BYOD causes significant network and data security concerns, but used in tandem with cloud services it could make your network safer than ever.
A few weeks ago I was talking to a salesman from Capita who was trying to convince me that I needed his company's new product. The software he was selling was a customised, cross-platform “desktop” which could be used across iPad, Android, Windows, and Mac.
Whether or not the product has any merit is for another article, but one of the points he raised to strengthen his case that I should buy his product was that it enabled “true BYOD”. I hadn't heard this before despite having looked into BYOD extensively. His assertion was that separating personal devices from the core school network prevents students and teachers from using many school ICT resources, and as such BYOD should be tied in to the main school ICT systems to enable use of local printers, and file storage etc.
Most schools keep BYOD devices away from the core of the school network by requiring that they use a separate VLAN — a network that is physically the same as the main school network, but logically separated out. This type of configuration is relatively cheap to set up, assuming you also ready have managed switches in place, and doesn't require any additional cabling. What the salesman was suggesting seemed to go against this concept entirely.
This got me thinking. Are schools right to be separating out on the ground of security BYOD devices? How many local services are students missing out on by separating out their personal tablets, phones, and laptops?
How many local services do students need to access?
My conclusion: none.
Local document access, unless you're using a Windows tablet, is clumsy and confusing. Printing can be done via Google's Cloud Print service. It's much more effective to provide — or rather for students to provide — a user interface with which they are familiar with rather than lumber them with another layer of complexity.
Using a system, such as Google Apps for Education along with a separate VLAN for BYOD devices, allows:
- Teachers and students to use a popular and safe cloud service.
- The school to maintain control of data.
- Keep BYOD devices segregated from the core network.
By streamlining the services available on your BYOD network to the essentials (DNS, DHCP, Proxy) there is less to manage and also less “surface area” open to abuse. Preventing Wi-Fi clients from communicating peer-to-peer also means there is very little scope for network issues.
As long as you are comfortable that your data is secure and centrally manageable in services such as Google Apps, I argue BYOD in combination with cloud services can, contrary to popular opinion, be an extremely secure environment within which your users can work.
What do you think? Let me know in the comments, or on the forum.