In Higher Education, Going Mobile Creates Additional RisksBy: SecureWorks
Like a hungry lion in an antelope hunt, mobile devices have infiltrated university and college campuses worldwide. According to Gartner, worldwide smart phone sales hit 472 million units in 2011, up 58 percent from 2010, and are projected to reach 1.1 billion units by 2015. In fact, Educause, a leading provider of guidance to education IT professionals, lists "trends toward IT consumerization and BYOD" as one of the top ten issues of 2012 in a recent report.
However, as Dell learned from a series of roundtable events in early 2012, formally enforced and managed bring-your-own-device (BYOD) policies, device usage and tracking, data encryption and identity and access management were absent at many higher education institutions. Educause had already noted in a 2011 survey that security and data breaches ranked in the top five IT concerns that higher education institutions face. According to the report, "hackers [are] repeatedly finding ways to defeat the best technical, organizational, and social countermeasures created by security experts. We are seeing new exploits that automated intrusion detection fails to recognize, malware that is difficult to remove, and whole new waves of risk associated with the rapid deployment of smartphones and the new generation of tablets on institutional networks."
Although security is on the radar of higher education IT departments, there often isn't visibility into exactly what the magnitude of the threat really is across the entire spectrum of the institution's infrastructure. In many organizations, smartphones are replacing or complementing computers, creating new security vulnerabilities. Complicating matters, smartphones run on up to ten mobile operating systems today, with security-related products that offer varying capabilities depending on the device and mobile operating system used. However, several precautions can greatly minimize the risk that mobile devices pose.
In the world of higher education, as in many industries, data breaches are common. To stay protected, security strategy must consider the entire institution as well as mobile devices and user behavior. It cannot be limited to single point solutions that are isolated from a holistic strategy that drives security planning and resourcing throughout the organization. Despite the risks and misalignment of security goals that many education institutions face, they can significantly improve their risk posture through a combination of strategic planning for incident response, conducting risk assessments, and implementing controls based on a strong understanding of the institution's unique infrastructure, network architecture, and mobile device usage patterns.
The bottom line is that while mobile devices introduce a new set of risks to your environment, they can also improve productivity, build morale, and help establish a balance that attracts and retains the talent and student base needed to position your institution as progressive and innovative. The key is an ongoing practice of governance, education and awareness.