How Are You Managing the Mobile Devices on Your Campus?

Universities must do a better job of controlling the security risks associated with personal smartphones and tablets.

By ·

The proliferation of mobile devices on college and university campuses is cause for both celebration and concern. The convenience these smartphones and tablets offer is beyond dispute: accelerated learning opportunities, breaking news and updates from professors and students.

That said, security risks are significant, enabling hackers and cyber thieves to obtain sensitive data, personal information and other confidential materials. More to the point, the use of mobile device management (MDM) is an insufficient answer to a threat of this magnitude. While MDM has many merits and continues to be an option used by many school administrators, there are more innovative — and effective — ways to safeguard valuable materials and protect people from security violations and data loss.

Personal Mobile Devices Aren’t the Problem

In this environment, where Bring Your Own Device (BYOD) is commonplace, we need to acknowledge that students and professors will (they already do) use their phones and tablets for both professional assignments and personal fun. Rather than treating these devices as a problem or prohibiting their use entirely, colleges and universities should embrace this new era of technology, provided there is a series of significant upgrades involving MDM.

Dynamic Mobile Exchange (DME) is an ideal solution for this challenge because it enables an IT department, particularly one as large as the kind affiliated with a major university, to allow faculty and students to work securely with their school E-mail addresses, calendars, contacts, news feeds, HTML5 applications and relevant intranets.

DME augments the way colleges and universities use MDM. This point is critical because it offers an entire campus, including professors, teaching assistants, administrators, admissions officers and students a fully secure application, which is compatible with a broad range of smartphones and tablets, including Apple iOS (iPhone and iPad) and Android. On a practical level, this advantage delivers much-needed peace of mind. No enterprise data stays on a device if someone graduates or is no longer part of a specific college or university.

 Remember, schools have legitimate concerns that these devices will cause problems for IT professionals. Fears abound about data leakage, creating the impression that any one of these items — from the proliferation of the iPad to the global popularity of Android smartphones — is the principal problem to maintaining security.

Unauthorized Programs Led to Data Loss

This interpretation has merit, based on a study commissioned and published, respectively, by Cisco Systems and Syracuse University. According to the report, 70% of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies’ data loss incidents. Personal E-mail is the most commonly used unauthorized application, followed by online banking, online bill paying, online shopping and instant messaging. In addition, 46% of university employees admit to transferring files between work and personal computers when working from home. This returns us to the point that MDM, while worthy of some praise, is still not enough to overcome these challenges or assuage specific concerns about security.

 Those concerns vary, including fears about malicious applications, compromised security and the uploading of academic data to personal devices, as well as fears about the physical theft of the devices themselves. For example: at least a third of most major organizations use MDM to monitor, manage and support the devices their employees use. Coupled with a poor definition of BYOD policies at these places (along with ad hoc rules governing security), and the problems are more apparent. MDM is an insufficient resource to protect information, prevent data loss and address the issues — and opportunities — of the BYOD era.

Complex Passwords, Blacklisting Don’t Work

Again, these comments are not an attack against MDM; but colleges and universities want effective security and data loss controls. Requiring sudden changes in behavior where users must routinely remember or resent complex passwords is an assignment doomed to fail. All of which presents another problem when students or faculty want to send a text message, access social media and balance their interests involving privacy and safety. IT departments must reconcile these demands (from the campus community) with the need for protecting essential information.

At the same time, mobile applications represent another set of challenges. Sites like Facebook, Twitter, Dropbox and Evernote, as well as various news-related programs, may seek to directly or indirectly access and share organizational data. That information can end up in the wrong hands, forcing IT departments to attempt to disable these applications or “blacklist” them as a way to prevent data loss. These tactics are not a practical solution to an environment where there are over 750,000 applications available from Apple (and their App Store) and the Android Marketplace.

For colleges and universities, MDM requires a more robust and flexible solution than conventional remedies. In this environment where students, faculty and administrators are the very definition of mobile device users, there is an added need to not inconvenience these individuals. Offering the means to stop hackers, thieves and other cyber criminals is, thus, essential. With the right tools in place, we can all move beyond MDM to enjoy renewed protection and enhanced productivity. These benefits accrue to everyone, giving us cause for relief and celebration.

Related Articles:

Bo Ekkelund is the marketing respresentative for Excitor.

Note: The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to, Campus Safety magazine.


Campus Command Post, Data Breaches, Network Security

Comments:
Commenting is not available in this channel entry.