simply turn a blind eye to BYOD. Unmanaged BYOD, as it is called, can seem attractive to IT teams who would rather avoid employee backlash over invasive MDM solutions. However, given the threat of data leakage via unmanaged devices, this route is unacceptable for any responsible organisation.
Rather than pursue the above strategies, organisations should secure users’ personal devices with data-centric, or agentless, solutions. Unlike MDM, these solutions do not require software installations on devices and, consequently, leave private data untouched. Because they emphasise protecting data instead of controlling devices or applications, they can meet the security requirements of IT teams and assuage users’ privacy concerns.
While it can be a headache for IT teams, BYOD is now an integral part of the modern business world. It can no longer be ignored or half-heartedly addressed through insufficient tools like MDM. Fortunately for IT teams tasked with balancing data security and user privacy, agentless solutions are the perfect remedy to their BYOD headaches.