Main Nav

 
Issue #2: Supporting the Trends toward IT Consumerization and Bring-Your-Own Device

"While the technology landscape has never been more personal or easy to use, it is simultaneously increasingly complex to manage and support. Faculty, staff, and students no longer need the IT organization as an intermediary in their adoption and application of the most commonly used technologies. They arrive with mature personal computing environments that they have self-configured to meet their specific needs, preferences, and styles of work and recreation. Any college or university that maintains hard-and-fast rules about which devices and communication tools must (or may not) be used risks being irrelevant. Yet the institution's data and intellectual property must be safeguarded, no matter where it is stored, transmitted, or accessed. Even the most strategic and flexible IT organization may, at times, need to be reactive. Institutions need to learn to adapt to and leverage personal computing environments, not proscribe them."


We've talked about this trend in the context of a couple of the other issues on the Top 10 list.  Now that the fall semester has started, have we noticed any differences in our support trends?  It seems our campus issues are with the variety of operating systems and browsers and the never-compatible-when-you-need-it Java.  The support problems haven't been device-centric, but more about personal preferences with browsers. 

In terms of safeguarding data and intellectual property, what are you doing beyond policy?

--
Theresa Rowe
Chief Information Officer
Oakland University
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

YUCH (I know I’ll get feedback on that)

 

Dr. Robert Paterson

Vice President – Information Technology, Planning and Research

Molloy College

Rockville Centre, NY

 

Safeguarding data and intellectual property is no doubt an issue my division is dealing with. Beyond personal devices in the workplace, we are also dealing with personal preferences in cloud storage solutions. People are using and storing institutional data in personal storage accounts (e.g. DropBox, GDrive, Box, etc.).

Yes, we are updating our acceptable computer use and records management policies. And yes, we are in the process of providing better and convenient storage solutions BUT there's no way to police where people store institutional data. They will store data wherever it is convenient for them. Ongoing education is going to be key.

Jonathan See
Chief Information Officer
Pepperdine University

I may not address the question posed directly, but will take the opportunity to voice my thoughts on BYOD.

I am not a curmudgeon on this topic - I have advocated BYOD on my campus for the last three years and continue to build our processes to expand support for it - but I do have a single worry about BYOD. Whenever I hear businesses or politicians talk about protecting "consumer options" invariably you can dig into their interests and find the same motivation: moving risk from those most able to understand and manage the risk to those least capable of understanding and managing the risk. Usually, there is a financial benefit for the entity distributing the risk, but those that take on the risk have little visibility to the financial burden of the risk they receive. In my most pessimistic moments, I may also add the entity distributing the risk may have motivations to pass risk to those least capable to manage it precisely to take advantage of (and profit from) their ignorance (I am not sure this is happening in higher ed BYOD - I'd be interested if anyone sees this happening). BOYD is often billed as "increasing [consumer] options" and, in its most extreme form, certainly has the potential to change financial burden of IT departments and/or schools - shifting risk and financial burden from the department/business/school to the employee. Does the employee realize this shift is happening when they demand to use their own IT tools? Does the employee understand the implications of terms of service, especially for software meant for personal, non-commercial use being used for work-related tasks? Does a manager or department head understand the risks associated with a grab bag of IT services for the department's operations? IT traditionally took that burden (at a high cost) and had professionals who understood the risks manage the risks. As we move to BYOD, are we educating employees on the risks they are taking on in the process? If not, is it fair? Because fairness is a possible test of ethics (out of many) - if not, is it ethical to shift IT risk to employees? Does this change if the level of BYOD policy is extreme (employees purchase all end-user IT services and must support it themselves - although they may still connect to enterprise systems) or light (employees pick the device they want, but enterprise IT has to support everything at the same (full) level when it comes through the door)?

The biggest issue I see here is while end users want BYOD, in my experience they have little interest in understanding the risk and financial implications. They just want it. How much time do I spend protecting them from themselves when they don't want protection? Is my concern even valid?

Ted Wilder
Senior Director
Office of Technology
Luther Seminary



Ted,

Great commentary.  I agree and share your concern.

Bill

William Strausbaugh, Ed.D.
Associate Provost and Chief Information Officer
Messiah College
Grantham, PA 17055
717-796-5365

From: Ted Wilder <ewilder001@LUTHERSEM.EDU>
Reply-To: The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>
Date: Monday, September 10, 2012 3:17 PM
To: "CIO@LISTSERV.EDUCAUSE.EDU" <CIO@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [CIO] Topic #2 - Supporting the Trends toward IT Consumerization and Bring-Your-Own-Device

I may not address the question posed directly, but will take the opportunity to voice my thoughts on BYOD.

I am not a curmudgeon on this topic - I have advocated BYOD on my campus for the last three years and continue to build our processes to expand support for it - but I do have a single worry about BYOD. Whenever I hear businesses or politicians talk about protecting "consumer options" invariably you can dig into their interests and find the same motivation: moving risk from those most able to understand and manage the risk to those least capable of understanding and managing the risk. Usually, there is a financial benefit for the entity distributing the risk, but those that take on the risk have little visibility to the financial burden of the risk they receive. In my most pessimistic moments, I may also add the entity distributing the risk may have motivations to pass risk to those least capable to manage it precisely to take advantage of (and profit from) their ignorance (I am not sure this is happening in higher ed BYOD - I'd be interested if anyone sees this happening). BOYD is often billed as "increasing [consumer] options" and, in its most extreme form, certainly has the potential to change financial burden of IT departments and/or schools - shifting risk and financial burden from the department/business/school to the employee. Does the employee realize this shift is happening when they demand to use their own IT tools? Does the employee understand the implications of terms of service, especially for software meant for personal, non-commercial use being used for work-related tasks? Does a manager or department head understand the risks associated with a grab bag of IT services for the department's operations? IT traditionally took that burden (at a high cost) and had professionals who understood the risks manage the risks. As we move to BYOD, are we educating employees on the risks they are taking on in the process? If not, is it fair? Because fairness is a possible test of ethics (out of many) - if not, is it ethical to shift IT risk to employees? Does this change if the level of BYOD policy is extreme (employees purchase all end-user IT services and must support it themselves - although they may still connect to enterprise systems) or light (employees pick the device they want, but enterprise IT has to support everything at the same (full) level when it comes through the door)?

The biggest issue I see here is while end users want BYOD, in my experience they have little interest in understanding the risk and financial implications. They just want it. How much time do I spend protecting them from themselves when they don't want protection? Is my concern even valid?

Ted Wilder
Senior Director
Office of Technology
Luther Seminary



It is an interesting ethical test.  Is it ethical to allow someone to walk down a path where you believe them to be safe?  Does that position change when you allow them to walk down a path where you perceive there might be danger to them personally?  Are you allowing them to walk the path, pushing them to walk the path, supporting them in walking the path, or just watching them as an informed (or uninformed) bystander?  When we allow them to walk down the path, are we shifting the risk of them walking down the path?  I'm not sure.  If I know for certain that a criminal is lingering on the path, and I fail to warn, that would be an ethical failure on my part.  But if I have no certainty that something might go wrong, is it an ethical failure on my part?

And that gets complicated with stewardship.  If all I am risking walking down the path is my own "stuff", that's one thing.  But if I'm carrying a million dollars (or university data), that's something else again.

Forgive me for asking the questions.  This is very interesting to think about.

Theresa



Thank you for the reply, Bill.

Ted


Theresa,

If I remember my ethics class correctly (and I hope I do.....), four main tests can be applied to an ethical question:
  1. Rights
  2. Justice
  3. Utility
  4. Care
The question posed has multiple elements to consider (some of which may have conflicting interests): at minimum the school, employees, and IT. Let the "doing ethics" begin.......

From my perspective, I don't see any issue of impeding the rights of those involved. I think there is substantial utility for the college/university and employees with BYOD. As I mentioned above, I stumble at the fairness/justice of moving IT risk from the school and IT department to the employee without at least attempting to educate them because I think I have some responsibility to care for the well-being of employees who are affected by a decision like this (if they choose to ignore the education, that is their problem and not mine). And then there is caring for the well-being of college/university data that is inherent in my job.

Indulge me to build on Theresa's analogy: For many years employers asked employees to walk down an increasingly dangerous path (the internet?) carrying a package of valuables (the employer's data). We've equipped them with a guide, security, translator, and provisions for the journey (IT departments). The employees complain how the guide too often seems to go the long route ("The bridge looked safe and the valley path friendly, but no, we had to go all the way around the mountain."), the security guard gets in the way too often and is over protective, they aren't sure the translator is translating correctly, and the provisions are unbearable. In fact, the employees have found they can give their entourage the slip and enjoy a few days on the open road alone - traveling quickly and easily. Our employers have noted the high cost of this situation, especially the waste of the expensive entourage the employee ditches anyway. So, employers hand the employee the package of valuables and a pile of money and say "I've equipped you with everything you need to do your job" and it is now the employee's responsibility to equip and secure the journey any way they choose. The employee is an expert at delivering the package, not equipping and securing a dangerous journey. As experts in equipping and securing journeys, we know the path is always changing with new, unexpected, and often hidden dangers. Do we let them loose and hope for the best or do we hand them a map with the best route traced and lists of the guides, security guards, translators, and provisions we trust the most? Or are there other options? What about the employees who didn't mind the entourage - even appreciated having the journey so well protected?

As a reminder, I'm not being a curmudgeon. I'm the one who introduced BYOD to my campus and see its utility. 

Ted Wilder
Senior Director
Office of Technology
Luther Seminary



Ah, Ted, thanks for taking that walk with me.  I think exploring the ethics and values of BYOD is a great foundation for making decisions and inventing the future on our campuses.  You've give us a lot to think about.

Best wishes,
Theresa

Thanks to Theresa for stimulating excellent conversation addressing the hot topics for CIOs. Specific to Topic #2 an un-conference is being scheduled during the annual conference in Denver addressing BYOD. Plan to join the Unconference: BYOD in Higher Education and help shape the interaction on the specific topics that interest you most concerning BYOD. See you in Denver Stay mobile - Steve diFilipo Mobile Technologies Group Leader ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
My colleague Rodney Petersen's policy blog today features a new resource that might also inform this discussion. http://www.educause.edu/blogs/rodney/federal-government-develops-toolkit... From the post: "The Digital Services Advisory Group and Federal Chief Information Officers Councilhave produced a Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs. The toolkit provides key areas for consideration and examples of existing policies and best practices. The toolkit also includes a small collection of case studies to highlight the successful efforts of BYOD pilots or programs at several government agencies. The Digital Government Strategy, issued by Federal Chief Information Officer (CIO) Steven VanRoekel on May 23, 2012, called for the establishment of a Digital Services Advisory Group (Advisory Group) to promote cross-agency sharing and accelerated adoption of mobile workforce solutions and best practices in the development and delivery of digital services...." And yes, see you in Denver! Lisa Lisa Gesner Marketing Manager, CIOs, Policy, and Research EDUCAUSE
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.