Security challenges in a BYOD environment
FYI, this story is more than a year old
Technology is continually evolving, and some of the greatest evolutions relate to where and how computing resources are accessed.
Mainframes evolved to personal computers, which saw the power of processing and storage move from large computer rooms to the desktop of the average user, and now with the advent of laptop and network devices, computers can be carried in your pocket.
The latest evolution in computing technology is the tablet, which has seen ‘touch’ being increasingly used for human-device interaction.
These devices, combined with technologies such as interactive whiteboards, have enabled schools to begin the journey toward the vision of 21st Century learning or e-learning across a broad range of subjects.
Many schools are concerned about the future of one-to-one laptop programs within education while others are adopting Bring Your Own Device (BYOD) programs to engage students through devices they actually want to use. Whichever way you look at it though, BYOD is more and more likely to be introduced to New Zealand schools.
But what challenges arises from the use of these devices and is there any reason to be concerned about security?
Security means different things to different people. For the principal, this may mean ensuring that results and information are only available to staff, while for parents concerns are more likely to be centred around the safety and suitability of content being accessed by (or created by) their child and ensuring they are not subject to cyber bullying.
It is important to understand there is no magic bullet to security and that multiple layers of security will provide a stronger defence.
Many of the security concerns can be addressed through good policy and security procedures. Examples of this may be that cameras within devices are not to be used by students unless specifically required by an activity such as a science field trip. Or that students are not allowed to use Instagram or Kik in the classroom unless permission is requested from and granted by the teacher.
While policies and procedures such as these will improve the confidence of those involved in the program (students, staff and parents) there will always be a need for monitoring and possible intervention through the use of technology.
Additionally, network security should be considered. Prior to allowing a device to connect to the network, each device should be authenticated and information such as operating system patch level, anti-virus software and other application and configuration information validated.
Devices that fail to meet a minimum standard are quarantined and only those that are considered safe are allowed to connect to the network.
While network admission control (NAC) ensures a device is known and meets a minimum standard, mobile device management (MDM)provides a greater level of continuous control over devices.
MDM solutions typically use a client that is installed on the device, which then controls what applications can or can’t be installed, what information can be accessed right through to completely erasing the all information on the device.
While many organisations may deploy MDM software in a less restrictive manner, within an education context even the least restrictive manner may be too restrictive. So what are the alternatives?
While MDM software should be part of the conversation or consideration as part of a BYOD program, there are a growing number of software platforms that are capable of enforcing elements of a BYOD policy without requiring installation of client software and the overly restrictive facets of that software.
These software platforms use information that is known about the student and the device to apply policy about what information is accepted by the network from the device.
This policy could be applied based on a group of users (such as Year 11 IT students), time of day, application type or possibly even keywords or strings of keywords that should or shouldn’t exist together.
Additional security and control can be provided through the use of content-aware security throughout the network. This provides control over what applications are permitted to traverse the network and the content that may be transmitted by those applications ensuring that user behaviour is consistent with the schools usage policy.
Alongside good policy or procedures, selecting the right solution for your environment will increase the security for students and staff within a BYOD environment and assist principals and the school board in providing a safe learning environment for students. At the same time parents are provided with the assurances they need for their children as they embark on their e-learning journey.
The top five considerations for security in a BYOD environment are:
- Engage with the school community to develop a BYOD usage policy.
- Ensure Network Admission Control is implemented to authenticate and validate devices that will connect to the network.
- Determine what MDM functionality is required (if any) and implement an appropriate platform.
- Ensure that content-aware security is deployed at the edge of the network at a minimum and ideally throughout the network.
- Ensure adequate monitoring of the environment so that problems and challenges are addressed as they occur.