The purpose of the Personal Mobile Device Agreement is to provide users with secure and convenient access to their Brockport Exchange account from their personal device(s) while protecting the security and confidentiality of the College’s data and data systems. State and College policies prohibit the mixing of College and personal data on any devices, whether they are personally- or State-owned. These policies are in place to protect confidential College information and the integrity of College data systems. Connecting a device to College information systems, along with the subsequent downloading of messages and attachments, can seriously compromise security in the event that the device leaves responsible hands. LITS drafted the Personal Mobile Device Policy and Agreement to help protect the College’s interests while providing a secure service to the College’s users.
The Personal Mobile Device Policy and Agreement was recommended and drafted by LITS. It was then reviewed and approved by the President’s Cabinet and vetted by the Director of Human Resources.
The growth of mobile technology over the past few years has introduced new requirements and expectations for how members of the College interact with College data systems. At the same time the sophistication and frequency of attempted malicious attacks on the College’s data systems has grown exponentially. The combination of enhanced mobility of College data along with increased security risks required LITS to draft and recommend this new policy.
A significant number of College employees utilize their personal mobile devices to perform their duties on a 24/7 basis. For most employees, use of their personal devices is not a job requirement but represents an opportunity for increased efficiency and productivity. This has resulted in an increase of College data leaving College-maintained devices and a potential intermingling of personal and College data that can increase security risks. The Personal Device Request Agreement represents a compromise which allows the College to connect personal devices to the Exchange environment with due diligence for the protection of the College’s information and systems, while enabling staff and faculty to enjoy the convenience and efficiency of having their College email and calendar on their own mobile device.
LITS does not track what people do with their personal devices; configuring the devices to connect to Exchange does not enable LITS to monitor user activities. Likewise, LITS maintains no control over the user’s ability to install any other software on their personally owned devices. LITS only interest in the matter is that the connection to the Exchange environment is done in a way which is known to be secure and which can be supported by LITS to whatever extent possible.
When a mobile device is lost or stolen, a remote “wipe” command can be sent to the device to erase all data including all synchronized information and personal settings stored on the device. This essentially returns the device to the original factory settings.
LITS would wipe the device to factory settings under certain conditions, e.g., the device is lost, stolen, changes ownership, or the employee is separated from the College. LITS would never wipe the device without the owner’s prior agreement except in the case of a separation due to a serious malfeasance by the employee. If an employee is otherwise separated, or will no longer be owner of the device, LITS can help ensure that the College data is safely removed from the device without actually wiping it.
In the case of stolen or lost devices, the wipe to factory settings should benefit the owner as well as help to protect College data since it would prevent personal data stored on the device from falling into the hands of an unauthorized person. Should you be storing confidential personal data on your mobile device, LITS can assist in protecting that data and your identity through the ability to wipe the device.
This is not just a theoretical danger; there have been seven College-related Blackberries and iPads lost or stolen in the past year and a half and our ability to wipe the device has helped protect both the owner’s personal information and College data.
No faculty or staff member is required to enter into the agreement if they do not wish to do so. Basic access to College email and calendaring is already provided through web delivery mechanisms which can be accessed by nearly any internet device. Most personal smart phones, tablets, and the like can be used to access the Exchange environment in this manner.
Members of the Collaboration Team (Brendan Post, Gian Carlo Cervone, Timothy Suffredini) are always available to answer questions or discuss the policy or agreement. Please feel free to contact us.
NY State Policies: