Main Nav

Respecting Privacy, Safeguarding Data, Enabling Trust: How Do We Accomplish This on Personally Owned Computers?

A key challenge for any organization is balancing the protection of institutional data, respecting privacy and enabling trust, when employees access institutional systems with personally owned devices. Any BYOD strategy should address this balance. Personally owned devices usually are not under the control of the institution, and verifying that the devices are securely configured can feel intrusive. Allowing personal devices that are not checked for secure configuration and vulnerabilities to log into protected systems creates potentially serious and unknown risks. Institutional attempts to influence or cause configuration changes on personally owned assets and scanning them for vulnerabilities raises questions about trust and liability.

Institutions that provide employees properly configured mobile devices help reduce the need of employees to access institutional systems with personally owned devices, but this approach does not work in all situations. While the potential cost of a security breach can easily exceed the cost of providing mobile devices to employees, the cost of providing the mobile devices also can exceed available funding. Institutionally issued mobile devices may not address all legitimate needs.

Educating employees, who access institutional systems with personally owned devices about the need to configure them securely, check them for vulnerabilities often, not use those devices for high risk activities, and inform their supervisor about their apparent need to use the personal device for work helps to reduce risk and initiate a healthy conversation about viable alternatives. Providing employees access to virtual desktops that can be better protected, and are in turn used to access institutional systems provides a reasonable balance of improved security and usability. However even in these cases using a secure personal device to log into the virtual desktop is important. After all, a compromised device that is allowed to log into a secure virtual desktop is an open door to attack.

Clear policies and services to guide and help employees be safe are important. Offering self-service vulnerability scans, for example, enables employees to check their personally owned machines while not undermining trust and privacy. It is the purpose of this blog to stimulate a discussion about this topic and sharing between contributors information about solutions that accomplish the three goals of respecting employee privacy, safeguarding data and enabling trust.

Petr Brym currently serves as the Chief Security Officer in UC Berkeley Student Affairs Information Technologies. Previously Petr served as the Director of IT Security at the University of New Hampshire.

Tags from the EDUCAUSE Library

Tags from the Community

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.