BYOD Policies in schools and in the work place should include what is considered both acceptable use and misuse of resources.  Because many students and employees engage in personal activities on BYOD devices such as, twitter and scrabble, these applications and others are often active during work hours.  They not only distract people from doing their jobs, they can also consume considerable network bandwidth which could negatively impact business critical applications such as connectivity to the CRM or even VoIP.  If you think you are going to see a BYOD savings, you may want to think again.

 “Aberdeen Group found that a company with 1,000 mobile devices spends an extra $170,000 per year, on average, when they use a BYOD approach.”

Tracking BYOD Traffic

Network administrators should consider setting up single sign on for all devices accessing the network, including BYOD they should also be monitoring BYOD traffic  with NetFlow.  This allows admins to track the username associated with every device accessing the network and in many cases the traffic including URLs is logged.  Below is an example of our partership reporting with Enterasys NetFlow and mIAM exports:

BYOD for Schools

BYOD Could Spread Malware

Because antivirus software has not yet readily available for many smart phones, administrators should consider deploying firewalls and IPS appliances on the internal network.  Although this investment will certainly add additional layers of security which help reduce the school or company’s risk, education is by far the best tactic against the introduction of malware.  One place to start is a discussion on how social media can cause infections.


BYOD threats


Use of social medias at work can pose security risks to the organizaton’s intellectual property through an individual’s personal communication habits (e.g. clicking on poisoned URLs).  If these malicious URLs are clicked on within the BYOD device, it could become infected and spread the malware inside the network.

BYOD Acceptable Use Policy

Situations like the above are why the network acceptable use policy is an issue that has been discussed in just about every HR department. It’s a serious subject that must be dealt with as ignoring the issue can lead to internet abuse.

An acceptable use policy needs to outline What Warnings should be given out.  If you have ever dealt with our legal system, you know that you must have a paper trail prior to taking corrective action. Some organizations lay out what ‘may’ happen:

  1. restricted access or loss of access to the University Network;
  2. disciplinary actions against personnel and students associated with the University,
  3. termination and/or expulsion from the University, and
  4. civil and/or criminal liability

Depending on the venue, the above may be a bit to vague. Subjective consequences can lead to loop holes if an issue should escalate to litigation. Some businesses or schools may want to consider something like the following:

  • 1st Violation: verbal warning and notification to manager
  • 2nd Violation: written warning and notification to manager
  • 3rd Violation: written warning and notification to manager
  • 4th Violation: termination

Network management software shouldn’t be expected to do all of the heavy lifting when it comes to BYOD and mIAM.  Personally I’m a fan of not blocking anything and encouraging employees to be responsible with the company’s internet connection and IT resources. If the consequences are clear and enforced, most responsible people will play by the rules and behave responsibly.


Mike Patterson author pic


Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.


Leave a Reply