BYOD boundaries on campus
When students at the University of Georgia returned from winter break five years ago, they inundated the campus computer network with a wave of electronic holiday gifts—smart phones, laptops, tablets, gaming consoles and mini-computers. Within a matter of days, the students had overloaded the computer system and shut it down.
The information technology department quickly came up with what would become the university’s bring-your-own-device (BYOD) policy. Electronic devices were diverted onto one of two networks: computers owned by the university were connected to the campus Ethernet, while other devices were rerouted onto the wireless system. Campus computers, which had slowed to a crawl, started operating at full speed once again.
“The people doing the day-to-day work became the wired users so they would not be affected by the people going onto the latest cute cat video on YouTube,” says Diana Williams, senior system administrator for the University of Georgia College of Agriculture and a member of the central university’s IT policy group. The latter “brought our network down,” she says.
Controlling bandwidth is just one reason why colleges and universities have adopted BYOD policies. Improving computer security, providing reliable internet access for classroom work, and simply letting faculty, staff and students use their favorite devices have driven wider acceptance of BYOD strategies.
“In today’s world, I don’t think you can run from the proliferation of mobile devices,” says David Hotchkiss, chief information officer and vice president of the Medical College of Wisconsin. “I think we are more efficient and we gain better relationships and trust by allowing these devices to come in than if we say, ‘No, we’re going to block them.’ ”
To accommodate the growing use of mobile devices, at least 42 percent of colleges and universities had a BYOD strategy in place in 2014, yet many BYOD issues are not heavily regulated by policies, according to the annual Core Data Service survey conducted by Educause. The BYOD phenomenon sprang to life after the 2007 release of the iPhone, and it is taking some institutions several years of planning before campus stakeholders can agree on a policy.
“Since we’re only going to see more and better technology come out, the BYOD phenomenon isn’t going away,” says Eden Dahlstrom, director of research at Educause. “Accommodating personal computing environments is becoming integrated into the structure of everything that colleges and universities do.”
The case for not restricting devices
With this diverse range of mobile technology, some colleges, rather than restricting access, have opened their networks to the wide range of devices students want to use.
That is what Lebanon Valley College in Pennsylvania did in a $2.5 million new learning commons. The facility is equipped with television monitors that can stream video, whether they are connected to an iPhone, a Kindle, a Samsung Galaxy or a Windows laptop.
“This is supposed to be inviting and it’s supposed to be collaborative,” says David Shapiro, director of information technology for the college. “If we put restrictions in there, we would stop that from happening. We wanted to say any device people come with, we will try and make it work.”
Advances in technology also allow students to purchase routers and create their own networks in their dorm rooms, without any involvement at all from staff in the IT department. These students are bypassing the institution’s network altogether by accessing the internet through their cell phone carriers.
“The nexus of the whole BYOD phenomenon is the consumerization of devices,” says Stephen diFilipo, CIO of the Milwaukee School of Engineering.
“Ten years ago, I had to rely on devices that were manufactured and sold to colleges and universities that I couldn’t get my hands on as a consumer,” he says. “Now I can go to Best Buy and build my own network.”
And it’s not just students bringing their own devices to campus. Another 2014 Educause study found that an estimated 60 percent of college employees use their own devices at work.
Here’s how policy is meeting practice in the world of BYOD on campus.
Without BYOD rules, laptops, smart phones and tablets can be brought on campus undetected. So most policies require users to register devices with the school.
In addition, many policies only give institution-owned devices access to sensitive data, such as student records and financial information.
The process of encrypting or registering personal devices is often contracted to a third-party provider.
Lebanon Valley College in Pennsylvania, for example, has used a network access control system from Bradford Networks to register all devices brought onto campus. This allows officials to pinpoint a specific device if a problem occurs, such as a hacking incident.
“Most of it is just accountability,” says David Shapiro, director of information technology. “If somebody does something with the device, we want to know who they are and where they are.”
To establish guidelines on computer use, Lebanon Valley, like most schools, has an acceptable use policy, which prohibits students, faculty and staff from interfering with “the reasonable and private use” of the college’s computing services.
Enforcing device registration isn’t difficult because users who don’t follow the rule can’t access the internet, unless they go through their own cell phone carrier.
The Medical College of Wisconsin gives campus users the choice of opting out of the system and not registering their computers with its mobility management provider, AirWatch. Unregistered devices, however, cannot access the college’s built-in email and contact systems, as well as certain other information. “The consequence is when you opt out of AirWatch, it makes it more difficult to perform those daily functions,” Hotchkiss explains.
Blending BYOD in the classroom
Professors or academic departments may ask students to purchase specific devices for their courses, even if the campus as a whole is supportive of BYOD. In fact, Educause has found that the norm is to give faculty the authority to set their own in-class BYOD policies.
At the Medical College of Wisconsin, for example, medical students must use iPads. “The iPad is designed to be integrated into the curriculum for a very specific purpose—so that every student has a similar experience going through the process,” Hotchkiss says.
Whether BYOD can be fully implemented in course instruction remains to be seen. In Educause’s 2013 study, IT leaders said they were most excited about BYOD’s educational impact. “It wasn’t about saving money, and it wasn’t about increasing productivity,” says Dahlstrom. “It was about the excitement of teaching and learning, and the possibility that students have anytime, anywhere access to course management systems.”
Nevertheless, many faculty see mobile devices as distractions rather than teaching tools, and ban them from class altogether.
“We still haven’t found that sweet spot for using technology in the classroom,” Dahlstrom says. “We haven’t found the balance between the concern about distraction and the use of devices for productivity and engagement.”
Introducing a BYOD policy
When there are new rules, it doesn’t hurt to win community support. Hotchkiss did just that by going on a “road show” when the Medical College of Wisconsin rolled out its latest policy in 2013.
While a BYOD strategy was already in place for students, Hotchkiss wanted to generate support among faculty and staff. So he attended a series of department meetings over the course of 10 months, answering questions and dispelling rumors about what effect the program, which is optional, could have on a mobile device.
“You have to really work on relationships and building consensus on a topic like BYOD,” Hotchkiss says. “If you ask them to put a piece of software from the institution on a personal device to collect information, some might say, ‘I have a concern.’ ”
Hotchkiss found the buy-in he was looking for, however: About 80 percent of the mobile phones and tablets in use at the college are now encrypted because of the BYOD policy.
At other institutions, approving a BYOD strategy can take even longer.
Officials at the University of Georgia, for example, began developing its policy in 2011—soon after that post-holiday overload crashed its network. The policy has gotten initial approval, but it’s still not official until it receives final approval by the university’s president, provost and CIO, which is expected to happen this spring.
“It took them quite a while coming up with the policies of who was going to be allowed to the core services and how they were going to get access,” says Williams of the University of Georgia.
For example, the group had to decide how to set access to the distance learning system. The policy states that faculty can only upload documents onto the system on university computers, and not from their own devices, because of the concern about the possibility of introducing malware.
The policy has so far been able to accommodate the growing number of mobile devices on campus, Williams says.
“We don’t have any problems with the traffic, like we did before,” she says. “Everybody seems to be able to do what they need to do.”
Sherrie Negrea is a freelance writer based in Ithaca, New York.