Last updated: 
3 months 2 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

BYO by Design

Friday, July 4, 2014 - 15:21

The recent invention of the phrase "Bring Your Own Device" seems to have got educational organisations agonising about something we’ve been doing routinely, indeed relying on, for at least 15 years. Whenever you send a member of staff home with some work to do but no laptop to do it on, or provide a webmail service for students, or invite a visiting academic connect their device to your network, you’re inviting BYOD. Most of the time that’s a benefit (imagine how inefficient we’d be if we could only work 9 to 5 in the office, or on corporate laptops the size of small suitcases), sometimes it creates a new risk to information.

Indeed, since people in education are generally smart and innovative, even if you don’t invite them to use their own devices for work, they’ll probably work out a way to do it anyway. Network sockets are fairly easy to connect personal devices to, wireless networks even easier. BYOD is happening, our choice is whether we ignore it or embrace it. So I’d like to propose another meaning for the acronym – Bring Your Own by Design.

Most universities and colleges already design their wireless networks on the assumption that foreign devices (whether owned by students, staff or visitors) will need to connect to them. The eduroam service provides a global authentication system for those in education so your wifi network can choose whether to offer no connection (or only local information) to a non-member, a connection to Janet and the Internet to authenticated visitors from other education organisations, or a connection to the internal network for your own users.

So maybe we should also be consciously designing our information services on the same assumption: that our users will be connecting and logging in from their own devices? There are still controls that can be implemented on the server side to manage whether such a device will automatically download a complete mailbox and calendar, only the messages that the user manually selects, or only 'moving pictures' of a remote desktop. And since users are already taking information out of the buildings, on paper even if not in digital form, we already need to raise their awareness of the risks of carrying and using information and help them do it safely. In most organisations there will be a few places where personal devices aren't appropriate because of the sensitivity of the information and systems held there but, again, we should already be pointing out those areas to those who can enter them and requiring special policies and ways of working.

If we've designed our systems and processes to remain secure on the assumption that BYO will happen then it shouldn't be an unpleasant surprise when, just after Christmas or a birthday, it does.