Student Smartphones: Is BYOD a Security Threat to Schools?

Student Smartphones

What began as a trickle in the mid-1980s — characterized by early adopters who paid upwards of $1,500 to buy a 10 pound “cellular bag phone” for their cars — has become a tidal wave of wireless connectivity. The Cellular Telecommunications Industry Association, a non-profit representing the wireless industry, reports that by 2012 more than 326.4 million Americans were connected with one another and with the Internet. Today the sheer number of wireless devices exceeds the entire population of the U.S.

Teenagers account for the most dramatic new dynamic in the wireless market with a full 74 percent using their cell phones to access the Internet. One in four report to the Pew Research Center they “most often” access Internet resources via their cellular phones.

As these teens head off to college they bring with them the expectation that their chosen college or university will accommodate their smart phones and their customary habits of using the Internet. Students’ strong desire to use their own wireless device has become so pervasive that it has been given a name: “bring your own device” (BYOD). For university IT departments this trend initially created a profusion of technical challenges. Many institutions restricted students to using only “approved” laptops and wireless devices. Those whose IT policies prohibited BYOD faced the greatest test.

Today, the Tide Has Turned

University IT departments were once the rulers of their networks and ultimate authorities controlling access to the Internet and other digital assets. Now they recognize the need expressed by students for BYOD. The Educause Center for Applied Research points out that students believe the use of technology is critical to their academic success and planning for the future. Having access to electronic textbooks, course registration tools, academic research and social interaction are all essential parts of today’s college life.

As a result most university IT practices are evolving. Where BYOD was once forbidden, institutions gradually moved to allow it with certain restrictions. Never to fall behind demand, most stepped up to student expectations and began to enable BYOD by upgrading their wired and wireless networks. Now, most have finished the voyage by passing the landmarks of encouraging BYOD and, for some, even requiring it.

Security Issues Abound

Much of this difficulty in navigating BYOD has revolved around security. Preventing data breaches and leaks involves much more than simply using a MAC address or token along with a password. In most cases each student and each device is registered in a database, allowing group policies that limit access to specific digital resources. Yet far more security infrastructure is needed, and that need has spawned the mobile device management (MDM) market. BlackBerry, for example, is sometimes credited with the birth of the BYOD trend in the 1990s when people began checking their business email from their personal BlackBerry.

Today BlackBerry MDM provides a suite of software universities use to manage security issues; from the most basic level to even the highest security needs, such as those of government defense agencies. It is capable of managing an overwhelming fleet of tens of thousands of wireless Android, iOS and BlackBerry devices.

BlackBerry MDM can implement various levels of security that address scores of key concerns such as:

  • Mobile hot spot and tethering — enabling or disabling
  • Password issues — length, age and complexity of passwords, maximum password entry attempts, security timeout length, prohibition against re-using old passwords.
  • Workspace issues (where the device does runs apps and does computation) — ability to “wipe” the work space after a specified of time, control over allowing personal apps to interact with university resources, requiring two-factor authentication at log-on.
  • Connectivity — enabling/disabling connectivity when roaming away from the university’s Wi-Fi, enabling and disabling access to cloud storage.

Yet Problems Still Linger

The BYOD phenomenon also brings privacy issues. Does the university have access to private information on a student’s smartphone? Can it monitor email sent through university networks? Can it limit access to specific web sites or types of content?

BYOD is a wave still rolling across higher education. A recent survey financed by Sprint Higher Education Solutions asked 50 CIOs at universities to answer a question with a single word: “Does your university have an official BYOD policy?” Only 24 percent answered “Yes.” There’s still a great deal for the rest to do as BYOD continues to grow into still unimaginable new forms.