A guide to BYOD security
What are the risks of BYOD to IT security and what steps can be taken to mitigate any risks?
Bring Your Own Device (BYOD)
There are a great many benefits to implementing BYOD for universities, colleges, or higher education organizations. The use of BYO Devices has been shown to consistently improve student engagement, productivity, and can result in higher rates of retention. One of the few drawbacks to supporting BYOD is the security challenge it poses to IT departments.
One of the main reasons that BYOD has the potential to compromise security is that, by its very nature, it is designed to provide access to organizational resources from non-managed and un-trusted devices. If a full-rollout BYOD installation is doing its job, students and staff should be able to access permitted university networks or systems they would otherwise have access to on their personal devices, both on-site and off-site. There is no manual verification required from IT for each resource being accessed and, in combination, these two facets result in security weak points.
What are the security challenges posed by BYOD?
In order to mitigate threats to security, it is vital for IT to understand where, why, and how any risks may arise. So, in more detail, why is BYOD a security threat?
- Hacking
- Malware
- Device loss or theft
- Data leakage
- Less control over devices than university-owned devices
Hacking
Implementing BYOD requires IT to provide more methods of accessing university resources and to remove possible time, premise, geography, or device-based limitations for access. Naturally, this creates more opportunities for malicious hackers to attempt to gain access and otherwise tamper with digital university systems.
Malware
Allowing your students and faculty to use their own personal devices means welcoming a whole new wave of unvetted machines onto your network and systems. These devices have never been checked by IT and are not available to IT for any form of quarantine, diagnostics or fixes. It should be assumed that at least a portion of these machines will be infected with malware which may try to automatically infect or replicate itself on university computing resources. It is, however, worth noting that this is not a new threat, rather the familiar threat posed by USB flash storage devices in a slightly new, albeit more dangerous form.
Device loss or theft
The loss or theft of a device may grant access to university resources to whoever is newly in possession of that device. Whether they have malicious intentions or not, this is still a risk to security. This is compounded by contemporary ‘stay signed in’, SSO, or device-based verification options.
Data breach/leakage
With a greater amount of data being transmitted to off-site devices, the risk of a data leak increases. This may be sensitive organizational data or the personal information of your users. While this risk does not necessarily increase with the use of cloud-hosted and SaaS-model technologies, the safety of this data does become more of an unknown quantity. With a BYOD policy implemented, protecting data security and student privacy becomes a more complex task.
Less control over devices than university-owned devices
In a similar vein to some of the points made under the ‘Malware’ heading, IT has less access to and less control over most of the devices used for study than any university-owned counterparts. This means that risks are harder to pre-empt, detect, diagnose, and address.
What are the best practises for keeping BYOD secure?
Knowing the potential security threats resulting from a BYOD implementation, what measures can we put in place to mitigate these threats before they become an issue? Much of the mitigation of IT security risks comes down to formal policy and following IT security best practices religiously. In greater detail, the following section will discuss how to prevent BYOD security threats.
- Implement a formal security policy
- Educate students on security policy – provide awareness of security risks
- Password policy and two-factor authentication
- Keep anti-virus software up to date
- Secure connection methods
- Continued assessment of security risks and updates to security policies
Implement a formal security policy
The first step to safeguarding IT security against risks introduced by BYOD is to create and implement a formal security policy that details specifically what users are and aren’t allowed to do when using university resources. This may cover things such as permitted domains, antivirus software requirements, actions to take if a machine is known to be infected, etc. This can also act as a disclaimer to protect all parties involved. This may come as part of a wider BYOD policy but it should also be fairly prominent as IT departments will want users to read this and base their usage behavior on it while accessing university resources.
Educate students on security policy
As mentioned, it is in the interest of all parties involved for students, faculty, and users, in general, to be educated on how to properly use university resources in order to minimize and avoid security threats. This may come as part of university onboarding sessions or be covered in all students’ initial lectures or seminars. There are many ways to approach this and it would be highly beneficial to provide education to students early on in their university careers and regularly throughout them.
Password policy and two factor-authentication
In order to reduce the risk to security of lost or stolen devices, a password policy and two-factor authentication (2FA) can act as very effective damage control when the inevitable does eventually happen. A password policy helps to prevent access to those with malicious intentions on lost/stolen devices and 2FA can help to reinforce this on devices where Single Sign-On (SSO) or ‘remember my details’ options are enabled.
Keep anti-virus software up to date
This applies to both university-owned anti-virus software for use on IT-managed networks and hardware and to the consumer-level software that is likely present on the majority of student and faculty BYO devices. IT should aim to keep defensive software up to date at all times and should remind users to do the same. The school might even be able to provide access to higher-grade anti-virus software to users in order to bolster security and protect digital resources from all sides.
This will also help to keep the support demand on IT as low as possible by circumventing many occasions which may have otherwise resulted in users needing help with malware-infected BYO devices.
Secure connection methods
There are a few methods of securely connecting to networks and servers, most of which involve encrypting data or rerouting signals through virtual private networks, or VPNs. While this is a hotly discussed topic with some contention in commercial software delivery, things differ slightly in higher education. With most universities’ digital resources and IT, in general, existing on a vastly larger scale than the majority of corporate organizations, there are many, many more opportunities for network connections to be exploited in order to gain access.
Similar to anti-virus software, it is worth at least considering VPNs as well as reminding users/students to use them for offsite access. You may even want to make a VPN compulsory in certain situations and providing them where needed.
Access-restrictions
It almost sounds counter-intuitive to impose restrictions in order to protect a program designed to increase resource access. However, in the correct places, it will help to strengthen security without affecting user-experience. Cross-faculty/course restrictions limits what each individual user can access and, in a way, helps to silo off departmental resources and isolate each department’s resources from other breaches in other departments.
If done correctly, this should not actually reduce access to university resources. For example, preventing students studying sports from accessing engineering software will improve security without being detrimental to the student experience.
Continued assessment of security risks and updates to security policies
Finally, in order to stay continuously on top of IT security with the elevated risks of BYOD access in play, IT will need to remain versatile and proactive. Malware, viruses, and hacking techniques are just like technology itself; perpetually evolving and growing more sophisticated. New safety and defensive technologies are created all the time and the latest advancements should be aimed for at all times.
Summary
To conclude, while BYOD can pose a security threat, threats can be mitigated using the best practices listed above to allow organizations and students to benefit from BYOD while reducing any threats to security as much as possible. To learn more about how best to implement software delivery to BYOD with IT security in mind, get in touch with us at info@appsanywhere.com.
Can Cloud Delivery solve your BYOD challenges?
In this webinar you’ll learn:
- BYOD solutions – effective ways to service multiple device profiles for a seamless experience.
- Cloud Delivery demonstration – showcasing real-world applications.
- Feature updates – the latest innovations and solutions from AppsAnywhere.
- Why Cloud Delivery is the answer to VDI limitations.
- Boosting security, reducing costs, and enabling flexibility for BYOD.
FAQs
Is there an option to still auto-validate?
Auto validation is still available as an option. We aim to ensure there are as few occasions of attempting to launch but being unable to as possible, and where they occur, explaining why.
Directory path local execution, when does detection occur? During login? During validation?
Detection occurs during validation - the client is given a list of directories to look in and it returns what it finds.
Any CSS options like Dark Mode available for users to customize the look of the portal?
Dark mode wasn't something we were able to do for this version, but it is something that we are looking to include in the future.
Can Download the Client be hidden?
If client download is not available in that instance - such as in labs mode or if client install is suppressed, then the client link will not appear. The client download link will also only appear on platforms which have a client - i.e. Windows and macOS.
When can we get 2.12?
If you would like to upgrade to 2.12 please submit a support request and the team will be touch.
How to implement BYOD in schools
To implement BYOD in a cost-effective and sustainable way, schools will need a clear idea of a number of key data points to understand which technologies are necessary and how many licenses of each technology are required: Number of users/devices Weighting of device type/platform (Windows vs Mac vs Linux) Software titles to deliver Usage data on software titles for licensing User groups requiring specialist software You can read more about implementing BYOD policies in schools in the SecurEdge article, ‘How to successfully implement a BYOD program into your school’ > https://www.securedgenetworks.com/blog/how-to-successfully-implement-a-byod-program-into-your-school
How communication is improved in school with BYOD?
With a BYOD policy implemented, schools can begin working to introduce centralized communication points such as Virtual Learning Environments (VLEs) or Learning Management Systems (LMSs). Software delivery tools such as AppsAnywhere also provide areas that can be used to communicate with students. Once BYOD is enabled, schools can be more confident that students are actively accessing digital academic resources through specific channels, and that communication propagated through those channels is much more likely to be seen.
Does BYOD save schools money?
Yes, it can do. While BYOD technologies may be expensive, with the correct provisioning and tools implemented, the decrease in hardware investment required from schools by allowing students to bring their own device and insight from reporting data can help schools save money on their software delivery.
Why BYOD is good for schools?
BYOD policies in schools reduce the hardware investment of electronic devices, including mobile devices, needed for schools to offer equal access to digital academic resources to all students. By leveraging student-owned hardware, BYOD policies in schools can increase the resources available to students, such as software, digital media and digital learning environments, at a fraction of the cost of ensuring there are enough organization-owned machines for every student to use. Furthermore, BYOD allows students to access school resources outside of school and outside of teaching hours via their own device.
Why is BYOD important in schools?
BYOD policies in schools help to introduce students to completing work from their own devices in preparation for higher education and employment. In an ever-more-digital world, getting used to using personal devices to complete work can help desensitize students to the potential distractions offered by those devices. BYOD can also help students learn to manage their time effectively in a society where the lines between work time and free time are becoming more and more blurred.
When is AppsAnywhere 3.0 out?
We’re excited to be releasing AppsAnywhere 3.0 in December 2022, in time for January enrolment. Your dedicated Customer Success team will be in touch when it’s available to ensure your institution gets the most out of AppsAnywhere.
How can I get the latest version?
To get the latest version if you are currently using AppsAnywhere, schedule a call with your specialist implementations team and we can help you to start benefiting from AppsAnywhere 2.12 now.
Who can help me deploy VDI?
Most IT professionals get excited when considering new technologies and solutions. Without a doubt, the prospect of a VDI deployment project is likely to get your team’s juices flowing. However, deploying VDI is complex and often includes a host of new infrastructure and unique software management tools. The best advice is to engage with a vendor partner early on so that the design for your campus can be vetted by experts who work with VDI on a daily basis. A vendor partner can also help guide through different architecture scenarios, use cases, and potential pitfalls. All of the knowledge transfer gained will put the IT team in a far better position to successfully deploy and support VDI for your campus.
Which is better: DaaS or VDI?
As is the theme throughout the rest of this article, there isn’t really an objective victor in DaaS vs. VDI. However, when it comes to Higher Ed, we rarely see full DaaS deployments. They’re often saved for more limited use cases, such as temporary BYOD access, or delivering to satellite campuses. For the scale of delivery required by HEIT, VDI will usually come out on top. However, you still need to decide whether to go for legacy VDI, or newer, hosted solutions…
What is the difference between DaaS and fully hosted VDI?
DaaS refers to virtual desktops being provided to organizations as a service-based solution. It will include support for managing, upgrading and maintaining virtual machines. It is a more complete out-of-the-box solution with a price tag to match. Fully-hosted VDI is just like legacy VDI, except you don’t need on-premise server infrastructure, and they are often pay-as-you-go. Fully-hosted solutions are also referred to cloud-hosted solutions and they are the same as VDI, except hosted for you, as the name suggests.
Citrix or VMware?
Both VMware and Citrix have a robust product offering across many different solution suites. Historically, Citrix has excelled in the realm of remote app delivery or app remoting solutions. On the other hand, VMware leads the way with full desktop VDI delivery. Deciding on the right approach is solely dependent on the needs of the institution and what goals they are hoping to achieve with the project.
Why have a BYOD policy?
A formal BYOD policy helps to ensure a high chance of success and adoption as well as communicating practical information to users on how to interact with and use software on their BYO devices.
What is in a BYOD policy?
To put it concisely, a BYOD policy should include any or all of the following: Device type Operating system Available resources Security Usage conditions
What is BYOD policy?
A BYOD policy is a formal definition and agreement between the BYOD provider (universities) and the BYOD users (students). It is similar to an SLA (Service Level Agreement) between service-providers and outlines how users can expect to interact with their university's BYOD program, as well as any limitations, usage conditions, and compatibility information.
JOIN THE COMMUNITY
Stay ahead
Sign up to our newsletter.
APPSANYWHERE
Deliver software at scale, on and off campus
AppsAnywhere is a global education technology solution provider that challenges the notion that application access, delivery, and management must be complex and costly. AppsAnywhere is the only platform to reduce the technical barriers associated with hybrid teaching and learning, BYOD, and complex software applications, and deliver a seamless digital end-user experience for students and staff. Used by over 3 million students across 300+ institutions in 22 countries, AppsAnywhere is uniquely designed for education and continues to innovate in partnership with the education community and the evolving needs and expectations of students and faculty.
Related reading
NEXT STEPS TO IMPROVING YOUR SOFTWARE DELIVERY
Your apps anywhere, anytime, on any device
Register your interest for a demo and see how AppsAnywhere can help your institution. Receive a free consultation of your existing education software strategy and technologies, an overview of AppsAnywhere's main features and how they benefit students, faculty and IT, and get insight into the AppsAnywhere journey and post launch partnership support.
NEXT STEPS TO IMPROVING YOUR SOFTWARE DELIVERY
Your apps anywhere, anytime, on any device
Register your interest for a demo and see how AppsAnywhere can help your institution. Receive a free consultation of your existing education software strategy and technologies, an overview of AppsAnywhere's main features and how they benefit students, faculty and IT, and get insight into the AppsAnywhere journey and post launch partnership support.