BYOD STRATEGY FOR EDUCATION COMMISSION IN AUSTRALIA
Topic area
In a fictitious state of Gilliardania a newly created Education Commission in Australia is considering to integrate all affiliated institutions and stakeholders through a BYOD IT infrastructure. As a business analysis report, this paper will outline the policy design, implementation, and administration of BYOD at Australian Education Commission (AEC).
Specific project objective
- Effectively initiating the business strategy for the IT projects using BYOD
- Focusing on the strategy of “Bring Your Own Device” (BYOD) approach
IT consumerism has led to manifold increase in the use of networked devices across an IT infrastructure. The personal mobile devices are increasingly used by business customers and internal stakeholders of an IT environment. This has also resulted in rapid growth of Wireless LAN (WLAN).
Key Information sources
A careful estimate indicated that by June, 2015, there will be more than 7.4 billion networked devices across the planet (Fidelman, 2012). Majority of devices used as mobile devices are laptops, Smartphone, personal digital assistance (PDAs) and tablet PCs. While this growth is set to reflect positively on the access to information, efficiency of IT infrastructure of organizations may have serious implications of accessibility of mobile devices. With this change already underway, few things need to be understood before the IT infrastructure can be managed effectively to respond to the change. Bring Your Own Device (BYOD) does not simply mean bringing own devices to access information and knowledge resources. For this to happen, there are several resources of an organization that needs to be present in the clouds. Thus, cloud computing is also another changing paradigm for computing. Both applications and data are packed into the cloud putting traditional IT infrastructure such as mainframe computers with less significance. It can be observed that currently there are three broad trends taking place in the IT governance and IT environment of organizations. Although value creation is the ultimate output of process and mechanism changes, disruption in traditional IT infrastructure is also amongst several drawbacks of such fast shift to consumer based devices (Roese, 2013). Easier said than done, there are several protocols for BYOD supported IT infrastructure to sustain high traffic load. Security, assurances, and control of the access are major concern for IT managers. It may be mentioned that adopting the BYOD may have implications such as shift of data storage patterns, enterprise boundary setting, deployment of IT resources and virtualization. The following sections describe how the BYOD can be designed, implemented, and administered for Australia Education Commission (AEC).
Design of BYOD
For designing the BYOD, we will require that existing IT strategy is aligned with the purpose statement of BYOD.
Purpose definition: The purpose definition will explain the rationale of developing the BYOD and developing an elaborate plan for implementation of the policy (Walker-Osborn, Mann & Mann, 2013). Relevant stakeholders will be identified and enforcement standards will be made part of the purpose definition. This will help develop an overall purpose of the proposed intervention in form of BYOD.
Defining authorized uses
This section of design plan will introduce to the reader the appropriate and relevant users of BYOD. Since this is an education set and the commission will have several kinds of users on its premises, the main categories of users are as follows.
Employees of AEC: The employees of AEC will be legitimate users of BYOD and may register their mobile devices with the IT department of commission.
Faculty: The faculty of universities and colleges will have access to the information and knowledge resources of AEC and this qualifies them as users of BYOD.
Authorized users: This part of BYOD design will address the issues of legitimate users that are allowed under BYOD using the mobile devices that include tablets, palmtops, laptops, and Smartphone (Heary, 2013).
Risks communication: In this part of the design plan, the potential and most evident risks associated to becoming user of BYOD will also be communicated to relevant stakeholders and general users under different categories (Ghosh, Gajar & Rai, 2013). Loss of privacy and risk to personal data along with sign information breach are the risks that IT personnel should intimate to the users. This will help them keep their login and password information secure.
Prohibition of certain uses:
This section will outline the technologies and software and tools that cannot be used on BYOD of AEC. This will allow setting explicit parameters of the IT infrastructure and security of data present within the system. User mobile device guidelines along with authentication and password protection guidelines will also be part of this section of design.
Management of BYOD system:
This section of design will allow the Chief information officer (CIO) to include policy breach implications for users. The implications may include issuing warnings on potentially wrongful use of BYOD infrastructure and trying to breach security. Since AEC is an education based management institution, faculty and staff should be provided with explicit guidelines on the breach of security and the action by administration that may follow such a breach.
Limited liability declaimers: AEC must incorporate limited liability notices throughout the virtual access points and key points of her infrastructure. Willful violation either by the user or third party intruders will not be responsibility of the firm. This will allow legal protection of commission’s information system management.
Data securitization: Data securitization is also one of the main elements of the design process of BYOD. This will require elaborate policy guidelines for the users, for managers of the IT infrastructure, and the executive management. Mobile devices pose a direct security threat and these need to be mitigated through policy and enforced standards. The extension of mobility further compromises the security that should be adequately communicated. It should also be mentioned that indirect threats to the BYOD infrastructure and information storage is more critical as compared to direct threats. Dual-connectivity that is the connectivity of a mobile device to more than one network at the same time renders the private network susceptible to threat. The faculty member of staff may connect their mobile device to more than one network in this case the commissions IT information central path will lie bare for foreign intruding agents such as Malware and virus as well as hackers.
For data security, it is highly advised that segregation of data is advised at organizational level. Personal and organizational data will be segregated on the basis of authentication from organizational leaders. These include CIO, CEO, and Chief operating officer (COO).
Device registration: Device registration is also another requirement for managing the security of BYOD environment within AEC IT environment. Majority of the devices will belong to employees of the organization and faculty staff that is related to commission. The device registration will allow the IT management to allow access to BYOD for approved devices and users only.
Hire Expert Writers at Affordable Price
WhatsApp
Get Assignment Help
Implementation
The implementation of BYOD will require the AEC IT team to enforce tight environment control such as registering corporate only devices (Mansfield-Devine, 2012). This implies that only devices belonging to traditional enterprise owners (institution owners and faculty) as well as classified government authorities will be allowed to have remote access to enter databases maintained by the IT department.
Easy access to the BYOD environment is also one the main purposes that implementation of this process should result in. Several device types can be allowed to connect to internet. Simple guests may have access to only general and specific ‘purpose related ‘issues. Differentiated services will be generated and onsite as well as offsite security protocols will be different. Application and service based software will be allowed to connect to the BYOD environment of AEC however proper authentication of access control and data protection procedures may be applied.
BYOD Policy sharing
BYOD policy designed in the previous section will be shared across all relevant stakeholders and users (CISCO, n.d.). This will allow the commission to get the BYOD non-disclosure agreement signed by the employees and users already identified in the previous section. This will allow the company to implement the BYOD policy and strategy in letter and spirit and avoid any legal complication arising out of confusion or mistrust on part of employees.
Monitoring of data management: For monitoring the policy implementation, this point shall b be adopted. Case organization will require physical assessment of data storage and making them comply with the federal standards of information security and data management.
Exit strategies for case scenarios:
The governments do not have full confidence in the existing policies regarding the remote and mobile device use at sensitive premises (Walters, 2012). Thus, the employees may be required to submit the devices before leaving the job and will fill out an exit from. The exit form will contain a written undertaking by the leaving employee that he/she has not been involved in type of breach of trust or breach of working hour.
The mobility of data has allowed the consumers to access wide body of knowledge. To make this access within the defined parameters and within the established protocols of security, the firms have a positive obligation for arranging the security of IT infrastructure. Open access to resources should not be provided by the commission’s IT managers and password protection should be the default setting throughout the BYOD.
BYOD development and implementation-CISCO
Source: (CISCO, 2013)
Secure access of the BYOD is also main consideration that IT developers and managers need to ensure (Roese, 2013). However, this cannot be provided by the IT management only and there needs to be ‘overall’ change in culture of how devices are used and security is maintained through the cooperation of users, for their own data and privacy protection as well as securing organization knowledge resources (Roese, 2013). The most significant success factors in any given design of BYOD are that it is designed to scale and is always partner led (Copeland & Crespi, 2013). This implies that all stakeholders in the process of implementation are treated as partners and therefore the input and shared-responsibility towards implementation and operations of such BYOD depend on all the partners within BYOD environment. The design of such BYOD environments where multiple stakeholders will access the data through their mobile devices is modular and design has to match the deployment needs (Ballagas, Rohs, Sheridan & Borchers, 2004) of AEC needs.
The BYOD infrastructure should also have options to use or collaboration. The IT staff will need specialized expertise in handling the parameters of such IT environment. Any IT deployment that is there to increase the flow and accessibility of information as well as knowledge resources must be reliable, fast, and predictable. All these qualities in a single BYOD are challenging to meet (Thomson, 2012).
Organizational changes after BYOD
Consumer devices on the workplace create great challenges for the IT staff of an organization (Miller‐Merrell, 2012). In case of AEC, the challenge is even bigger with multiple stakeholders involved in accessing different but interconnectedness. Data security is the main issue got cloud providers in difficult position. It should not be the main concern for the CIO that how the network as well as the devices are secured from intruders but the overall purpose shall be to mature the business processes and other potentially disturbing access pints .
It is also observed that to safeguard the BYOD setting is not encouraged before taking an action on more deep rooted issues. Data is always in the cloud within the IT environment of BYOD, physical locality of data is quite cumbersome for the operators (Babcock, et al., 2002). There are assessments that increasing number of people now brings their own remote connectable devices. Separation of user and device entry is amongst the main challenges BYOD faces. Virtual desktop infrastructures (VDIs) are used by IT managers to provide BYOD environment to the users (Siahos, et al., 2012). Transfer of data from one device to another also needs to be curtailed given the important nature of data that is accessed.
There are three service level models that cloud services are utilized through in order to enable BYOD. These are Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service IaaS (Kim, 2009). In all these service levels, there is neither segmentation between layers of accessed data not distribution of layer into categories. By assessing which type of the layer, it is possible to define specific paramours for this service.
The security of the BYOD environment is also paramount to successful operation such network based IT operations. The minimum security standards should be developed and implemented so that whatever the device may be, it can be registered with the BYOD network (Roese, 2013). This not only increases the number of devices accessing key resources through company IT platform, this also helps improve the lead time to information and accessing knowledge databases. Application infrastructures are maintained throughout the system, and this helps in increasing number of people actually gaining access to the network. Assing (2013) explained that some organizations explicitly prohibit access to virtual networks using the BYOD enabled devices as there is potential threat of infiltration in outside devices that intend to gain access to system-wide databases.
It is observed that tablet PCs are increasing number of devices used by the customers to gain access to the network (Burt, 2011; Fidelman, 2012). The tablet PCs does not require the CIOs to add protocols for existing Smartphone connectivity. Partitioning and remote wiping are both enabled through BYOD (Scarfo, 2012) in the environment that is currently developed for AEC. Internal data file structures are important sources of information for the Smartphone and Tablet PC devices within the BOYD environment. To help the devices gain access quickly, some organizations compromise the amount of security protocols to be followed by the customer.
There are other responsibilities as well that are related to operating the BYOD environment. Ghosh, et al. (2013) observed that maintaining current licenses of related software and programs is as essential as managing the networks for security reasons. Extended service agreements with the vendors is also an important source of accessing licensed software for the large companies operating their BYOD environment? The use of personal mobile devices such as PDAs, Smartphone, and Tablet PCs will only increase and this requires that management structures are made to withstand high demand for the BYOD environment (Roese, 2013). To achieve this end, the IT managers specifically the CIOs need to address the issues faced by both the organizations in allowing BYOD and the amount of privacy that customer are willing to forgo (Ghosh, et al., 2013). The risks associated to accessing information and knowledge from BYOD infrastructure should be kept low. Many corporate firms in the North American region have developed specific policies for BYOD and this indentifies the huge potential of both research and application present in the field of BYOD in firms (Roese, 2013). Since AEC will be a non-profit institution, there is hardly any likelihood that the commission will have enough funds to effectively manage the security. There needs to be balancing between organizational need of securing their knowledge resources and information and the amount of privacy that is compromised while meeting in BYOD environment. Network traffic protection is another important issues for the providers of IT services. Firms whose core expertise do not lie in IT, as in case of this education commission, there has to be certain amount of outsourcing whether in form of risk assessment and mitigation consultant or in form of top executives managing the change.