Buying into BYOD

Nicola Yeeles examines the challenges of implementing and monitoring the ‘bring your own’ trend on campus

A market research survey conducted in spring 2014 (Vanson Bourne March/April 2014) found that of the 300 UK and US businesses surveyed, UK respondents were significantly more likely to be putting in place BYOD policies than their American counterparts. Andrew Cormack, chief regulatory advisor at the university technology charity Jisc, argues: “Our sector’s unique quandary is that, unlike other industries – which often approach BYOD as a reluctant add on – for us, BYOD must be a core business objective. World-class education and research is driven by ubiquitous access to online services. It’s vital that we’re able to work as and when inspiration strikes, not just in the office or lecture hall.” Students expect ubiquitous access to resources and services from their own devices, and staff need the same flexibility as they travel across campus and further afield.

“Controlling different devices and platforms which connect across multiple networks is a potential minefield that universities are keen to avoid’

Supporting BYOD is not easy. Bruce Miller, VP Product Marketing for Xirrus, says: “We hear time and again that students will end up abandoning the secure onboarding solution and just connect to the more limited, but easier to use, open guest Wi-Fi network.” It’s clear that the user experience is everything, and students, like everyone else, want things that work in a simple and fast way. Providers are working hard to create apps and portals that feel intuitive to the digital natives that are now entering our universities. For example, EasyPass Onboarding from Xirrus allows students to register their devices before they get to university by simply entering their name and passkey with no further involvement from IT services. With the Jisc-provided Eduroam network, when international students arrive with their own accounts authenticated by their home institution, they can then get straight on to the Wi-Fi network.

Where students and staff are reliant on the university’s hardware their data is safely stored and backed-up, and in the event of disaster, data migration and recovery plans will be in place. But data loss from personal devices is increasingly becoming a concern for IT departments. Lee Sanvitale is higher education business development lead at Toshiba Northern Europe. He says: “Controlling different devices and platforms which connect across multiple networks is a potential minefield that universities are keen to avoid. There are also concerns around who takes responsibility for data loss and replacing the device in the event of it being lost, stolen or malfunctioning.”

Many universities respond by limiting their support for student devices, and by developing the digital literacy of users whether they are staff, students or researchers. Cormack says: “Most smartphones, tablets and laptops can encrypt both storage and communications. Remote wiping protects both the organisation’s and the owner’s data if it falls into the wrong hands. Small devices are, however, easy to lose and attractive to thieves, so owners need to enable these functions and be willing to use them.”


Aside from data loss, there are other concerns about how to help to keep individual devices safe and secure. Research teams across four UK universities (Royal Holloway University of London, City University London, Coventry University and Swansea University) have been awarded shares of £3m in funding to help counter the threat of malware distributed through mobile applications by the Engineering and Physical Sciences Research Council (EPSRC).

But investing in the back-end infrastructure to support BYOD does have its own knock-on benefits. Cormack says: “If you presume that all of your services will be accessed from user-owned devices – a BYO-by-Default, if you will – and base your design around this assumption, your resulting systems should be more secure, sustainable and resilient in the long term.” Implementing BYOD effectively is all about planning. McCormack adds: “Identify how much access mobile devices can safely be given to each service and data, then use server and network controls such as virtual terminals, encryption and authentication to provide it.”

One example is in anticipating future increases in traffic to your network. Simon Mortimore, computing systems manager at Exeter College, University of Oxford, identified that over the past year there has been an increased demand of 70% on the University’s network, with the average number of devices per person rising from one to three. The changing needs of students at the University means that 28 colleges at Oxford have now switched to a new Wi-Fi solution called Aerohive. Mortimore explains, “One of the main selling points is that the system is largely quantity independent. Without a controller you can install just a few and scale up. We wanted to prove the need before committing to a large deployment and we eventually achieved this with a four-phase installation over two years. A controller-based solution with licencing steps would have struggled.”

Of course universities and research organisations will need to continue to support high performance computing through fixed terminals, servers and other hardware. But on the surface of it, BYOD support would seem to release universities from the onerous financial task of constantly updating their computer rooms with the latest hardware for student and staff use. But unfortunately that’s not the case. The cost of updating or upgrading the IT infrastructure generally outweighs the potential cost savings from providing less hardware. Moreover student surveys frequently reveal that they also rely on having access to fixed terminals as well.

‘Students that come from cultures where device ownership and digital use is at a much lower level and is different are going to be significantly disadvantaged. BYOD tends to exacerbate any inequality that students are already suffering’

Consultant to higher education Helen Beetham explains why: “From a student point of view, there are three good reasons for universities to go on providing fixed computer facilities. Firstly, there is the pragmatic issue about access to printing but also subject-specific computing like specialist software, instruments that students couldn’t possibly replicate in their own devices; tools for data collection.”

The second issue concerns access. Beetham says, “Students that come from cultures where device ownership and digital use is at a much lower level and is different are going to be significantly disadvantaged. BYOD tends to exacerbate any inequality that students are already suffering.

”Finally, Beetham has noted a strong desire among students to conduct group work around fixed terminals. She recognises the student mentality that, as part of the £9,000 fee environment, the university will provide ‘All I need to succeed.’ Although in reality Wi-Fi infrastructure and underlying data services are much more important, new hardware like interactive whiteboards and computer provision are far more visible to students and parents.

Nevertheless as new generations of students come along and the consumerisation of IT takes further hold, this mindset may change. Could BYOD eventually see a phasing out of fixed computer provision for students’ personal use, thereby saving the institution money? It’s possible – but in the meantime universities will need to go on investing in both.

Five ways to promote data security

• Encourage users to back up their devices regularly, promoting this across campus.
• Alert students and staff to theft hotspots such as bars.

• Dissuade students from sharing their passwords and student numbers with others, and make sure that users do not store passwords on their devices, unless in an application requiring an encrypted password.
• Encourage owners to enable security functions on their devices.
• Ensure students and staff use the university’s own network so you have more visibility of what is going on.