Introduction
Bring
Your Own Device (BYOD) is a term used for the new trend where employees bring
personally-owned mobile devices into their workplace. BYOD is also known as
BYOT (Bring Your Own Technology). This new trend is witnessed by the
organizations to bring several advantages, including competitive advantage,
reduction of cost, higher employee productivity and flexibility. BYOD is
therefore looked at as a momentum that should not be stopped but adopted.
The
concerns or issues should be addressed so that the benefits of this trend can
be achieved. Higher learning institutions are seen as organizations that have
to adopt this trend as the new generation of students is computer-literate and
technical-savvy. The objectives of this study is to identify factors those
influence the adoption of BYOD, to identify the factors those contribute to the
success of BYOD in a selected higher learning institution and to propose
appropriate guidelines for BYOD adoption at the same institution. Existing
factors were identified through Literature Review. The factors are Security,
Infrastructure, Cost, Policy, Privacy, Education and Application and these have
been highly mentioned in Literature Review. Surveys were conducted at the
institution to gather data from students and staffs. The collected data was
then analysed to identify the factors that are deemed to have relevance and
influence in the adoption of BYOD at this private higher learning institution.
The results from the analysis show that there is a high percentage of mobile
device ownership among staffs and students at the institution, and there are
concerns identified relating to all the seven factors mentioned.
In a report by International Data Corporation (IDC)
dated 2010, it was stated that for the first time smartphone sales have
surpassed the sales of PCs. In 2011, the sales of smartphones raised 55% from
the previous year. Along with this, the trend of Bring Your Own Device (BYOD)
is also becoming more popular as smartphones and tablets are making their ways
into the organizations. BYOD allows employees to use their own mobile devices
to access the organization’s network information systems.
McNeill, Diao & Gosper (2011) conducted a study
to find out how students use technology to help in their learning. This young
generation of university students whom are described as “Digital Natives” and
“Net Generation” are said to be different from those the educators have taught
before. This generation of students has wide exposure to computers, video
games, digital music players and many other digital gadgets [1]. Enhancing learning
through technology and using social media for educational purposes are looked
at as important factor in enhancing students’ knowledge, creativity,
collaboration and innovation.
College students today think that the ability to
work from remote is a must. Based on the study, two out of three students would
want to access their employers’ network using their personal computers. The
same study also shows that more than half of the student population surveyed
will want to use their own mobile devices for work purposes. If the employers’
could not provide these, these future workers are most likely to find
workarounds. Another interesting finding is that 71% of the students would also
want to use the company-issued devices for both work and play.
This support the idea that BYOD could enable the
communities of the higher learning institutions (HLIs) to utilize the available
information technology services in a larger scope. Applications like
e-learning, student management and library management systems can be accessed
from personally owned mobile devices. The use of these devices have raised a
number of concerns, amongst which are about teaching and learning, planning and
governance, security and compliance and support strategies. Despite these
concerns, the higher learning institutions are in the situation to allow this
new trend as it could also bring to bigger advantages. In higher learning
institutions, this trend has also brought new requirements, developments and
challenges as these institutions are increasingly using technology in their
operations as well as in the teaching and learning activities. The purpose of
this study is to conduct literature reviews and research to identify the
critical factors that would contribute in enabling BYOD in a Higher Learning
Institution. Once the factors have been identified, a set of guidelines is to
be developed in adopting BYOD at this Higher Learning Institution.
Literature Review
The existing factors and concerns were studied and extracted from the
Literature Review conducted. This activity meets the first objective of the
research. The categories of factors identified are security, infrastructure,
policy, privacy, cost, application and education.
Security factor is grouped as matters about security concerns caused by
BYOD. Examples are like security threats, security attacks and security
solutions. Infrastructure group factor are about requirements for improving the
present infrastructure to support BYOD. Cost factor is a group of cost
implications or cost-effectiveness if BYOD is enabled. Policy is the factor
that matters about BYOD policies to include/implement. Privacy factor is the
group of matters about individual privacy considerations if the devices are to
be managed by the organizations. Education factor matters about educating users
about BYOD policies, security and awareness. Application is the factor that
discusses about the applications and types of applications
(web-based/desktop-based) and how to access them with BYOD.
Security
Thomson recommends that BYOD is a trend that should be adopted by
organizations as it gives a competitive advantage via the means of enabling
technology. Concerns about securing the network and data should not hinder
adoption of BYOD. Instead, solutions should be created for these business
challenges. Competitive advantage is looked at as an enabler for BYOD adoption.
Employees want to pass the responsibilities of security to the organization
while they are able to work from their home or office using their own devices [3]. A survey conducted by Cisco shows that end
users feel that the end users themselves and IT departments must take
responsibilities for securing the work devices and data. This is depicted in
Figure 2.6.
Infrastructure
According to Vanwelenaers, using technology to improve student learning
promotes a better learning atmosphere for most students. BYOD is seen as a way
to engage students, create interactivity between peers, enhance communication
and stimulate the “anytime, anywhere” classroom concept [4]. The
author has identified infrastructure as an important factor to cater for BYOD.
A school’s wireless network must have enough capacity to support the
connectivity from students’ mobile devices. It is probably required that the
schools need to upgrade the wireless network infrastructure and technologies.
In an article by Raths, it was reported that the demand for access on
the wireless network at the Jordan School District has increased due to BYOD.
However, it is mentioned that they were prepared as they have spent several
years building their infrastructure, both wired and wireless in anticipation of
BYOD movement. It was also reported that an approximate of 2000 students bring
their own devices to school [5]. In the same article, it was mentioned that
networks built even in 2008 are starting to be outdated as they do not support the
heterogeneous mobile devices. It was claimed that technical and security
infrastructure issues alone can be overwhelming. Managing wireless access
points individually may not be a practical way with the increase of the number
of access points. There is a need for central controller. A system like Ruckus
Wireless can manage access points, adjust signals and do load balancing. It was
also reported that many consultants suggest placing BYOD traffic on a dedicated
virtual network. This is to separate the networks so that the mobile devices
will not have access to organization-related data.
Policies
Green discussed about the creation of a framework for mobile device
policies. The author deliberated about the management of security policies for
mobile devices. It was also highlighted about the attacks that mobile devices
are exposed to and the risks they present to the organizations. The attack
vectors were grouped into 4 categories; virus-infected mobile devices, data
theft by employees, Bluetooth technology and wireless technology. The author
proposed the use of Issue-Specific Security Policies framework for developing
security policies for mobile devices. The author, based on his studies
recommends that this framework is used over others as it is easily understood
and it clearly defines the sections in the policies. The author insists that
mobile devices are computing devices and policies should be created accordingly
if those devices are to be used within the organizations [6].
In a technical analysis article, Burt mentioned that Unisys officials
are developing wide-ranging BYOD policy. As this is a wide-ranging policy, it
would cover many areas of ICT, including for the use of personal mobile devices
by employees. The policy which will be called as Acceptable Use Agreement (AUA)
will contain requirements so that users allow for the installation of public
key infrastructure (PKI) device certificate on their devices, allow for
remote-wipe software installation on their devices, and users acknowledge that
their mobile devices or the data on it can be seized if they are part of a
legal dispute. The mobile devices are described as WMDs (weapons of mass
destruction) for the damage they may do to a company, if used inappropriately [7]. Thus, it is important that policies are put
in place to protect the company.
Privacy
According to Absalom, in a BYOD environment, employee data privacy is
often overlooked at [8]. At the same time, the legislation
pertaining to data privacy also creates restrictions for IT Managers to
implement a BYOD policy. An organization may choose to use the mobile device
management (MDM) application on a personal mobile device. Such an MDM solution
may allow for activities monitoring and data access on the devices. This can
cause an organization to face lawsuits for breaching of employees’ data
privacy. This introduces predicaments to organizations. If BYOD is to be
allowed, they must ensure that corporate data can be accessed and protected but
this must be done without interfering into the employees’ right to personal
data privacy.
As cloud computing is a sort of necessity in ensuring that BYOD adoption
objectives are met, it is important that the BYOD and cloud computing pair are
designed and deployed by considering the issues pertaining to privacy. The
computing environment must conform to the data security and data privacy of the
educational institution and all relevant laws and regulations on data privacy [9].
Cost
Scarfo shares that consumerization affects how employee habits have
changed because employees would prefer to be within their consumer environment,
and thus the employees would want to use their own devices while performing
their jobs. Scarfo highlights that BYOD brings opportunities to organizations
as the organizations can reduce cost (employees may pay for their own devices)
and the “anytime, anywhere” can increase productivity of the employees. Two
main factors that employers find interesting in enabling BYOD are increase of
productivity and reduce of cost. BYOD helps in reducing cost because the
employees or end users would purchase the devices on their own [10]. The employer may also subsidize for the
purchase of the devices. In both cases, the employer enjoys cost savings.
BYOD is said to improve staff productivity and is amongst the most
important reason why organizations choose to allow its adoption. However, Hayes
claims that when productivity increases, it also heightens the staff salaries [11]. Budget that has been saved on purchasing
computers is now possibly offset by the need to spend on new BYOD management
tools.
Demski in her interview also questioned about the impact of allowing
BYOD on their IT budget [12]. The IT Heads believe that allowing BYOD may
not really reduce cost. One IT Head said that BYOD will shift the way they are
spending the budgets. Although spending on computer lab hardware may reduce,
investments may be shifted to virtualization, security and probably, off-site
cloud services.
For a BYOD trend to be more meaningful in a higher learning institution,
it understandably must also have the right mobile applications where the
communities of the institution will benefit. Cloud-based email service, storage
space and collaboration tools are already available for use by the education
community. Google and Microsoft have made their cloud services available at
relatively no cost for the education community. For example, a set of collaboration
tools by Google, called GoogleApps (email, office productivity, storage space
and calendar applications) are provided for free to the educational
institutions worldwide. Microsoft has also made the same arrangement to provide
some services available at no cost to this community. If a higher learning
institution engages to these services, not only it saves a huge cost, but will
also engage their students and educators to new technologies and meet the
purposes of enhancing teaching and learning experience.
Applications hosted on the cloud have been a strong reason for BYOD
adoption. For educational institutions, cloud computing has many advantages.
According to Kalim, universities may gain benefits through (i) opening their
technology infrastructures to businesses and industries for research
advancements (ii) keeping updated with the growing resource requirements and
energy costs due to cloud computing efficiencies (iii) using cloud computing to
teach students through innovative ways and help them manage projects and
massive workloads (iv) using cloud computing to access applications without
installing them on their computers and allow access to saved files from any
device with an Internet connection [13]. Among the concerns and challenges mentioned
are robust security, balance between private and public applications and
setting the strategy with education as the university’s priority.
In a cloud environment, applications are run and interacted by using a
web browser, hosted desktop or remote client. In a BYOD environment, the mobile
devices are the tool to access the applications on the cloud. According to
Kalim, a trademark of commercial cloud computing is that organization
need not engage to costly software licences[13]. Instead, the cost is incorporated in the
subscription fee of the cloud service. Using cloud, there is no need to install
and run the applications on the user devices, and thus eliminating the issue of
software maintenance and support.
Education
Education and training has been mentioned as one important category in
many of the papers. Users must be aware of their data privacy, acceptable use
policy, applications they can access and how they can utilize BYOD to improve
their works. This is where education and training sets in. By educating the
users, they will have better understanding on the intentions of the
organizations for allowing BYOD and the expectations that come from it.
According to Dhalstrom & Filipo, Educause Center for Applied
Research (ECAR) is addressing a number of concerns related to consumerization
by conducting research to answer the questions pertaining to the present
policies, practices and experience with BYOD in higher education, exemplary
practices for strategic management of BYOD and the strategic innovations for
BYOD [14]. ECAR has developed a framework to study the
important issues that higher institutions are facing regarding consumerization
of IT.
In an online survey conducted by Yarmey, 832 University of Scranton
undergraduate students (aged between 18-24) participated to answer 35
questions. 69% (229 students) reported owning an Internet-capable cell phone [15]. The author concluded that information
literacy instructors should become familiar with new search methods (for
example, the QR codes) to help students to be more effective and efficient;
students should be encouraged to review a range of search result; information
literacy instructors should help students understand how to evaluate
information and; students may need assistance from educators in applying
information literacy skills they have learned while using laptop or desktop and
now on mobile environment.
Analysis and Findings
A survey was conducted at a private higher
learning institution to study the importance and influence of these BYOD
factors in adopting the trend at this institution.
More than 700 students were approached
through emails to answer the online survey titled “University Students and
Technology”. These students range from pre-university (foundation studies) to
undergraduate students to postgraduate students (masters and PhD).
High ownership of the devices with an
ownership percentage of 79.63% of the devices also indicates that students are
depending on these devices for their academic works heavily. If mobile devices
(laptop, tablet and smartphone) alone are selected, ownership percentage is
higher at 82.65%. This shows that the BYOD trend is highly prevalent among
students in the selected universities. More than half of the students have
selected that the devices are from moderately to extremely important in their
academic success. This outcome also indicates that the selected university
should explore the channels and measures to increase teaching and learning
experience by adapting to BYOD trend.
Security
It was found from the study that users are
not aware on the available security measures available at the institution in
preventing data loss, securing device and securing data. For BYOD to be
successful, it is important that security measures are put in place
accordingly. Therefore, the institution needs to make the right security
controls and measurements put in place. Users of the institution are also to be
made aware so that they comply with the security policies.
The response from staffs is quite alarming
when questioned whether they have antivirus installed on their mobile devices.
97% of the staffs indicated that they do download and install free mobile
applications but only about 31% know and have installed antivirus on their
smartphones. This shows that there is a need for the staff to be made aware on
the importance of antivirus on their mobile devices. It is also important that
they download and install freely available applications with caution. Staffs
have responded very positively on locking their smartphones with screen
lock/pin. This is the first layer of defense for a smartphone.
Infrastructure
Infrastructure to support BYOD at this
institution is deemed to be sufficient as staffs find that they do not find difficulties
in connecting their devices to Wi-Fi and the bandwidth of Internet access is
sufficient. Staffs do however think that there will be a need to improve the
infrastructure in the very near future to cater for more user-provisioned
devices.
Cost
Staffs responded that the institution can
look at saving cost by reducing the number of general-purpose computers in the
future. On the other hand, increase of cost is expected in providing better
infrastructure to support the widespread use of user-provisioned devices in the
institution.
Policy
Policies are important to ensure staffs know
what they can and cannot do within their institution. Questions were asked on
the policies available with regards to the use of their own devices at the
institution. Based on staffs’ responses, it was found that there are no formal
policies for devices and applications that can run on the devices.
It is therefore important that the
institution looks into preparing policies to clearly guide the users on their
use of personally-owned devices for the institution’s work or while they use
the institution’s resources i.e the institution’s network resources.
Privacy
Based on the findings, it is notable that
staffs are quite concerned on the personal data privacy on their mobile devices.
This would need for proper policies put in place if mobile device management
(MDM) software is to be installed on their devices. MDM has the capacity to
remotely wipe and read the information on the mobile devices. Trainings and
exposure to the monitoring software can be given to gain better confidence from
the staffs.
Applications
The findings implicate that applications
should be platform-free as students and staffs hold different types of devices
with different operating systems. Students have also indicated the many
applications that they consider important in their academic success. The
applications should also be user-friendly enough to be used from handheld
devices. To garner the benefits of BYOD, applications that are useful in
teaching and learning should be made available.
Education
Students’ responses were collected to find
the relevance of this factor to BYOD implementation at the institution. ‘Some’
and ‘Most’ of their instructors effectively use technology, have adequate
technical skills and provide the students with adequate training for the
technology used in courses. BYOD is a phenomenon. In order to garner the
benefits of BYOD, the right technologies and applications are needed. Those
technologies and applications are then should be properly transferred to the
instructors and students, via proper trainings.
Analyses on staffs’ need on training shows
that staffs have recommended highly that they need trainings on the online
productivity tools, digital library, security programs and ICT policies. These
are only some of the areas covered under the trainings. However, staffs find
that all these areas are important and that they need to be trained.
Summary
The main
contribution of this study is on the identifications of the factors and concerns
in adopting BYOD in the selected higher learning institution. Insofar, there
are none or very limited studies made on the adoption of BYOD at a higher
learning institution in Malaysia. This study therefore contributes as a base
for future studies on this same area. The study has also made a clear exposure
that BYOD is a trend or phenomenon that is happening fast in the institution.
High percentage of staffs and students are carrying their personally-owned
computing devices (laptops, tablets, and smartphones) to the institution. The
institution must look at catering for these devices so that higher satisfaction
of users is achieved for better teaching and learning experiences.
References
[1] M. McNeill, et al., "Student uses of technology
in learning: two lenses," Interactive Technology and Smart Education, vol.
8, pp. 5-17, 2011.
[2] R. Oppliger, "Security and privacy in an
online world," IEEE Computer Security, vol. 44, pp. 21-22, 2011.
[3] G. Thomson, "BYOD: Enabling the
chaos," Network Security, vol. 2012, pp. 5-8, 2012.
[4] M. Vanwelsenaers, "STUDENTS USING THEIR
OWN TECHNOLOGY DEVICE IN THE CLASSROOM: CAN “BYOD” INCREASE MOTIVATION AND
LEARNING," 2012.
[5] D. Raths. (2012) Are You Ready for BYOD? THE
Journal Magazine. 28-32.
[6] A. Green, "Management of security
policies for mobile devices," in Proceedings of the 4th annual conference
on information security curriculum development, 2007, p. 22.
[7] J. Burt, "BYOD trend pressures corporate
networks," eweek, vol. 28, pp. 30-31, 2011.
[8] R. Absalom, "International Data Privacy
Legislation Review: A Guide for BYOD Policies," 2012.
[9] R. G. Lennon, "Bring your own device
(BYOD) with Cloud 4 education," presented at the Proceedings of the 3rd
annual conference on Systems, programming, and applications: software for
humanity, Tucson, Arizona, USA, 2012.
[10] A. Scarfo, "New security perspectives
around BYOD," Victoria, BC, 2012, pp. 446-451.
[11] J. Hayes, "The device divide,"
Engineering & Technology, vol. 7, pp. 76-78, 2012.
[12] J. Demski, "The Consumerization of IT:
Pendulum or Wrecking Ball?," Campus Technology, vol. 25, pp. 32-34, 2011.
[13] A. Kalim, "Clouds on the Academic
Horizon," International Journal of Computer Science and Management
Research, vol. Vol 2, 2013.
[14] E. Dhalstrom and S. d. Filipo,
"Consumerization of Information Technology/BYOD," ed, 2013.
[15] K. Yarmey, "Student information literacy
in the mobile environment," EDUCAUSE Quarterly, vol. 34, p. n1, 2011.
