Main Nav

I have noticed corporations have pursued the path of security policies for the BYOD environment much more that higher ed environments. I would welcome word from higher ed institutions that have developed, or are currently working on developing, BYOD security policies.

Kind regards,

Dr. Jacques du Plessis
Interim Chief Information Officer
University of Wisconsin, Milwaukee

"Fluidity is the way to life. Fixation is the way to death. This is something that should be well understood." 
-Miyamoto Musashi, the Book of Five Rings

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Jacques,

 

I’m pleased to see this question come up on the CIO Listserve because ECAR has relevant information to share about current BYOD policy and practices related to security. In research published earlier this year (2013), we found that though formal policies for BYOD are scarce, they are common where they matter most – like for security issues. Below (and attached) are two figures from the full ECAR BYOE report (we titled it BYOE – bring your own everything, rather than BYOD – which is device-centric) about what higher education leaders say about their policy customs for security-related issues.

 

This is just a snippet of our findings, and more information about BYOE in higher education can be accessed via the ECAR Research Hub: http://www.educause.edu/library/resources/byod-and-consumerization-it-higher-education-research-2013. In addition to covering BYOE security policies and practices in the final ECAR report on this hub, we published a separate, stand-alone report titled, “IT Security in the BYOE Era.” This is where we introduced the notion that risk management and raising user awareness are the foundations of good BYOE security practices.

 

Since the ECAR work cited here is currently available to ECAR subscribers only, I’ll direct your attention to the publically available EDUCAUSE Review Online for March/April 2013 that has a BYO focus. In particular, the article on “The Policy of BYOD: Considerations for Higher Education” by Stephen diFilipo is rather insightful when it comes to considering the cost-to-benefit ratio for establishing BYO policies.

 

Please feel free to contact me directly if you have comments or follow up questions about the ECAR work on BYOE issues.

 

-Eden

 

Eden Dahlstrom  Senior Research Analyst

Data, Research, and Analytics
EDUCAUSE
Uncommon Thinking for the Common Good
1150 18th Street, NW, Suite 900 Washington, DC 20036
direct: 303.939.0330 | mobile: 530.903.2305 | educause.edu

 

 

Jacques,

I am beginning to look at formulating such a policy at the institutional level, have consulted with Gartner, and have also begun conversations with certain stakeholders.

In the meantime, we have updated our AUP (http://community.pepperdine.edu/it/security/policies/usagepolicy.htm) to mention security requirements for personally-owned computers. We are also actively educating our end users on best data security practices and reminding them not to place sensitive information in the cloud. Internally within my IT division, we taken a certain BYOD position and issued the following position statement for IT employees:

"As a business practice, Information Technology (IT) provides each of its employees with a suitable computer to use in the performance of his/her work at Pepperdine.  To ensure optimal performance, IT refreshes all IT-owned computers every 3 to 4 years.  Therefore, there is no reason for an IT employee to use a personally-owned computer for Pepperdine work; and IT management will never ask an IT employee to do so.  Those IT employees that receive telephone allowances are responsible for the repair and replacement of their telephones.  Any IT employee that chooses to use a personally-owned computer or other electronic device for Pepperdine work assumes sole responsibility for any damage the equipment may suffer during the course of Pepperdine work.  IT will not be responsible for any support or replacement of any personally-owned computer or electronic device.  Furthermore,  it is absolutely prohibited to store restricted information on a personally-owned computer or other electronic device."

What we have found at Pepperdine (and I'm sure this is shared by many of you) is that many individuals bring in their own personal devices either because their work computer is too old/slow or their department does not provide a work computer. For the latter, one of our schools requires its adjuncts to use their personally-owned devices; hence, a position statement like ours will not work for them.

Hope this helps. Happy to discuss more offline.

Best,

Jonathan See
Chief Information Officer
Pepperdine University
310.506.6256

@SeeJonathan

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.