Securing BYOD rollouts

To capitalise on the benefits of BYOD schools must understand the existing risks and adopt methods to mitigate them

By Peter Martini, COO, iboss Network Security

Challenge 1: Establishing consistent access on all devices for students and teachers

Solution: Identity-based access management for educational networks 

Schools should implement access management technologies in order to establish web content policies and adjust access according to a user’s identity. This directly solves the challenge of controlling information access. IT staff can define users by role (faculty, staff, student or guest), and / or by granular characteristics like grade levels or location. Using this approach, the user experience is enhanced and security is achieved through identity-based policies. 

Schools can also use technology to control access to specific online social media sites. For example, IT administrators can limit access to certain Facebook pages, or enable students to view embedded YouTube videos on approved websites. This then creates a more flexible learning environment.

Challenge 2: Ensuring bandwidth to mission critical services are not interrupted by BYOD users 

Solution: Given most users carry more than one internet connected device (e.g. smart phone, laptop, tablet), bandwidth consumption can easily quadruple overnight with a BYOD rollout. Combine this with the fact that more critical services are moving to the cloud (online testing, attendance and payroll), managing bandwidth is a real concern.

Implementing bandwidth management and QoS (Quality of Service) technologies allow IT administrators to dynamically control recreational traffic while increasing mission critical access during times of peak consumption.   

Challenge 3: Protecting against devices infected with malware 

Solution: Mobile devices are particularly high-risk as they can be compromised when moved outside of the school network. Once that happens, devices can then infect systems and applications when they’re brought back in. Schools can mitigate these risks using behavioral analysis systems, which focus on securing against advanced persistent malware as well as known and unknown threats. 

Challenge 4: Blocking access to restricted applications 

Solution: Mobile devices introduce new complications including an ever-growing list of applications such as SnapChat, Facebook and other non-sanctioned applications – exposing a school’s network to outside threats. However, sometimes students or teachers download applications to improve processes. For this reason, rather than restricting activity and access to applications, schools should seek to enable productivity by ‘pushing’ approved applications to devices. For example, if a network detects a user accessing Box, but Dropbox is the approved application, a school can adopt technology that will send an email routing the user to the campus’ Dropbox account. 

Location-based BYOD technologies on the market are being introduced that provide the ability to set web access policies not only by a user’s role (i.e. teacher versus student), but also the user’s physical location on the network. For example, the school’s IT department can restrict student access to Facebook while in the classroom, but can allow access in the school canteen. Location-based BYOD web policies allow schools to adapt more flexible policies while retaining focus in the classroom.

As more schools across the country develop BYOD programs, security must be a key pillar in the planning and implementation process. The volume and variety of mobile devices brought onto the school network will only continue to increase. Security is critical to ensure the safe and effective rollout of BYOD schemes.