As students and administrators seek anytime, anywhere access to the cloud, higher ed IT teams must face their fears and get to work.
Software is the new hardware. Bring your own device (BYOD) programs have become prevalent, though few are officially sanctioned by colleges. In fact, just 24 percent of higher ed CIOs indicate that their college has a BYOD policy.
The fact that BYOD puts networks and sensitive data at risk is an issue. But the danger has more to do with the software running on the devices than the actual hardware. This is exactly why universities should be shifting the conversation from mobile devices, such as smartphones and tablets, to software. BYOD is a disorganized mess, and before the majority of colleges can even get a handle on it, bring your own cloud (BYOC) is knocking on the door.
A perfect example is Dropbox. They have become one of the most popular cloud-syncing services in the world. With 175 million users and an impressive 0.29 percent share of global bandwidth, the service has an increasing responsibility to keep users — and the networks they connect to — safe. The bigger Dropbox gets, however, the more of a target it becomes to hackers. As their security liability increases, so does the obligation of IT departments to keep their users safe.
But it’s not just Dropbox. Other products, like Box, Google Drive and Microsoft SkyDrive, offer similar syncing services. Many additional cloud services are accessed on campus everyday, including email, calendars and social media sites. Complicating the issue is the fact that most users sync their files with home computers, tablets and smartphones that connect to other networks.
Where should colleges draw the line?
The simple truth is that colleges cannot — and should not — prevent their students from using cloud services. These tools are extremely valuable, and while they do pressure colleges to upgrade security, the tools lessen the schools’ burden to supply similar functionality. As Ken Hess wrote on ZDNet, “The solution to the problem is as complex as the problem itself.”
It's impossible to tell users who bring their own devices not to use personal cloud services. It's very difficult to prevent users from using those services inside the corporate network. The company can ban the Internet sites, ban the app from the corporate MDM or MAM suite, and can even write policies that ban the use of personal cloud services for uploading and storing corporate files. But, as any good corporate security professional knows: People are very creative in bypassing security.
Users are always the weakest security link in an organization. People either inadvertently or purposely bypass security as a matter of fact. Personal cloud services make that process easy.
Because security relies on user behavior as much as it does on a robust security strategy, it’s vital that colleges communicate their policies and best practices to students and faculty. After all, if users don’t know right from wrong — and the lines are increasingly blurry — they won’t be able to make smart decisions about which apps to use and what data to sync.
Our BYOD reference guide goes into greater detail about launching and maintaining a safe program. In the meantime, here are a few tips for communicating BYOD policies to your users:
How is your college tackling BYOD and BYOC? Let us know in the Comments section.