Preparing for Back-to-School BYOD

With the BYOD trend on campus growing ever stronger, an IT network analyst shares his checklist to help ensure that your campus network is ready to manage the onslaught.

• By Jon Domen
• 08/08/12

In just a few weeks, students will begin to filter back to school for the fall semester. During these dog days of August, though, campuses are still pretty quiet--with the exception, I suspect, of your IT department. Indeed, summer is the perfect time to take a step back, analyze how the department performed last year and plan for the incoming class. For many schools, the focus this year will be on preparing for the onslaught of personal devices on campus--the now-familiar BYOD trend.

In reality, higher education has been dealing with BYOD for years, but as technology continues to evolve, BYOD policies need to as well. Most higher ed institutions have realized that simply preventing personal devices from accessing the network isn't an option anymore--in fact, it can stifle education and decrease productivity by both students and faculty.

To help IT departments in their quest to find that balance between securing the network and enabling productivity, I created the following BYOD checklist:

1. Conduct an in-depth analysis of your network visibility

You can do this by answering the following questions:

• What switches, routers, and access points are connected to the network?
• In its current state, how much visibility does the IT department have into who and what is connecting to the network?
• Can you identify the types of endpoint devices that are connecting, as well as who is using those devices to connect to the network?
• If so, can you then provision the appropriate level of network access?

If the answer to any of these questions is no or it's unclear, you many want to think about implementing a network access control (NAC) solution that will automatically identify and profile all devices and users on a network, providing your IT department with complete visibility and control.

2. Create or update your BYOD policy

Once you have analyzed the state of your network visibility, you can begin to develop or update your BYOD policy. It may seem overwhelming, but following this step-by-step process should help:

• The first step is to determine which devices (i.e., iPad, Android smartphone, PlayStation Xbox, etc.) need to be supported, and if those devices are secure enough to be granted network access. For example, you may decide that Android's open application marketplace poses too much of a security risk to your network, so those devices will not be supported.
• Once you've decided which personal devices to allow on your network, you need to determine which operating system version needs to be installed on each device, while making sure software patches are kept up-to-date to keep the device better protected from viruses and spyware.
• The next step is to determine which applications students and faculty need to be productive. An IT administrator may decide to enable network access only to specified educational application(s) and disable access to personal applications that could carry a security risk while the user is logged in. When the user logs out of the school's network, they can then go back to using their personal apps.
• Finally, you need to determine who can use the approved devices, based on their profile: what group they belong to, what privileges they have, what device they use, and which applications they need. Professors might be granted access to view and update student testing information through their iPads, for example, whereas students may be granted access only to their Blackboard application.

3. Ensure students/faculty understand the new BYOD policy

The best way to educate students and faculty about your BYOD policy is to make the learning process easy. Set up an educational process before students (new and existing) and faculty arrive at school. This may consist of a quick online course during which they can register their devices before they arrive, or a tip sheet in the welcome packet explaining which devices are allowed and how to register them on the network. Inevitably, there will be some new device types that you didn't plan for, so it's important that your campus help desk is fully equipped to help users register their devices.

One of the most important things to remember is that you can't just set up your policy based on a snapshot of security risks and student/faculty needs at a single point in time. BYOD is an on-going process: You must continuously check for vulnerabilities and the changing needs of users, and modify your policy accordingly. Using the right technology solution is a key factor in ensuring your policy is up-to-date and network access is automatically managed. Network access control gives your IT department the ability to manage the BYOD wave, while enabling students and faculty to take education beyond the classroom walls--a win-win for IT and education.