In fact, says Tom Murphy of Bradford Networks, “Education institutions have been at the forefront of the BYOD trend for years and in many ways provides a road map for enterprise organizations that are just starting to embrace freedom of device choice for their employees.” Bradford Networks commissioned a survey of around 500 educational institutions in the US and UK to see how the BYOD phenomenon is being handled in education.
Overall, the survey found that 85% of respondents allow students and staff to access the school network. This is higher in higher education (89%) and lower in K-12 (primary plus secondary education in the UK) where it is just 44%. Surprisingly, perhaps, personal devices seem to be used as much for educational purposes as for private purposes: 78% said that the devices are used in their school systems “for personal use by teachers and students,” while 72% stated that students used the devices to complete class assignments.
However, the survey also disclosed that although BYOD is widely accepted, security is somewhat lacking. Twenty-seven percent of the respondents provide open access to the school network to anyone. Although the report doesn’t separate US and UK respondents, this would be particularly concerning in any European country subject to stringent data protection laws – especially if the network holds personal information on staff or pupils.
More than half of the respondents do not require any anti-virus software to be installed on the mobile device before granting access. However, 56% do use network access control. “Over the past 12–18 months, the technology has become indispensable,” explained John Cannon, network manager at Liverpool John Moores University. “Five years ago it would have been difficult to imagine us dealing with the current BYOD trend in the way we now are. Without a flexible and scalable NAC solution in place, it would have been unachievable.”
But, “there are still too many organizations that are putting their school’s networks at risk through poor security policies,” concludes Murphy. “The mobile device-induced transformation of education needs to be tempered with the proper security strategies that protect students and sensitive information.”
In reality, education may have led the BYOD revolution, but it is no more advanced in its implementation than the wider business arena. Murphy believes that the key to a good BYOD security policy lies in “gaining 100% visibility into every user and device attempting to connect to its network, and having an automated process to restrict devices that do not meet proper security standards.”