Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Respecting Privacy, Safeguarding Data, Enabling Trust: How Do We Accomplish This on Personally Owned Computers?
A key challenge for any organization is balancing the protection of institutional data, respecting privacy and enabling trust, when employees access institutional systems with personally owned devices. Any BYOD strategy should address this balance. Personally owned devices usually are not under the control of the institution, and verifying that the devices are securely configured can feel intrusive. Allowing personal devices that are not checked for secure configuration and vulnerabilities to log into protected systems creates potentially serious and unknown risks. Institutional attempts to influence or cause configuration changes on personally owned assets and scanning them for vulnerabilities raises questions about trust and liability.
Shared Assessment of Security
Most institutions have some form of formal security review and approval process that is followed prior to signing contracts with service providers. While reviewing and documenting security prior to signing a contract is important, it is also time consuming for both the service provider and customer. One way to make such process more efficient and standardized for all is to use the forms available at http://www.sharedassessments.org. Service providers only need to fill out the form once, and clients can expect to see a well organized review of security that is tied to meaningful standards. I encourage the use of this valuable resource, and wonder if others have found it useful as well.