The Vulnerabilities of using Bring Your Own Device – ‘BYOD’ in Cardiff Metropolitan University A dissertation submitted in partial fulfilment of the requirements for the degree of Bachelor of Science. Author: Lloyd Matthews Honours Degree in Business Information Systems Cardiff School of Management
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Vulnerabilities of using Bring Your Own Device – ‘BYOD’ in Cardiff
Metropolitan University
A dissertation submitted in partial fulfilment of the requirements for the degree
of Bachelor of Science.
Author: Lloyd Matthews
Honours Degree in Business Information Systems
Cardiff School of Management
Cardiff Metropolitan University
May 2014
Declaration
I hereby declare that this dissertation entitled “The Vulnerabilities of using Bring Your
Own Device – ‘BYOD’ in Cardiff Metropolitan University” is entirely my own work, and it
has never been submitted nor is it currently being submitted for any other degree.
Supervisor’s name: Stuart McNeil
Candidate signature ……………………………................ Date ………………….
I
Abstract
This thesis sets out to assess the impact that the introduction of Bring Your Own Device
(BYOD) has had on Cardiff Metropolitan University. The aim of the research is to
evaluate the current vulnerabilities against the faculty and student population, as well as
the university administration. Extensive background reading was undertaken that
highlighted many areas for discussion and comparison against the primary results. The
primary methodology used was phenomenology. Phenomenology was used to conduct
interviewees and questionnaires, as well as this, subsidiary methods and methodologies
were also used.
The primary research conducted produced a wealth of interesting data. On analysis, it
was apparent that both students and staff members believe that there is a significant
risk of safety and security associated with BYOD use. Additionally, many BYOD users feel
that non-BYOD users can potentially be at a disadvantage, also highlighting a risk of
bullying and snobbery. However, although the majority of students express concern,
overall they have positive views towards BYOD, with 96% of students use the service.
Teaching staff offer mixed opinions toward the introduction of BYOD, and in particular
its use within contact time. Some advocated its uses as a learning tool, whilst some see it
as a hindrance to concentration.
The results show, that the university administration are looking to reform issues
outlined from secondary and primary research sources.
Finally, recommendations were presented, and discussion furthered to include whether
the research aims and objectives had been met.
Keywords: BYOD, IT in Education, Mobile Devices, Virtualisation, CYOD
Acknowledgements
I wish to thank all of the research respondents of this study, for so willingly and
helpfully sharing their thoughts. I would also like to thank my family for their support
and patience, whilst I undertook this dissertation. Finally, I would like to thank the
tutors at Cardiff School of Management, and in particular Stuart McNeil and Hilary
Berger for their invaluable advice and direction throughout this study.
II
Table of Contents
Declaration........................................................................................................................... I
Abstract................................................................................................................................ II
Acknowledgements.......................................................................................................... II
Table of Contents............................................................................................................. III
Table of Figures................................................................................................................ VI
Table of Tables................................................................................................................. VI
List of Abbreviations...................................................................................................... VI
CHAPTER 1 – INTRODUCTION....................................................................................... 1
1.0. Background.......................................................................................................................................... 1
1.1. Aims and Objectives.......................................................................................................................... 2
1.2. Project Overview................................................................................................................................ 2
CHAPTER 2 – A CRITICAL REVIEW OF LITERATURE..............................................4
2.0. Introduction........................................................................................................................................ 4
2.1. BYOD in education............................................................................................................................. 4
2.2. Legal and ethical issues surrounding BYOD deployment....................................................5
2.3. Network administration decisions relating to BYOD distribution...................................7
2.4. Security Considerations with BYOD............................................................................................9
2.5. The misuse of BYOD....................................................................................................................... 11
2.6. Current Cardiff Metropolitan network and BYOD policies...............................................12
2.7. Conclusions....................................................................................................................................... 15
CHAPTER 3 – THE METHODOLOGY...........................................................................16
3.0. Introduction...................................................................................................................................... 16
3.1. Research Design.............................................................................................................................. 16
3.1.1. Secondary Research..................................................................................................................................16
3.1.2. Primary Research.......................................................................................................................................17
3.2. Research Approach and Philosophy.........................................................................................18
3.3. Mixed Method Research................................................................................................................19
3.3.1. Quantitative.................................................................................................................................................. 19
3.3.2. Qualitative......................................................................................................................................................21
3.4. Research Sample............................................................................................................................. 22
3.5. Ethical Considerations...................................................................................................................24
III
CHAPTER 4 – THE RESEARCH FINDINGS.................................................................25
4.0. Introduction...................................................................................................................................... 25
4.1. Student Questionnaire.................................................................................................................. 25
4.1.1. Question 2......................................................................................................................................................25
4.1.2. Question 3......................................................................................................................................................26
4.1.3. Question 4......................................................................................................................................................26
4.1.4. Question 5......................................................................................................................................................27
4.1.5. Question 6......................................................................................................................................................28
4.1.6. Question 7......................................................................................................................................................29
4.1.7. Question 8......................................................................................................................................................30
4.1.8. Question 9......................................................................................................................................................30
4.1.9. Question 10...................................................................................................................................................31
4.1.10. Question 11................................................................................................................................................ 31
4.1.11. Question 12................................................................................................................................................ 31
4.1.12. Question 13................................................................................................................................................ 32
4.2. Teaching Staff Interviews.............................................................................................................33
4.2.1. Question 1......................................................................................................................................................33
4.2.2. Question 2......................................................................................................................................................33
4.2.3. Question 3......................................................................................................................................................33
4.2.4. Question 4......................................................................................................................................................34
4.2.5. Question 5......................................................................................................................................................34
4.2.6. Question 6......................................................................................................................................................34
4.2.7. Question 7......................................................................................................................................................35
4.2.8. Question 8......................................................................................................................................................35
4.2.9. Question 9......................................................................................................................................................35
4.2.10. Question 10................................................................................................................................................ 36
4.2.11. Question 11................................................................................................................................................ 36
4.3. IT Administrator Interview......................................................................................................... 37
4.3.1. Current BYOD Policy.................................................................................................................................37
4.3.2. Students using BYOD................................................................................................................................37
4.3.3. Staff using BYOD.........................................................................................................................................38
4.3.4. Alternative Access Methods...................................................................................................................38
4.3.5. Network Infrastructure...........................................................................................................................39
4.3.6. Disadvantages of BYOD at Cardiff Met..............................................................................................40
4.3.7. The Future of BYOD at Cardiff Met.....................................................................................................40
4.4 Conclusion.......................................................................................................................................... 41
IV
CHAPTER 5 – EVALUATING THE IMPLICATIONS...................................................42
5.0. Introduction...................................................................................................................................... 42
5.1. Research Objective 1...................................................................................................................... 42
5.2. Research Objective 2...................................................................................................................... 43
5.3. Research Objective 3...................................................................................................................... 45
5.4. Conclusion......................................................................................................................................... 48
CHAPTER 6 – CONCLUSIONS........................................................................................49
6.0. Introduction...................................................................................................................................... 49
6.1. Research Aim.................................................................................................................................... 49
6.1.1. Objective 1.....................................................................................................................................................49
6.1.2. Objective 2.....................................................................................................................................................50
6.1.3. Objective 3.....................................................................................................................................................50
6.2. Recommendations.......................................................................................................................... 50
6.3. Limitations of the Study................................................................................................................51
6.4. Validity and Reliability of Research..........................................................................................52
6.5. Future Work...................................................................................................................................... 53
References......................................................................................................................... 54
Bibliography..................................................................................................................... 57
Appendices........................................................................................................................ 58
Appendix A................................................................................................................................................ 58
Appendix B................................................................................................................................................ 62
Appendix C................................................................................................................................................. 65
Appendix D................................................................................................................................................ 67
Appendix E................................................................................................................................................. 72
Appendix F................................................................................................................................................. 75
V
Table of Figures
Figure 1. Students using an Internet enabled device on campus................................................25
Figure 2. Network Access Mediums..........................................................................................................26
Figure 3. Range of BYOD devices...............................................................................................................27
Figure 4. Devices used by students simultaneously..........................................................................28
Figure 5. Frequency of non-work related device use within contact time..............................28
Figure 6. Should students be able to access power outlets on campus....................................31
Table of Tables
Table 1. IT Admin Staff interview: Current BYOD Policy................................................................37
Table 2. IT Admin Staff interview: Students using BYOD................................................................38
Table 3. IT Admin Staff interview: Staff using BYOD........................................................................38
Table 4. IT Admin Staff interview: Alterative Access Methods.....................................................39
Table 5. IT Admin Staff interview: Network Infrastructure...........................................................40
Table 6. IT Admin Staff interview: Disadvantages of BYOD at Cardiff Met.............................40
Table 7. IT Admin Staff interview: the Future of BYOD at Cardiff Met......................................41
List of Abbreviations
Cardiff Met Cardiff Metropolitan University
BYOD Bring Your Own Device
CYOD Choose Your Own Device
ECP Electronic Communication Policy
VI
CHAPTER 1 – INTRODUCTION
1.0. Background
Bring Your Own Device (BYOD) use is an increasingly popular method for
organisations to allow users to interact within their network. It was reported in
2012 that their would be a 14% increase in BYOD use amongst small to medium
enterprises, from 49% in 2012 to 73% in 2013 (Fidelman, 2012). As well as this,
a study conducted by Willis (2012) for Gartner Research also suggests that 90%
of companies will allow some form of BYOD use by the end of 2014.
The concept of Bring Your Own Device is a simple one. The Oxford Dictionary
defines BYOD as “The practice of allowing the employees of an organization to use
their own computers, smartphones, or other devices for work purposes” (Oxford
University Press, 2010)
Essentially, a user brings their own computing equipment to an establishment
and connects to the establishments’ internal network in order to utilise the
computing network (intranet, internet and or extranet).
The term BYOD was first coined and used in a publication in 2005 (Ballagas et al.,
2005) and has since been commandeered as a buzzword by the IT community.
The growth of BYOD use within all organisational areas has been exponential in
recent years (Willis, 2012). From multinational corporations employing
thousands of staff, down to small businesses and educational institutions, BYOD’s
reach is free from prejudice and has not been confined solely to the business
sector.
This research study attempts to explore the implications, be it to students, staff
or administration brought about from the increasing use of BYOD within Cardiff
Metropolitan University. A supplementary aim is to unearth a level of knowledge
and relevance so that this research might be deemed useful guidance for the
future development of BYOD within Cardiff Met.
No research could be found relating to BYOD use specifically within the confines
of Cardiff Metropolitan University. As there is little to compare this study against
that is specific to this University, the scope of the discussion recognises this fact.
However, hopefully this current research could be used to help others.
1
1.1. Aims and Objectives
The aim of this research dissertation is to identify the current vulnerabilities
derived from the use of bring your own device (BYOD) within Cardiff
Metropolitan University.
Specific research objectives of this thesis include:
To investigate whether students at Cardiff Metropolitan University believe that
the ability to bring their own device has had a positive influence on their
approach to undertake university work.
To analyse the impact that BYOD may have had on teaching from the perspective
of teaching staff.
To critically access the technical, legal and ethical implications brought about
with the use of BYOD from the university administrations’ viewpoint.
1.2. Project Overview
Chapter 1: The introduction fundamentally defines and lists the project
research question, aim and objectives. Background information regarding
BYOD’s use, as well as definition of BYOD itself is given to insure that readers
new to the topic area have the necessary knowledge to understand the situation
of this research paper.
Chapter 2: The literary review is an in-depth and comprehensive appraisal of
the current literature surrounding the topic of BYOD, as well as several
subtopics. The review is used as a base for primary research to be expanded and
focused upon. It seeks to investigate what similar study has been conduced by
others in the area that can be used towards meeting the research aim and
objectives. Common themes and ideas that are to be identified within the
literature review are highlighted and used in part to centre the research
2
objectives in a continual process. Sources are vetted for bias and reliability and
where conflict or ambiguity becomes apparent personal opinion is offered.
Chapter 3: The methodology assesses options for conducting the primary
research elements of the paper. Discussion is also made surrounding how best to
meet the research aim, and what techniques to use to achieve each objective.
Finally this section lists the specific outcomes for the questionnaire and
interview processes.
Chapter 4: The research findings will be documented in this chapter. The
primary purpose of this chapter is to collate and present the gathered data in
order to complete the research objectives. This will involve quantifying the
primary qualitative and quantitative data, and displaying the data in an easily
identifiable and accessible way.
Chapter 5: Evaluating the implications involves assessing the primary research
data from the previous chapter, the data will then be related back to the
reviewed literature to gain perspective upon the results. The questions devised
as a result of the literary review as well as other applicable questions will be
answered by connecting primary data against them.
Chapter 6: The conclusions chapter will endeavour to find useful meaning from
the results of the study. This section will focus on providing a concise answer to
the research question and will evaluate whether the research objectives were
met. Discussion will be furthered to address the validity and reliability of the
research, and what worthwhile information can be acquired from this study. As
well as this, dialogue will be broadened to discuss the research study’s
limitations, presenting recommendations, and the possibility of future work.
3
CHAPTER 2 – A CRITICAL REVIEW OF LITERATURE
2.0. Introduction
This chapter sets out to appraise several secondary research sources. This will
be done, so to set a base for the primary research (to be discussed in Chapter 3)
to be built upon and notable themes to be analysed against. The review of
current available literature is split in to sub sections, which explore areas that
attribute to the research objectives.
2.1. BYOD in education
It has been reported that increasingly students see technology as paramount and
integral to their education, it has also been stated that 92% of American high
school students have said that technology will be a key factor in the process of
choosing a university (CSW Group, 2012). This statistic potentially shows that if
universities do not adopt new technologies such as BYOD, amongst others, they
could be reducing their pool of prospective students. Many other authors also
point out that the use of BYOD devices is a significant portion of students’ lives
(Clifford, 2012) (Walling, 2012). In fact students are increasingly seeing 24x7
wireless access as a right and not a privilege, and have zero tolerance for a slow
and unreliable network during peak times (CSW Group, 2012).
The role of the teacher/lecturer is changing with the introduction and expansion
of BYOD in to educational institutions, the teacher now plays a role of a manager,
managing the students learning instead of being the direct source of information
(Hamza & Noordin, 2013). This directly interprets into the use of virtual learning
environments such as Moodle and blackboard, which have become the main
source and repository for information delivery to students and supporting the
growth of student-centred learning.
BYOD used in education has been shown to increase student engagement,
students using their own personal devices anywhere and anytime are more
inclined to engage in classroom activities, communicate with faculty, collaborate
with fellow peers and learn how to solve problems with the latest skills. As well
4
as this, 2011 saw an increase of 12% of students using technology as a learning
tool in class from 19% in 2010 to 31% in 2011 (CSW Group, 2012).
2.2. Legal and ethical issues surrounding BYOD deployment
Choose your own device (CYOD), is a variant of BYOD where an institution
produces a list of devices that have been deemed acceptable to be used on the
internal network, a user may choose a device form the provided list and will then
purchase the device. A CYOD protocol may be implemented over a BYOD
protocol where infrastructure doesn’t allow for all types of devices, or where
there is a need for heightened security, as it is far easier to manage a network
over a select range of devices (Finnegan, 2013). The ethics of such deployments
have however been called into question, this stems from the limited prescribed
choice of devices made available to users. In a recent study by Insight Direct USA
(2013) found that 82% of users had to contribute in some way towards device
purchase with 58% having to buy equipment outright themselves.
An emerging sister concept to BYOD is virtualisation. Virtualisation allows any
computer that can connect to a network to have equal computing power, as
applications, processing and storage are completed and conducted on centralised
servers, with clients connecting to a ‘virtual’ desktop.
Virtualisation allows users with old out-dated equpiment to preform the same
tasks as those with more up to date and current technology, and so is free from
prejudice and allows access for all (CSW Group, 2012).
However there are some drawbacks to the use of virtualisation, the cost of
purchasing all of the backend equipment capable of running virtualisation
programs is a major factor, as well as infrastructure amendments that may need
to be put in place. As well as this, there is a single centralised point of failure
attributed to this type of installation (Nash Networks Inc, 2009). Having said this,
aside from the initial cost and issues, a good deployment can provide a high
return on investment as cost attributed to maintaining non-virtualised
equipment and platform is vastly reduced (Avanade Inc, 2009).
A compromise must be struck between the needs of the users and the needs of
the provider. As illustrated above a typical CYOD application is more suited
5
toward the needs of an organisation in terms of cost and maintenance, whilst
virtualisation is more suited to the needs of the user in terms of equality but is
more costly for an organisation to implement. A simple BYOD installation seems
to offer a well-balanced scenario for both user and provider.
As previously mentioned, there are some instances where BYOD can
disadvantage users whom don’t have access to or cannot afford to purchase the
computing equipment needed to partake in BYOD (Hayes, 2012), BYOD may
open up an ‘uneven educational playing field’ which may lead to discrimination
or bullying of poorer students (Faas, 2012). Dixon and Tierney (2012) also
debate the inclusivity of BYOD, stating that BYOD neglects to allow for self
directed learning and does not provide students with the best tool for the job but
rather what their families can afford.
However, interestingly Maddem et al (2013, p.2) found that people in groups
that are classified as lower socioeconomic are just as probable and in some cases
more probable than those from higher income and educated backgrounds to use
their smart devices as the primary point of access to the Internet, which could
directly attribute to BYOD use.
This inequality has been documented by many authors and dubbed as the
‘digital-divide’, a case has been made by the CSW Group (2012) to see whether
computer labs are out-dated and are not a necessity in this modern age. As well
as similar findings to the concerns outlined above, it was noted that students in
technical fields of study, such as engineering, the sciences, mathematics,
architecture and finance may not be able to afford he specialised applications
that they are required to use. Under normal circumstances academic
departments provide such applications in computer labs. It is also pointed out
that the physical space of a computer lab allows for better collaboration and
socialising, and that some people just prefer to work in environment that actively
promotes work, with equipment that has more, better or different features than
their own.
From these findings it is apparent that BYOD should not be seen to totally
replace traditional computing resources in an educational setting, since there are
many scenarios that require the use of said resources. The retention of formal
6
computing resource capacity could go someway to ensure equal access to all
users.
One of the legal issues surrounding the use of BYOD is the liability for any data or
device that is lost, stolen, corrupted or infected, whilst connected to the internal
network. Currently there is no definitive law ruling the area of liability
surrounding BYOD use, however having said this institutions predict that cost for
data security breaches will increase by 54% in the next two years and that 40%
of respondents prioritize establishing data loss liability coverage (Dahlstrom et
al., 2013). These findings seem to suggest that even though the law is on neither
the users or providers side, organisations are investing in ways to protect
themselves, even if policies stipulate that no liability can be held against the
provider. Consideration also needs to be made towards any data that is held
about particular users on the network under data protection laws.
2.3. Network administration decisions relating to BYOD distribution
In a recent study reported by CSW Group (2012) conducted at the University of
Tennessee, Knoxville, it was found that 9,700 staff and faculty members and
27,500 students had registered 75,000 devices for use on the university’s
wireless network, this collated to 2.1 devices per user. According to Dahlstrom et
al (2013) the average user-device ratio between faculty members and students
was 3 devices in 2013, this study also showed that this ratio had the potential to
increase further in the future, therefore institutions need to accommodate this
increase by having sufficient bandwidth and coverage.
Students expect to be able to access a course management systems on their
laptop one minute and their mobile devices the next, universities need to be able
to accommodate these differing form factors and “mobile-enable” campuses. It
has been shown that campuses are moving forward but progress is slow (CSW
Group, 2012), and 38% have made no progress in the area (Dobbin et al., 2011).
As disused in earlier sections, a lack of BYOD accessibility could prove a
detriment to an institution.
Many authors pose the question, ‘will your wireless network cope’. For example
Alberta Education’s (2012) guide to BYOD deployment poses key questions
7
about the readiness of an institutions infrastructure, such as knowing the
projected requirements of students and staff members, the current wireless
configuration and capacity, whether the network can be managed centrally, and
the projected rate of growth for BYOD adoption. Robinson (2012) also advises
educational establishments to ensure that hardware and software systems are
sufficiently prepared to handle scenarios such as sudden influxes in IP address
allocation, with all the newly connected devices. Another consideration is how
will the increase of devices accessing the network at once affect bandwidth, and
fundamentally ensure that the current network is appraised to judge whether
BYOD is going to enhance and not degrade access.
It seems that extensive research needs to be conducted before BYOD is deployed
to gauge the uptake and demand on network infrastructure, failure to so could
result in a wireless access points or servers being overloaded with unexpected
demand, which could potentially effect other users whom are using traditional
personal computers and could possibly compromise data.
When considering BYOD implementation it seems that reliability, ease of use and
effectiveness are very important factors, cost and ability to provide data for
analytics also being important (Grama & Grajek, 2013). Universities and other
educational establishments should take these considerations in to account when
applying BYOD practices.
Some may think that BYOD infrastructure only reaches to the boundary of the
internal network, however this is not always the case. As users are encouraged to
bring an assortment of devices, and as resources become available on many
different form factors such as smart phones, consideration must be made for the
cellular networks that cover a university campus. This is as, although the
wireless network services provided by an institution may be excellent, such
networks simply cannot accommodate for the SMS and voice traffic from mobile
phones that use legacy protocols such as GSM, GPRS or 3G services. A recent
report found that 88% of academic institutions surveyed had adequate outdoor
coverage on campus, reducing to 78% for indoor coverage, the disparity between
8
these figures could be attributed to the buildings interfering with the cellular
radio signal for example (Dahlstrom et al., 2013). Nevertheless, users expect and
in some circumstances actively require coverage on campus, yet, for the most
part improving cellular coverage is easier said than done as coverage is often
determined and controlled by network operators. Even if infrastructure
improvements are made they may not increase coverage for all networks.
Dahlstrom et al (2013) has found that 81% of institutions are motivated in some
part by the promise of cost savings brought about with the introduction of BYOD.
However, further research poses the question whether BYOD can cost more than
it saves. Their research has presented a figure that shows financial impact BYOD
has had on IT Budgets in three key areas, devices, infrastructure and services in
the past two years and in the coming two years. The cost of an institutions device
budget has reduced and is set to reduce in the next two years as would be
expected when personal devices are used in place of institution provided
resources, conversely the cost of infrastructure amendments and improvements
and the cost of IT services has been and is set to continue to rise within the next
two years. This research suggests that cost saving benefits commonly associated
with BYOD should be viewed conservatively.
2.4. Security Considerations with BYOD
Recent research at the University of Liverpool has demonstrated that Wi-Fi
networks can easily be infiltrated by a virus that moves through densely
populated areas, the computer virus has been observed to spread much like the
movement of the common cold virus through a crowd of people (Curtis, 2014).
Considering the vulnerability of densely populated networks, such as those on
campus, it is clear that there could be genuine concerns regarding the security of
BYOD implementations.
Security is one of the main points of contention when it comes to BYOD
implementation, management and development. It was reported in an article by
Hayes (2012) that 74% of organisations reported that they had no process or
9
procedure for tracking the moment of files on to third party cloud collaboration
and storage services, instead relying upon users to abide by the BYOD policies
that are in place. Although, Johnson and DeLaGrange (2012) found that 38% of
study participants didn’t have any formal BYOD policy in place whilst still using
personal devices, this statistic is even more shocking when viewed against the
further research that 97% of study respondents viewed implementing a mobile
access and security (BYOD) policy in to their overall security and compliance
framework as important, but yet have not acted. This research shows that in
some institutions there is still a laissez faire attitude toward clear BYOD policies,
it could be said that BYOD policies are the main line of defence for protecting the
security of a network by anticipating that users will abide by them, this is as
systems needed to actively monitor BYOD users require extra expense and
operating personal making them unviable for smaller organisations.
Dahlstrom et al (2013) have preformed extensive research in to the area
surrounding mandated security training for BYOD users and facilitators, they
have found that administrators, faculty and other employees have had the most
security training as would be expected, however only 35% of students had some
sort of security training. I could be said that if security training were more
widespread amongst the majority of BYOD users in educational institutions, it
could lessen and alleviate some of the security risks highlighted surrounding
BYOD use, through teaching data storage risks, how to avoid security breaches
and how to correctly separate work and personal usage.
Best practice approaches are developed to enable IT administration to best
implement a safe BYOD approach, they include policy considerations and
techniques that could be implemented to help secure the network and mitigate
risk. Many authors have published best practice protocols for BYOD
implementations (CSW Group, 2012), (Gatewood, 2012), (Dahlstrom et al., 2013)
these practise include, ensuring devices are password protected, having
protocols in place for reporting lost and stolen devices and understanding the
possibility of remote wiping lost personally owned devices. More forward
thinking and secure initiatives focus on protecting the network from the devices
10
and their users, for example requiring every device to be pre-registered and
utilising two factor authentication where the device and user are checked against
each other before being allowed access, and also requiring a signature or
timestamp to verify the users understanding of network policies.
Although, protocols for reporting lost and stolen devices, as well as the ability to
remotely track and disable devices are aimed at organisations whom need to
recover sensitive information, it could also be useful in an educational
establishment, for example retrieving or securing information on staff members
lost or stolen devices, or to aid the recovery of students devices. Other initiatives
could insure stringent security on a network and ensure liability is directed to
the users. However, these initiatives may require more manpower or cost which
could hamper their viability. As well as this, requiring every device to be
registered against a user before being allowed access could also discourage users
from using BYOD.
2.5. The misuse of BYOD
The misuse of BYOD is a constant threat to institutions trying to safeguard their
users and infrastructure, whilst promoting a good working environment. The
misuse of BYOD ties in heavily with the previous section reviewing security
concerns, this is as certain types of misuse may cause damage to the network or
its infrastructure.
CSW Group (2012) reports that the introduction of BYOD could potentially see
wireless networks used for non-academic purposes, being instead used for
streaming movies or social networking for example. Using wireless networks for
such purposes could potentially be bandwidth intensive and so could limit the
availability of the network for other users wanting to make legitimate use of it.
Network administrators could implement a ban and block approach preventing
students accessing non-academic sources, however this may be more suited to a
school environment where students are younger. University students may not
11
agree with such an initiative, as they pay tuition fees. A more viable option is to
allow students to access such content out of teaching hours but this again may
not be received well.
A concern that has been voiced by many within the education profession, with
regards to the introduction of BYOD, is that it potentially poses a distraction
when devices are used during teaching time (Evans, 2012) (Walsh, 2013). If
students are not wholly focused on the teaching staff, choosing instead to play
around on their devices, they could potentially miss vital parts of a lecture or
seminar. Further to this, the use of such devices may even facilitate a way of
bullying during contact time. Restricting network access cannot always prevent
distraction from occurring as users may already have downloaded content such
as games that could easily distract them, as well as having other methods of
connecting to the Internet such as 3G and tethering. Device misuse and
distraction has lead to some teaching staff imposing an outright ban on devices
during contact time, this however can penalise those users that legitimately use
them and benefit from doing so.
A recent study including three schools that had recently introduced BYOD, found
that despite the apprehensions and fear of many before its introduction, BYOD
attributed to no substantial cataclysms involving discipline, media or education
(Ray, 2013). These findings could potentially mean that administrators and any
other concerned party may be overthinking and overstating the concepts pitfalls.
2.6. Current Cardiff Metropolitan network and BYOD policies
Earlier sections of this literate review and highlight briefly the importance of a
BYOD policy within business and education. This section looks to appraise the
current BYOD policy that is currently in place at Cardiff Met, comparing and
contrasting its sections and clauses with those from similar institutions.
It is not uncommon to find BYOD sections implemented in to an existing network
policy, instead of producing a separate autonomous BYOD policy. This is indeed
the case with Cardiff Metropolitan University, as all policies relating to use of
12
provided resources and any electronic communication device is governed under
single consolidated electronic communication policy for students and staff.
Having said this, the Cardiff Met Electronic Communication Policy, first published
in April 2001 and revised to version 5.3 in November 2013 (Riley, 2013) does
seem quite limited, short and succinct when compared to other policy wordings
from similar academic institutions, such as the University of East Anglia and
Cardiff University (SPC ISD, 2013), (Cardiff University INSRV - Information
Services, 2013). It could be said that a comparison between universities of
differing sizes and needs is unfair, yet a policy needs to be rigorous no matter the
size or conditions of an institution.
This brevity is made more apparent when it is taken in to consideration that the
policy covers all electronic communication within Cardiff Met. This includes
personal equipment use, data ownership and general network regulations. As
well as this, the policy is identical for both staff and students, whom have
differing needs, expectations and regulatory rights.
In other academic institutions, separate policy wordings are used for areas
regarding BYOD use, general Network usage and Communications for example.
Also to mitigate ambiguity the policy statements relating to students and or staff
members are clearly identifiable (Cardiff University INSRV - Information
Services, 2013), (Cope, 2005).
It is observed that many of the hyperlinks embedded in to the policy wording,
that direct readers for further in-depth explanations and guidance are not
functioning properly. Links to further reading into topics varying from guidance
for use of email and social networking, to equipment and data disposal
procedures are leading readers to be directed to missing or out-dated intranet
pages, a few even requiring high level authentication (Riley, 2013).
CSW Group (2012) have published guidelines that organisation administration
can follow to facilitate the increase of BYOD use, one of the statements suggests
that IT administration must assist their users in accessing BYOD networks on a
range of platforms, devices and operating systems.
13
Cardiff Met have already addressed this potential issue by issuing ‘5 Minute
Guides’ for a range of devices and operating systems, they can be used by staff
and students to gain access to the university ‘MetWiFi’ service (Cardiff
Metropolitan University , 2014).
However following these guides to connect to ‘MetWifi’ or any other university
network creates a possible contradiction of the policy terms, this is because
policy clause 5.2.3 states that no equipment may be connected to a university
network without the prior agreement from the head of information services. This
means that following the ‘5 Minute Guides’ produced by Cardiff Metropolitan by
the letter, could potentially in turn breach the policy wording of the electronic
communications policy, as no mention is made to gain prior agreement before
connecting devices (Riley, 2013).
Further to this, to be able to completely enforce such a policy would require vast
administrative effort, including extensive record keeping and other labour
intensive administration duties. Unless presumed consent is given when
agreeing to the policy or enforcement efforts are made, the integrity of the 5.2.3
policy clause is to be debated. This point further enforces the need for a strongly
worded and feasible network policy when deploying BYOD.
In many ways Cardiff Metropolitan’s communication policy wording is much the
same as other institutions. Generic wording and policies are used that appear in
many other polices from similar bodies. For example clauses such as 4.2 stating
that Cardiff Met will not be liable for any damages, costs or losses arising from
the use of their services, however excluding liability in the event or personal
injury or death, and also 5.2.1 stating that passwords and usernames should not
be shared or divulged under any circumstances. Similarly worded polices can be
found in the University of East Anglia’s policies (University of East Anglia, 2013).
For the most part Cardiff Metropolitans Electronic Communication Policy is
sufficient, though as has been documented in this section, this is not always the
case.
14
2.7. Conclusions
This section has focused on conducting an in-depth review of the available
literature surrounding the use of BYOD and its use within academic
environments. Prominent and recurring findings from the literature review will
be amalgamated to produce a set of questions to pose against the findings from
the impending primary research, these are set out below.
Do students now see BYOD as a right not a privilege?
Has the introduction of BYOD effected teaching?
Is there a possibility of introducing virtualisation and or CYOD in Cardiff Met?
Do Cardiff Met students and staff members believe that BYOD can potentially be
disadvantaging non-users?
Will BYOD effect the availability of permanent IT resources?
Can Cardiff Met keep up with the demand of more student and staff devices?
Has BYOD in Cardiff met proved cost saving or costly?
From the perspective of students and staff members, is using BYOD safe at
Cardiff Met?
Does Cardiff Met employ any ‘Best practice’ Approaches?
Are wireless networks being used for non-academic purposes?
This thesis aims to identify vulnerabilities of BYOD use solely within Cardiff Met,
however future researchers potentially could use it as a comparison for other
academic institutions.
A risk that has been identified in the literature review is the restricted access for
reviewing texts applicable to the final section of the literature review. However it
is thought that this restriction has not limited research substantially.
15
CHAPTER 3 – THE METHODOLOGY
3.0. Introduction
This chapter assesses the relevant methods and methodologies surrounding the
use of primary and secondary research elements of this thesis. Suitable
explanation will be made as to how individual methods and methodologies, as
well as primary research outcomes will aid towards the accomplishment of the
research aims and objectives.
3.1. Research Design
A research design is defined as ‘the road map that you decide to follow during
your research journey to find answers to your research questions’ (Kumar, 2011,
p.120). Choosing a research design that is relevant and applicable to the research
aims and objectives can be a difficult procedure (Kumar, 2011) (Cooper &
Schindler, 2010). The methods and methodologies should be decided before
research commences, this insures a successful end result for the project. A
methodology is defined as the explanation of all of the methods used in a study,
stating how they will aid a researcher to achieve the final aim and objectives.
The methods however, are the techniques used to conduct research, gather and
analysis data, whether by qualitative or quantitative means. All of the different
methods compile to form the methodology of the research as a whole (Cottrell,
2008). Both primary and secondary research was employed to gather data that is
relative to the research objectives.
3.1.1. Secondary Research
The secondary research was conducted via a literary review, this was to gather
theories, thoughts, reports and studies that have been conducted previously. The
literary review centred on collecting information by various authors and sources
regarding the use of BYOD in education and its associated vulnerabilities.
Individual sections of the literature review corresponded to the viewpoints of
BYOD’s impact on students, teaching staff, and information technology
administrators. As discussed previously the topic surrounding the use of BYOD is
relatively new, further to this there has been no published academic research
surrounding its use within Cardiff Met.
16
Accordingly, the use of relevant up to date sources such as journals, reports and
articles was crucial (Fisher, 2007). A great deal of formal reports published by
education authorities, including current policies were used along with reports
published by large research organisations. Books were used infrequently to gain
perspective on long standing issues with the BYOD concept and IT
administration in general. However, sources such as books could not offer
information, such as the latest technological trends and issues, these were
sourced from professional news corporations such as the BBC and The Guardian.
The literary review goes part of the way to fulfilling all of the research objectives,
this is as it forms a base of relevant knowledge for comparison against the
results and conclusions from the primary research. Fundamentally, being able to
compare how Cardiff Metropolitan stacks up against other educational
establishments in terms of BYOD usage, goes some way to fulfilling the research
objectives.
3.1.2. Primary Research
Secondary research acted as a foundation to which primary research is built
upon, further to this the primary research acted to shift the focus from BYOD’s
use and vulnerabilities in education generally to a much more specific view of
use within Cardiff Met.
Two primary research variants were used, an online questionnaires for students,
and both semi-structured interviewing for teaching staff and an IT administrator.
The primary research aims to attain relevant data that once processed will be
able to fully answer and conclude the research aims and objectives, specifically
each primary research data collection technique coincides with an appropriate
research objective. The online student questionnaire attempts to gather relevant
data for assessment to accomplish the research objective, to investigate whether
students at Cardiff Metropolitan University believe that the ability to bring their
own device has had a positive influence on their approach to undertake
university work.
The semi-structured interviews held with two teaching staff members’ attempts
to provide suitable data to complete the objective, to analyse the impact that
BYOD may have had on teaching from their perspective.
17
Similarly the semi-structured interview with an IT administrator endeavours to
achieve the final research objective, to critically access the technical, legal and
ethical implications brought about with the use of BYOD from the administrative
viewpoint.
The overall research aim, to identify the current vulnerabilities derived from the
use of bring your own device - BYOD within Cardiff Metropolitan University, is to
be reached through the use of both primary and secondary research sources.
The following section will detail and justify the methods selected to conduct
primary research.
3.2. Research Approach and Philosophy
The core philosophical approach that was used to conduct research in this study
is phenomenology. A phenomenological study is a subjective view and is defined
as ‘the way in which we as humans make sense of the world around us’ (Saunders
et al., 2007, p.107).
Considering BYOD use is somewhat of a ‘phenomenon’ today, it was determined
that a phenomenological research philosophy was appropriate and fit with the
study. Phenomenology is encompassed under qualitative research, which in this
research aims to find, ‘what’ vulnerabilities have been discovered surrounding
BYOD use in Cardiff Met and ‘how’ this effects, student, teaching staff and
university administrators. Realistically speaking the research is not defined
under a single philosophy area, but instead is comprised of a couple of them,
dependent on the types of research undertaken (Saunders et al., 2012).
Consequently, to obtain a more refined evaluation of the current state of BYOD in
Cardiff Met, the positivism philosophy was also used in this study. Positivism is
typically associated with quantitative research due to its logical and
mathematical nature, and so will be utilised to curate the data obtained from the
student questionnaires (Veal, 2005).
Further to this, grounded theory was used during the secondary research phase.
Grounded theory is the discovery of concepts and ideas through the analysis of
data, this means that prior literature was assessed and common themes that
were discovered can be used to compare against the primary data (Glaser &
Strauss, 2012) (Veal, 2005).
18
Once appropriate philosophies had been selected, the subsequent stage was to
choose the approaches that would be used conduct the research.
There are two main research approaches that can be used by a researcher these
are inductive and deductive. Deductive research seeks to test existing founded
hypothesis, whilst inductive research aims to create a conclusive theory from a
researchers analysis of findings (Saunders et al., 2009). Using a deductive
approach can be quite limiting, this is because there is a strict methodology and
research only aims to test existing theories, this in turn leaves little chance for a
researcher to foster and create there own ideas (Saunders et al., 2012). For this
reason an inductive approach was used in this research, since it allows a
researcher to cultivate their own theories and observations from the data
collected and analysed, and also allows the possibility to expand existing
hypothesis (Yin, 2003).
3.3. Mixed Method Research
Quantitative and qualitative are the two main research methods used by
researchers to collect and analyse data. Quantitative research is focused on more
scientific, measurable and mathematical results that be easily related between
exiting theories and data collected from participants’, whereas qualitative
research strives to collect and analyse data surrounding participants’ opinions
and views on a specific subject or phenomenon (Veal, 2005). Formally authors
generally apposed the mixture of the two research methods, though gradually it
has become an acceptable method, even with some authors stating it may lead to
higher quality research outcomes (Creswell & Plano Clark, 2011) (Veal, 2005).
Further to this Creswell & Plano Clark (2011, p.12) state that ‘the combination of
strengths of one approach makes up for the weaknesses of the other approach’ and
so to conduct research for this study, a decision was made to use a mixed method
approach to gather the primary research data, using the qualitative approach to
conduct interviews and a quantitative approach to conduct an online
questionnaire.
3.3.1. Quantitative
Quantitative research techniques ‘focus on the relation between a set of variables,
and employ reliable, standardized operational definitions of the variables studied’
19
(Silverman, 2010, p.388). Quantitative research techniques were used in this
study to enable the collection of data surrounding the thoughts and perceptions
students held around BYOD.
Measuring patterns and creating ideas gathered from the data, will assess the
perception and usage of BYOD by students. Furthermore, a statistical analysis
will show the disparity between students using BYOD in Cardiff Metropolitan.
3.3.1.1. Questionnaires
The questionnaire was conducted as a survey, it was designed online using the
proprietary service smartsurvey.co.uk and embedded on to the authors website
lloydmatthews.co.uk.
On the website participants had to navigate through a participant information
page and also click agree to a participant consent page before being allowed
access to the questionnaire pages. The link to the website was shared on various
social networking websites to the target demographic of Cardiff Met students.
This method successfully brought fifty participants.
With the number of respondents the research was hoping to attract it would not
have been feasible to conduct interviews for individual students as it would
waste their time, not to mention the time associated to transcribing and
quantifying. As well as this, paper-based questionnaires were ruled out due to
distribution concerns and so online questionaries’ were chosen as they offer ease
of distribution to students globally. The questionnaire was fifteen questions in
length and was a combination of open and closed questions, however most were
closed. Questions began relatively simple, inquiring about basic student BYOD
use, progressing to more complex open-ended questions that allowed
participants to share specific views, although this was not mandatory. Research
questions were modified throughout the primary research phase to allow for a
knowledge gained from the literary review and an increased understanding of
the issues (Blaikie, 2009).
3.3.1.2. Open and Closed-ended questions
As previously noted, in order to gather qualitative data of the opinions and more
specific views from students, some open-ended questions were used in the form
of a comments box after a closed-question. Only five comment boxes were used
20
as respectively qualitative data takes more time to analyse, as well as this the
research was constrained by time which further limited the amount of
qualitative responses that could be analysed. Furthermore, participants tend to
prefer closed-ended questions, as they can feel unable or reluctant to covey
opinions when answering a survey. In turn, closed–ended questions can
guarantee a greater response rate from a sample (Veal, 2005). Additionally, the
nature of closed-ended questions being quantitative means that results can
easily be presented, analysed, and compared, whilst open-ended questions
require processing and coding to interpret meaning (Silverman, 2010).
However, open-ended questions allow participants to state there own opinions
and views, which is impossible through the use of closed-ended questions
(Bryman, 2012). A mixture of both open and closed-ended questions allows for a
diversified and mixed feedback whilst still retaining ease of processing.
3.3.2. Qualitative
Qualitative research is often deemed as interpretative research, this is as
qualitative research methods aim to gain understanding through comprehensive
explanation and examination (Silverman, 2010). With a small sample population,
qualitative research can be found to generalise the analysis and findings of
gathered data, this can be seen as a flaw. For this reason, it is essential that
instead of generalising the sample population, the theory should be generalised
against the qualitative outcomes, to insure no primary data is overlooked
(Bryman, 2012) (Saunders et al., 2012). Qualitative research delivers the
researcher a profounder understanding and perception of the topic. In this
research, the method will gather the thoughts of the teaching staff and university
IT administration on how the introduction BYOD has impacted them, this will be
done by way of an interview. Additionally, the questionaries’ circulated to
students contains some open-ended questions, that will gather supplementary
qualitative data.
3.3.2.1. Interviews
The interviews were conducted to gauge opinions from teaching staff and IT
administration surrounding the use of BYOD in Cardiff Met, including benefits
and drawbacks. This was in order to triangulate research from students, teaching
21
staff and administrators to insure validity (Veal, 2005). Two teaching staff
members were interviewed along with one senior information technology
administrator. Interviewing two teaching staff members insured that a varied
perspective was documented, whilst only one IT administrator had to be
interviewed as the questions focussed more so on the university’s stance, facts
and polices rather than personal opinion. When conducting research with a
phenomenological approach, it is imperative that applicable interview questions
are asked, as participants must describe the aspects of their knowledge to insure
accurate results (Saunders et al., 2007). For this reason, a semi-structured
interview approach was implemented for all interviews. This meant that a
standard set of questions was posed to the teaching staff, with the IT
administrator having a separate set, with the ability to talk around the questions
if needed, to gain more in-depth knowledge.
Some of the questions posed to the IT administrator had already been answered
after scrutinising the current network policy during the literary review, this
saved time in the interview as the researcher could strike through the questions
that had already been answered, and ask only relevant questions. These changes,
along with all interview material can be seen in Appendix E.
Interviews were held with the general objective to achieve a genuine account of
person’s experience, and as Silverman (2010) suggests, using open-ended
questions provides the greatest effectiveness to do so.
3.4. Research Sample
All research objectives will be conducted within the confines of Cardiff
Metropolitan University. This is because it will be easier to obtain research from
students and staff members that attend a single university in respects of travel,
workload and simplicity. If the research were to sample ‘welsh university
students’ for example, research would need to be conducted around multiple
welsh universities, which could prove difficult to facilitate and complete.
Localising the research to within Cardiff Met could also create valuable results
that could be utilised by the university, as BYOD is such a current and expanding
area.
22
It is essential to clearly define a sample populace in which a researcher plans to
investigate, however a researcher will have to be content with a sample of a
population (Morris, 2009). In this study fifty students, two teaching staff
members and one member of the information technology administration staff
have been sampled, a sample that the researcher believes to be achievable yet
rounded, as for example there are around twenty five students to one lecturer.
This emphasizes Oppenheim (1992) who suggests that a sample size is not
essential, yet the accuracy of the sample is vital.
One of the sample populations are students, to be evaluated by form of an online
questionnaire. Students are thought to be easily accessible as research is being
conducted within a university, and the author of this thesis is a student himself.
Nonprobability sampling was used to attain the sample group of students needed
to complete the online questionnaire, nonprobability was chosen over other
methods due to the limited time and resources available (Saunders et al., 2012).
Snowball sampling was used to gain the number of respondents required for the
student questionnaire. An Internet link was shared to the questionnaire on a
social networking website, as well as this the researcher asked their university
cohort if they would complete a copy. From this initial involvement the
respondents passed on the questionnaire to their friends on social media and
through word of mouth, gaining more respondents as it progressed, like a
‘snowball’ effect. Once fifty respondents were achieved the online questionnaire
closed automatically to new respondents.
Snowball sampling has been shown to be somewhat prejudiced as people with
more social connections have an unspecified but greater chance of selection,
although as highlighted above due to research limitations this method was
chosen as it offers quick distribution and gathering of data (Berg, 2006).
For convenience, the teaching staff candidates were chosen as they had a prior
teaching relationship to the researcher, and so could be easily contacted and the
interviews conducted. This could be seen again as biased research, but as
impartial questions were asked and the researcher voiced no personal opinions
this risk is negligible.
Through coordination with technical support staff an interview was arranged
with a member of the Information Technology administration.
23
These methods gained a variety of participants, to reach the research aims and
objectives of this study.
3.5. Ethical Considerations
All studies should critically consider their ethical implications, especially those
whom conduct primary research elements. This statement is comprehensively
reaffirmed by many authors, Bryman & Bell (2011), Saunders et al (2012),
Silverman (2010) and Veal (2005), whom all state comparable arguments
suggesting that preceding research the ethical impact of any primary research
should be investigated and assessed thoroughly.
Diener and Crandall first published their work regarding ethics in 1978, later
cited in Bryman (2012), they outlined in to four categories the main issues that
raise ethical concern: Absence of informed consent, intrusion of privacy, harm to
involved participants, and deception of participants.
Consequently, in the interest of the participants, researcher and institution it is
vital to avoid any ethical breach, through having a good comprehension of the
guidelines provided by the relevant institutions, in this case Cardiff Met (Bryman,
2012).
It was of paramount importance that prior to the commencement of any primary
research involving sample participants, that ethical approval was granted.
Approval was obtained from the Research Degrees Committee within the Cardiff
School of Management at Cardiff Metropolitan University, a copy of the Ethics
form that was submitted to the committee and granted approval can be found in
Appendix A, B and C.
It was important that participants of the research fully understood the study
they were to partake in, for this reason for both interviews in hard copy and
online for questionnaires, participants were given a brief explanation of what the
study entailed along with the research objectives and how their data would be
stored and handled. As well as this participants had to agree to a consent form
that outlined the anonymity and confidentiality procedures of the research, it
was reinforced to participants that they could retract from the study at any time
without consequence, and that stringent safeguards were in place to secure all
data that was gathered.
24
CHAPTER 4 – THE RESEARCH FINDINGS
4.0. Introduction
The purpose of this chapter is to collate and present the gathered primary data
in order to fulfil the research objectives. The following section sets out to present
the findings from the primary research, this includes the student questionnaire,
teaching staff interviews and IT administrator interview.
4.1. Student Questionnaire
An online questionnaire was used to gauge the opinions of students toward the
use of BYOD. 50 Cardiff metropolitan students, across the five university schools
successfully completed the questionnaire. This associates with the first question,
that checked that participants were Cardiff Met students, yet had no significance
or relevance to the study aside from providing a means of checking the sample
population. A full record of the anonymised responses to the questionnaire can
be found in Appendix F.
4.1.1. Question 2
From the 50 students questioned 48 of them (96%) used a personal device
within the university grounds, further to this 28 (56%) used said devices daily
and another 13 (26%) using devices frequently. Figure 1 below shows the
responses to the question of BYOD use within the university campuses’.
Daily Frequently Sometimes Never
28
13
7
2
Q2. Students using an internet enabled device on campus
Students using BYOD
Figure 1. Students using an Internet enabled device on campus
25
4.1.2. Question 3
The third survey question endeavoured to discover the medium in which
students connected their devices. It was reported that 44 students (88%) used a
university affiliated network (MetWiFi, Eduroam), or a mixture of both
university network and personal data service. With 4 students (8%) only ever
using a personal data service, such as a 3g dongle, integrated SIM, tethering etc.
Below figure 2 shows the trend of device connection mediums.
33
2.5 411
Q3. Do you connect your device(s) to a university affil-iated network
Student Response
Figure 2. Network Access Mediums
4.1.3. Question 4
The fourth survey question assessed which were the most common device(s)
used for BYOD in Cardiff Met. 25 respondents (50%) use an iPhone or iPad, 17
(34%) use Android smartphones or tablets, and a further 6 (12%) use
Blackberry smartphones or tablets. As well as this, 29 students (58%) utilise
windows laptops and another 7 (14%) employ Apple Macintosh. Additionally,
there were two students where the question did not apply, and so they
responded N/A, figure 3 on the next page shows a breakdown of these
responses.
26
iPhone/iP
ad - 5
0%
Android
Smar
tphone/
Tablet
- 34%
Blackber
ry Sm
artp
hone/Tab
let - 1
2%
Win
dows Lap
top - 5
8%
Macin
tosh
Lapto
p - 14%
N/A - 4
%
Other
- 0%
25
17
6
29
7
20
Q4. Range of devices owned by students
Students
Figure 3. Range of BYOD devices
4.1.4. Question 5
Question five examined how many devices students connected to the university
networks at any one time. 20 students (40%) use two devices at any given time,
17 students (34%) use only one device at any one time, and 11 (22%) use three
devices simultaneously. These figures are reflected in figure 4 on the next page.
27
1 Device 2 Devices 3 Devices N/A
17
20
11
2
Devices used by students simultaneously
Devices used by students
Figure 4. Devices used by students simultaneously
4.1.5. Question 6
The sixth question was to identify how many students used personal devices
during contact time. 40 out of the 50 students (80%) professed to using their
device(s) during teaching contact time. From those 40 students, 25 (62.5%)
answered yes when asked if they used them to complete or aid work during
contact time, and a further 15 students surveyed (37.5%) answered no.
45%
48%
8%
Q6b. Students Accessing Non-Work Related Content Within Contact Time
AlwaysSometimesNever
Figure 5. Frequency of non-work related device use within contact time
28
The final part of question six, shown in figure 5 on the page prior, addressed the
frequency of non-work related device use within contact time. As can be seen
from the pie chart, the amount of students admitting to using their devices for
non-academic purposes during contact time is substantial, accounting for 93% or
37 of the 40 students who utilise BYOD during contact time.
4.1.6. Question 7
Question seven asked students, if in their opinion could BYOD disadvantage
students that cannot access personal devices and have to use university provided
resources. 42 of the 50 students (84%) answered yes, with only 8 (16%)
answering no. Further to this, students were asked to comment on the question,
providing a more in-depth explanation to their answers (although this was not
compulsory, for reasons cited in Chapter 3 – The Methodology).
Positively, 2 students out of the 21 who commented, suggested that the
university provided computers are ‘good enough’ to do work and suitable to
complete all tasks/work assigned by tutors. Furthermore one person
commented that, the ability to use BYOD will free up university resources for
those who are unable to access personal devices.
However negatively, 9 individuals cited the availability of university resources as
a disadvantage, they stated that during peak times such as midday and during
teaching hours, the learning resource centre at Llandaff can be full. As well as
this, remarks were made to the speed of the computing machines at peak times.
5 individuals mentioned that snobbery between users of BYOD is an issue, along
with students whom don’t use them or cannot afford them, feeling excluded.
Two comments pointed out that there is a lack of specialist software such as
Microsoft Visio, on all university computers, which impedes where and when
work can commence.
A theme pointed out by one student, is that if library resources are not
maintained, and the fact that all dissertations that previously were a physical
media are now accessed through Dspace, it could potentially limit access to
students not using BYOD, as network access is required to obtain a previously
physical media.
29
Another point stated by one respondent, was that in the scenario where lecturers
are moving quickly through a slideshow presentation, users with BYOD can
access learning material at there own pace whereas a non BYOD user could have
to rush to note everything down.
4.1.7. Question 8
The eighth question endeavoured to discover if students believe that there are
any safety concerns or considerations when using BYOD on campus. 35 out of the
50 students (70%) answered yes, believing there are safety concerns, whilst 15
(30%) answered no.
One person stated to the effect that there was no safety concerns, commenting
‘that’s silly’.
Aside from this the remaining 18 comments highlighted apparent safety
concerns. 15 respondents highlighted theft or loss of device or data as a safety
concern, from this 6 students also added that they were unsure who would be
liable for damages, some siding against individual liability and some toward the
university.
4 students were concerned with adequacy and consequences of the network
infrastructure being infected by a connected BYOD device. However, one student
was confidant that the university security systems could accommodate for these
kinds of risks.
4.1.8. Question 9
Question nine asked students if they were aware that BYOD devices are subject
to the university’s network policy, when connected to the university networks.
Only 7 out of the 50 students (14%) answered yes to knowing about these policy
conditions, whilst 43 (86%) answered no.
9 respondents commented with very similar statements, they all either weren’t
aware of the policy or didn’t read it and just clicked agree when first accessing
the network. As well as this students added that they couldn’t access a copy of
the policy easily or did not know how to, and that the policy conditions were not
made clear.
30
4.1.9. Question 10
Question ten asked whether students should be able to access a power source for
charging devices on university sites.
28
3
19
Q10. Should students be able to access a power source for charging devices on university sites
Students
Figure 6. Should students be able to access power outlets on campus
As you can see from figure 6 above, 37 students (94%) thought that student
should be allowed access to power sources, of those 19 thought that outlets
should be available only if devices had been electrically tested in the last 2 years,
for example PAT testing or newly purchased device. With 3 (6%) students
disagreeing to the idea completely.
4.1.10. Question 11
Question eleven asked students whether they though being able to use their own
devices in university, had allowed them to be more productive. 33 out of the 50
students (66%) answered yes, with the remaining 17 students (34%) answering
no. From the 17 students who answered no, a secondary question of ‘do you
believe that using your own device in university has led to you concentrating less
and procrastinating more?’ was posed, 11 students (65%) answered yes to this,
with the remaining 6 (35%) answering no.
4.1.11. Question 12
Question twelve asked, ‘do you believe that software suites such as Microsoft
Office or Adobe Creative Cloud, that are already licenced to the university should
31
be provided to personal devices for a small fee or for free’. 49 of the 50
respondents (98%) answered yes to this question, with one person (2%)
answering no.
4.1.12. Question 13
The final question of the survey asked students whether they thought the
introduction of BYOD in Cardiff Met, has had a positive or negative impact on
their academic lives. 45 of the 50 students (90%) responded saying that BYOD
has had a positive effect, whilst the other 5 (10%) answered negatively.
Furthermore 21 students provided a supplementary comment to their answer.
After coding the responses, it was found there were 10 broadly positive
comments, one impartial comment, and 10 broadly negative comments.
Positive comments included; Freedom to do work anywhere in the university,
allows the use of personal software, frees up university resources and eases
library congestion, improves learning, allows for higher quality resources and,
benefits students whom have a good work ethic and allows for more productive
work during contact time.
One unbiased student wrote that they believe it could benefit them but as they
do not bring any devices they don’t utilise the services.
Negative comments surrounding BYOD’s introduction include; it encourages
students not to do work and can distract them, as websites such as social
network are not restricted, and in the future the university may invest less in
computing equipment for student use. However, the overwhelming critical
observation made by students, was that the wireless network infrastructure is
not fit for purpose, with comments such as MetWiFi is slow and unreliable at
peak times, there needs to be more bandwidth made available for devices, and
for the amount we pay in fees MetWiFi is poor. 8 students shared this general
view.
32
4.2. Teaching Staff Interviews
Two teaching staff members were interviewed to obtain their views about the
use of BYOD in Cardiff Met. Two staff members were thought to be an
appropriate number, this is as a ratio of one lecturer to twenty-five students is
common, and associates back to the number of respondents to the student
questionnaire. An anonymised transcript of the interviews can be found in
Appendix D.
4.2.1. Question 1
The first question asked, if interviewees use BYOD on the university network.
Both respondents answered yes, with one currently using their device and one
planning to use a new device in the very near future. However, it was also
mentioned that the university networks are sometimes insufficient and other
services have to be used, also mobile carrier coverage is an issue within some of
the university buildings. It was added that teaching staff were not encouraged to
use their own devices.
4.2.2. Question 2
The second question asked if the university provides any portable IT equipment
to the teaching staff. Both respondents acknowledged that the university would
provide with a specified set of devices. However, only one had chosen to use the
laptop provided.
4.2.3. Question 3
The third question asked the participants if they were aware of any restrictions
imposed under the network policy, and if so how does it affect them. One
participant answered yes acknowledging that they knew of restrictions of BYOD
under the policy, with the other having ‘absolutely no idea, in relation to Cardiff
Met’. Both participants however pointed out that ‘everybody just clicks agree’ and
they ‘arbitrarily click yes without reading any definition or detail’, going on to
point out that there should be a corporate procedure in place and that it only
effects them if they don’t click agree.
33
4.2.4. Question 4
The fourth question inquired if the respondents used their devices during
contact time, for example during lectures or seminars. Both participants
responded yes, with one anticipating use upon the arrival of a new device and
one actively using devices during contact time.
4.2.5. Question 5
The fifth question asked ‘Do you believe that the continuity associated to using
your own devices personally and in work allows you to work more effectively,
e.g. not having to transfer work for one machine to another, familiarity of
devices, set up time etc.’ Once again both respondents relied yes to this question,
one commenting ‘yes, whole heartedly’ and the other anticipating it to be yes.
4.2.6. Question 6
Question six asked ‘In your opinion and circumstance does BYOD have any
negative implications in relation to your working environment? E.g. possibility of
theft, loss of data, data ownership.’ The two participants had completely differing
responses to this question, one agreeing yes and the other disagreeing entirely.
One participant took the stance that, mobile devices could be lost anywhere, and
that the university networks are more secure than public networks such as those
offered at retail outlets, and so the risk is no greater than anywhere else.
Expanding to data ownership, worries are suppressed as mobile devices are
merely used as a means to access cloud data, with all data being held on
university servers.
The other participant voiced a completely polar opinion, it was highlighted that
theft was a particularly big issue, although acknowledging that devices can
simply be left in a room. They communicated that student data can be stored
wherever they want, to be worked on in other locations. They also outlined that
up to date antivirus has to be present on devices used on the university
networks, and that anything that needs to be recorded is stored on corporate
systems. Finally stating that there was an overwhelming lack of technical
support available.
34
4.2.7. Question 7
Is there a chance that BYOD could disadvantage students or staff members that
cannot access personal devices and have to use university provided resources,
was asked as question seven. One contributor agreed there can be a
disadvantage and, emphasised snobbery about the university against those not
using BYOD, as they are perceived not to be up to date, which is not always the
case.
However, the other interviewee noted that university computers and mobile
devices are diverse tools and have differing uses, for example a standard PC is
faster at typing, were as to access data quickly, a mobile device is more adequate.
4.2.8. Question 8
Question eight asked if the teaching staff believe that students using BYOD are
using it productively, or getting distracted during university.
The first interviewee stated that, students are using it more for there own
enjoyment, some use it productively but most just use it as a procrastination tool
during lectures.
Interviewee two advocates the use of personal devices during contact time, as it
appropriate in their classes. Examples given included researching information
and live discussions/blogging, that in their opinion allowed students to engage
more, as they are able to grasp a deep level of immediacy and knowledge.
Students also do not have to reiterate half remembered lecture details at a later
date.
4.2.9. Question 9
Question nine asked whether teaching staff thought students should have limited
access to websites such as social networks. The first interviewee answered yes to
implementing restrictions during contact time, as its very hard to police large
groups. Further to this the first interviewee said that ‘Students say that they are
viewing the lecture but you can tell by there fingers that they are texting.’
The second interviewee replied that there is scope for limited access to be a
possibility. However, they stressed that although they recognise students can
waste their time on social networks, it can prove a great asset to teaching and
35
there is a possibility that they can be used to engage students and create
commentary, as the potential of social networks is still evolving.
4.2.10. Question 10
The tenth question aimed to find out whether the participants believe that
software suites such as Microsoft Office and Adobe Creative Cloud should be
provided to personal devices for a small fee or for free. The first interview
participant agreed saying ‘it would be of great benefit’, if students were allowed a
limited licence that would only cover their time at university.
The second interview participant also agreed, but thought that only non-
proprietary open-ware software should be used within the university. They also
corresponded that students studying some courses that need specific software
should have it supplied free or discounted. However, they did mention that only
relevant tools should be made available, so if there is no warrant for needing an
application it shouldn’t be provided.
4.2.11. Question 11
The final question inquired if the participants thought that access to power
sources for charging devices should be restricted, for example only if they have
been electrically tested in the last two years. Both participants firmly believed
that no restriction should be placed on the use of power outlets. They also both
believed that it would be a bureaucratic nightmare to police devices to ensure
they had been tested, also one participant stated that ‘it’s a bit nanny state,
everyone is adult here’.
It was then posed to respondents that, what if for example a personal device
tripped the electrical network. One interviewee identified that students agree to
the electronic communication policy, which states that they are liable for any
damage caused by personal device. They also indicated the possibility of using
individual residual circuit breakers on each socket, so not affect the whole
electrically network in sensitive environments such as computer labs. The other
interviewee simply remarked ‘does that happen now these days’.
36
4.3. IT Administrator Interview
An interview was conducted with a senior member of the Information
Technology department at Cardiff Metropolitan University, an interview was
conducted to discover how the introduction of BYOD has effected the institution.
Prior to conducting the interview, the researcher was sent a copy of the
Electronic Communications Policy, this allowed for many of the questions that
were due to be asked to be fulfilled by reviewing the policy, a clear distinction
will be made as to which questions were answered via policy review and or via
interview. The interview featured different discussion topics with individual
questions encompassed under each heading. Copies of the interview transcripts
can be found in Appendix E.
4.3.1. Current BYOD Policy
Question Response Discussed in Interview
Do you currently employ a BYOD Policy?
The electronic communication policy – ECP contains BYOD applicable guidelines.
No
Is it separate or tied in with the network usage policy?
All of the guidelines related to electronic communication are collated in the electronic communication policy.
No
Where is it available to users?
‘The ECP is available in the staff and student portal. On the staff portal its listed as the ECP, and for students its listed I think as rules and regulation for the use if IT.’
The response is a direct transcript answer from the interview.
Table 1. IT Admin Staff interview: Current BYOD Policy
4.3.2. Students using BYOD
Question Response Discussed in Interview
Are students allowed to plug in to a power source?
Yes, but the university is not liable for any damages, costs or losses, as advised in 4.2. If a users device damages the university’s IT infrastructure, e.g. a faulty device blows fuses, the user is liable.
This question was answered from reviewing the electronic communications policy.
Are there device/ bandwidth restrictions in place to prevent overuse/abuse e.g. limit on devices per user account?
‘No, There are not bandwidth limitations per device in place.’
The response is a direct transcript answer from the interview.
Once connected to a ‘Yes’ The response is a direct
37
network is all data stored on a device subject to a networking policy?
transcript answer from the interview.
Is network activity monitored on BYOD devices as when using a university-based machine?
No, As set out in policy 3.1, consent has to be granted from a member of the vice chancellors board prior to monitoring.
This question was answered from reviewing the electronic communications policy.
Table 2. IT Admin Staff interview: Students using BYOD
4.3.3. Staff using BYOD
Question Response Discussed in Interview
What is the policy concerned with university data stored on personal devices?
Section 6 of the policy outlines personal data guidelines. Under policy 6.2, safeguards must be put in place to protect data, 6.3 outlines that encryption must be used to transfer electronic data outside of university systems. Finally under policy 6.4, all data must be in accordance with the data protection act.
This question was answered from reviewing the electronic communications policy.
Is there a list of recommended devices, security methods etcetera that staff can follow?
‘Yes, on the student portal under learning there is guidance there for mobile phones, tablets etc.’
The response is a direct transcript answer from the interview.
Do you or are you looking to implement CYOD Choose your own device for staff members to ensure compatibility, continuity and security?
‘There are a small number of Cardiff Met devices that are provided to staff, but we don’t implement CYOD for personal devices.’
The response is a direct transcript answer from the interview.
Are staff members allowed to charge devices within the university?
Yes, but the university is not liable for any damages, costs or losses, as advised in 4.2. If a users device damages the university’s IT infrastructure, e.g. a faulty device blows fuses, the user is liable.
This question was answered from reviewing the electronic communications policy.
Table 3. IT Admin Staff interview: Staff using BYOD
4.3.4. Alternative Access Methods
Question Response Discussed in Interview
If a student or staff member uses an alternative data service e.g. 3g/tethering on a device within the
The first clause in the policy (1.1) states that any usage of resources in connection with business or learning is
This question was answered from reviewing the network policy and a response
38
university campus, does the university hold any jurisdiction over the data being downloaded/displayed on the device?For example a student viewing inappropriate material, or a staff member viewing student records.
covered by the preceding policy conditions. This includes all locations, from home and other institutions and applies to students and staff, as well as third parties. As well as this data procedures set out under section six, apply to staff using data from corporate systems off site.
The response from the IT administrator interviewed however contradicted these findings, as their response was ‘I don’t believe so’.
from to the same question posed in the interview
Table 4. IT Admin Staff interview: Alterative Access Methods
4.3.5. Network Infrastructure
Question Response Discussed in Interview
How well equipped are the Wi-Fi networks to handle quick influxes in demand ‘flash traffic’ at peak times e.g. lunch time, at the beginning of each hour when lectures are starting etc?
‘Currently we have some bandwidth issues, we have significant investment going on in the coming months, to improve the Wi-Fi infrastructure. Initially at the Cyncoed campus as the issues are more prevalent there, but then in Llandaff also. There are a large number of Wi-Fi access points and we do regularly review the provision, but it is something that needs significant investment, as I mentioned, and that is what is being requested.’
The response is a direct transcript answer from the interview.
How do you calculate for capacity planning e.g. number of students, usage from different buildings?
‘More around the usage in different areas, yes, so obviously you get Hotspots where there are congregations of users, social locations for example you see more actual usage, but for instance in the learning centre for example although usage might not be high as they tend to be using the fixed kit there are allot of connections of course, cause everyone’s got a mobile phone in there pocket so you have
The response is a direct transcript answer from the interview.
39
high usage.’How can you manage users and ensure that they adhere to applicable polices wherever they are located on a network?
‘Currently on the campus student and staff are to just abide by the ECP, our halls service is slightly different, we implement packet fence which is an application that allows us to ensure that all devices have up to date antivirus for example, which we are hoping to roll out across the campuses. The use of packet fence will increase security.’
The response is a direct transcript answer from the interview.
Table 5. IT Admin Staff interview: Network Infrastructure
4.3.6. Disadvantages of BYOD at Cardiff Met
Question Response Discussed in Interview
Do the benefits of implementing a BYOD infrastructure out way the initial costs?
‘Personally Yes, although the initial cost is very high it is an expectation now, practically every device is Wi-Fi enabled and some are Wi-Fi only for example tablets so there has to be a provision. When a Wi-Fi network is in place for business usage it makes sense to just let users use there own devices as well.’
The response is a direct transcript answer from the interview.
Does the university have any procedure in place to allow for students that cant afford their own devices?
YES laptop loans for whole term periods, subject to policy conditions at all times
Found in the network policy and associated hyperlinks.
Table 6. IT Admin Staff interview: Disadvantages of BYOD at Cardiff Met
4.3.7. The Future of BYOD at Cardiff Met
Question Response Discussed in Interview
To be cost effective and able to invest in the latest technology could decreasing the amount of university owned hardware be a plausible solution in a future that will see increased BYOD use?
‘There are some potential caveats and issues on this. However students seem to prefer using fixed equipment, and this year has been the most problematic for capacity for catering to users. Using fixed computers is in no way decreasing, although Wi-Fi use has increased exponentially, the university has no plans to scale back IT provision. One of
The response is a direct transcript answer from the interview.
40
the reasons we find people use our devices is that they can use the software that they don’t have, we are looking to make available software to students and staff members but licencing sometimes does not allow or is extremely high cost.’
How will users that are unable to obtain their own devices be catered for in future?
‘We are not looking to get rid of any university devices, in fact in recent surveys and interviews held in December, the number one finding was that we needed more pc’s to be installed.’
The response is a direct transcript answer from the interview.
Is there a possibility of introducing virtualisation and or CYOD for all users in Cardiff Met?
‘Some remote session based desktops are already in use, using RDS – remote desktop service like the ones in reception. Some staff members for example those who work in India use RDS to remotely connect to the network. We are looking to ramp up the use of RDS but only where it would be beneficial and viable. We would like to make use of application streaming as the computing would be done at the users end.’
The response is a direct transcript answer from the interview.
Table 7. IT Admin Staff interview: the Future of BYOD at Cardiff Met
4.4 Conclusion
This chapter has presented the responses and statistics gathered through the
primary data stage. The data was compiled from the student questionnaire, the
teaching staff interview and the IT administrator interview. The findings
displayed will be used in the next chapter to calculate a meaning and ultimately
complete the aim and objectives of the study.
41
CHAPTER 5 – EVALUATING THE IMPLICATIONS
5.0. Introduction
This chapter will evaluate and discuss the data collected and compare and
contrast it against the theories and points collected from the reviewed literature,
to gain perspective upon the results. A discussion of the implications brought
about by the discovery of trends will also be undertaken, linking the research
relevant objectives with the consequences found.
The questions underlined in this section were proposed as a result of the literary
review and correspond back to the applicable literature.
5.1. Research Objective 1
To investigate whether students at Cardiff Metropolitan University believe
that the ability to bring their own device has had a positive influence on their
approach to undertake university work.
Do Cardiff Met students believe that BYOD can potentially be disadvantaging
non-users?
The student questionnaire has indicated that 84% of respondents believed that
BYOD use could disadvantage those students who do not use it. Further to this
nine students commented that at peak times the university resources are
congested, with a further five students citing snobbery and discrimination as an
issue, and two students suggesting that course specific application are not
available over all devices. All of which can disadvantage students not utilising
BYOD. These outcomes agree to the findings of Hayes (2012) who mentions that
BYOD can disadvantage students who cannot afford the equipment that would
enable them to partake.
From the perspective of students, is using BYOD safe at Cardiff Met?
As shown by the student questionnaire, 70% of students agreed that BYOD use
within Cardiff Met could potentially be unsafe. Fifteen supplementary comments
highlighted theft and related crime as a major concern, as well as this data
ownership and associated liability also concerned students.
42
Do students now see BYOD as a right not a privilege?
96% of students us BYOD, from this 90% believe that the use of BYOD in
university is a positive addition to academic life. Even though 84% of students
believe BYOD can be disadvantaging and 70% of students believe it can be
unsafe, the majority still use the service. As well as this, comments from the
questionnaire vent frustration with the wireless infrastructure at the university,
which seems to suggest that students believe BYOD access a right. This view is
corroborated by the IT administration who have said that adequate Wi-Fi
provision is ‘an expectation now’. It is clear from the figures presented from the
student questionnaire and comments from the IT administration that students
believe this statement to be true, this concurs with findings from CSW Group
(2012) that suggest students are in fact seeing 24x7 wireless access a right and
not a privilege.
Overall, 66% of respondents believe that the use of BYOD at Cardiff Met has
allowed them to be more productive, which completes the research objective and
shows it to be correct. This could be concerning to the university, as if true,
inadequate network infrastructure could jeopardise student relations.
5.2. Research Objective 2
To analyse the impact that BYOD may have had on teaching from the
perspective of teaching staff.
Has the introduction of BYOD affected teaching?
Both interviewees admitted to using their own devices within the university and
during contact time, this in itself has undoubtedly changed the way lectures and
seminars are delivered. As well as this, both participants also commented that
the continuity brought about with using personal devices in the work place,
allows for more effective work.
When the point of device misuse was raised, completely polar views were
offered. One interviewee cited that device misuse was rife and the time
associated with policing BYOD use was impacting teaching. However, the other
43
interviewee actively encourages personal device use within contact time, using it
as a communication and collaboration tool.
It is apparent, overall that whether BYOD is embraced or shunned, it has
unquestionably impacted teaching, these findings may support the view posed
by Hamza & Noordin (2013) who believe that lecturers now act as managers to
the students learning, rather than being the direct source of all knowledge.
Do Cardiff Met staff members believe that BYOD can potentially be
disadvantaging non-users?
The two interviewees has differing views, one highlighted that mobile devices
and static PC’s both have advantages and disadvantages, and acknowledged that
users may become disadvantaged if university provision was reduced. The other
respondent strongly agreed that non-BYOD users are disadvantaged, noting that
they had come across snobbery and discrimination towards non-users. These
findings correspond to the views of Faas (2012), who believes BYOD can open up
an ‘uneven educational playing field’.
From the perspective of staff members, is using BYOD safe at Cardiff Met?
Once again the two teaching staff interviewed had differing opinions on the issue
of security, one made the statement that using personal devices in university is
no more dangerous and perhaps safer than using public Wi-Fi. The second
respondent however highlighted theft as a concern, as well as citing the lack of
technical support available in their opinion. As well as this, it was discovered that
a staff member was unaware of organisational policies in place for the
transportation and storage of data, this could be of concern as it was discovered
when reviewing literature that 54% of institutions have predicated that security
breaches will increase in the next two years (Dahlstrom et al., 2013).
44
5.3. Research Objective 3
To critically access the technical, legal and ethical implications brought
about with the use of BYOD from the university administrations’ viewpoint.
Will BYOD affect the availability of permanent IT resources?
This question was of some concern to students responding to the questionnaire
final question (4.1.12.), students voiced concern that cuts to permanent IT
resources were being made and the situation could get worse in the future.
However, from interviewing the IT administrator it was discovered that this is
not the case, in fact it was discussed that it is the number one strategy of the IT
department to improve university resources, as this year has proved the worst
for capacity. This is opposing to the views found in literature, that believe that
with ever reducing IT budgets, permanent IT resources provided by institutions
could be effected (Dahlstrom et al., 2013).
Can Cardiff met keep up with the demand of more student and staff devices?
Through discussion with a senior IT administrator at Cardiff Met it was admitted
that currently there are some bandwidth problems with the MetWiFi and
Eduroam services. IT administration at Cardiff Met regularly undertake reviews
surrounding the capacity of the network, a large scale infrastructure upgrade in
underway initially within the Cyncoed campus, and later at the Llandaff campus
to improve the wireless networks for BYOD use. This action directly relates to
Robinson (2012) who suggests education establishments have to insure
adequate infrastructure to cope with demand, and as CSW Group’s (2012) recent
research has predicted an ever-increasing multi device to single user ratio this is
ever more prevalent. Answering the proposed question, continual improvements
are to be made to ensure demand can be supplied.
Has BYOD in Cardiff met proved cost saving or costly?
Contrary to the findings from the Dahlstrom et al (2013), which suggest that the
cost saving factor of BYOD should be viewed conservatively, It was discovered
from interview the IT Administrator that the introduction of BYOD had been cost
effective, although the initial cost is very high. The IT Administrator mentioned
45
that access to a wireless network is an expectation now and so it is a necessity to
provide one.
Does Cardiff met employ any ‘Best practice’ Approaches?
It is apparent that from reviewing the electronic communication policy and
interviewing a senior IT administrator, that Cardiff metropolitan do utilise some
documented best practice approaches.
As can be seen in the questionnaire results (4.1.3.), there is a vast spread of
devices being used on campus by students, a best practice approach cited by
CSW Group (2012) is that all device types should be catered for in a reasonable
manor, this is comprehensively covered by the implementation of ‘5 Minute
Guides’ that aid BYOD users connect a multitude of devices (Cardiff Metropolitan
University , 2014). However, none of the best practices such as insuring
password protected devices and having a lost and stolen device protocol
published by Gatewood (2012) and Dahlstrom et al. (2013) are currently in
place, yet the IT administration are committed to improving all aspects of BYOD
in future, including security.
Is there a possibility of introducing virtualisation and or CYOD in Cardiff Met?
It was made apparent that Cardiff Met is looking to expand the use of
virtualisation on campus, as recorded during the IT administrator interview.
This is an approach that ensures continuity and fair use amongst BYOD users,
again set out by the CSW Group (2012). However, Nash Network Inc. (2009)
have pointed out there are some drawbacks of virtualisation, including a central
point of failure. It was also recorded that they had no plans to introduce CYOD
for students or faculty.
Are wireless networks being used for non-academic purposes?
It was identified through the student survey and teaching staff interviews that
there was a level of abuse toward the wireless network during contact time. It
was found that 92% of students who use their devise during contact time have at
some point accessed non-academic content with 45% saying that they always
use the network for non-academic related purposes. This correlates to the
46
literature review findings from Evans (2012) and Walsh (2013) whom both cite
that with the introduction of BYOD there is a potential for a distraction when
devices are used during contact time.
Teaching staff were also asked their views on the idea of limiting access to
certain websites during contact time, one agreed that students should have
limited access during teaching time. However, the other respondent pointed out
that social networks, have great evolving potential for use by faculty to provide
interactivity and immediacy. If the university were to implement limited access
to some websites there would be many caveats, these include; what criteria
would be used to blacklist websites, how would a time limit be implemented and
managed etc. The notion of limiting web access to adults in an academic setting is
possible but not necessarily feasible.
The questionnaire results state that 32% of students infrequently or never used
the university network, however still used personal devices on site. As well as
this, a question was posed to the IT administration about the jurisdiction they
hold surrounding the viewing and distributing of inappropriate and illegal
content on campus, but not using the university network. The interviewee
admitted that the university had no jurisdiction, although staff members are
restricted somewhat by the network policy. This leaves the university system
open to abuse, as there is potential for students to conduct illicit and offensive
behaviour with no consequence.
A question was posed to both students and staff, as to whether access for
charging devices on campus should be restricted to devices that have been
electrically tested. Secondary research indicated that it is acceptable to charge
personal devices under section 4.2. of the electronic communication policy,
however all liability for damage, cost or losses lies with the user.
The risks out way the benefits for introducing such a policy as it would create
excess stress and paperwork, and would be near impossible to implement and
police.
47
The provision of highly discounted or free software distributed to students and
staff was discussed with all participant groups. Naturally, 98% of students said
that they would like discounted or free software, teaching staff also agreed that
students should be provided software, highlighting that some courses that
require expensive software suites, should be catered for. The university IT
administration outlined that they are looking in to providing free software,
pointing out that they have recently made Microsoft Office 365 available to staff
and students, but also indicate that in many circumstances the software licencing
terms limit distribution.
One of the main points picked up upon whilst conducting secondary research,
which was later confirmed by primary research, was users lack of understanding
of the electronic communications policy. 98% of students were not aware that
the ECP covered BYOD use, also both faculty members admitted to just clicking
agree and not fully comprehending the terms.
5.4. Conclusion
It is apparent that from evaluating the primary data and relating it to previously
constructed theories and views from the literature and other sources, the
research objectives have been fulfilled. However, this section has had to be brief
for reasons listed in the next chapter.
48
CHAPTER 6 – CONCLUSIONS
6.0. Introduction
This chapter sets out the conclusions drawn from the analysis and discussion of
the primary and secondary data, along with associating the conclusions to the
research aim and objectives in order to accomplish them. Furthermore,
recommendations will be discussed, along with the limitations and validity of the
research. Finally ending with discussion surrounding the possibility of future
work.
6.1. Research Aim
The aim of this research dissertation is to identify the current vulnerabilities
derived from the use of bring your own device - BYOD within Cardiff
Metropolitan University.
It is belived that through achieving the individual research objectives, the overall
research aim has been fulfilled.
6.1.1. Objective 1
To investigate whether students at Cardiff Metropolitan University believe
that the ability to bring their own device has had a positive influence on their
approach to undertake university work.
This objective was achieved through extensively reviewing applicable literature
surrounding the views that students held about BYOD’s use at other academic
institutions. The secondary research acted as a base for the results from the
student questionnaire to be compared to, this was to gain perspective and gauge
whether the students thought BYOD use was a positive addition to academic life.
Many questions were asked to assess the students opinion, but ultimately the
final question, which asked if ‘BYOD has had a positive or negative effect on
academic lives’, to which the majority of students, 90% responded that it had a
positive effect, realises this objective.
6.1.2. Objective 2
To analyse the impact that BYOD may have had on teaching from the
perspective of teaching staff.
49
Once again the literature review underpinned the primary research findings to
evaluate whether Cardiff Met supported or deviated from the trends.
The impact that BYOD has had on teaching was determined by comparing the
answers to various question areas that had been identified during the literature
review. Suffice to say, it is apparent that in one way or another BYOD has greatly
impacted the way in which teaching is conducted, some may feel for the better or
for worse. It is evident that if BYOD is embraced by all teaching staff as a teaching
aid and not viewed as a hindrance too teaching, it could prove very successful at
Cardiff Met. Also students may be less inclined to abuse and misuse the BYOD
network if it is being actively integrated in to teaching methods.
6.1.3. Objective 3
To critically access the technical, legal and ethical implications brought
about with the use of BYOD from the university administrations’ viewpoint.
This objective was achieved as a result of comparing and contrasting the current
electronic communications policy of Cardiff Met against similar institutions. To
provide relevant information surrounding the network management and
planning, an interview with a senior IT administrator was held.
It is clear that the objective is extremely broad and the author of this paper was
only able to critically access in limited detail, nethertheless the objective was
achieved and details of technical, legal and ethical implications from the use of
BYOD in Cardiff Met were assessed in the discussion. Research indicated that
although here are many potential caveats surrounding the use of BYOD
academically, Cardiff Met is on the right track with the processes and procedures
in place.
6.2. Recommendations
Students and staff members showed concern over loosing permanent IT
resources. As stated by the IT Administration there are no plans to reduce the
provision of permanent IT resources in the near future, and continued
investment is going in to all aspects of the IT provision. It is a recommendation
that university administration continue with investment in both BYOD and static
IT equipment.
50
The university should conduct sessions to include sceptic teaching staff as to the
value of using BYOD devices during contact time, this comes after one of the
teaching staff stated that they had fully embraced the technology and used it
capabilities to improve learning and interaction. However, BYOD may not be
applicable to all types of teaching.
Research concluded that students and staff members were not aware, or didn't
read the networking policy, that contains BYOD rules and regulations. Changes
should be made to make more apparent these policies to further mitigate risks
associated with misuse of BYOD through inadequate knowledge. For example,
amendments should be posted on Cardiff Met internal news and should be email
bulletined. When using the BYOD network for the first time, at periodic intervals,
and also when policies are changed, users should have to re-agree to the ECP.
The university should consider introducing a key facts page showing the
essential applicable policies, this would make it easier for users to know what
can and can't be done, and what is and isn't acceptable. Other universities such
as the University of East Anglia, show clearly on their public facing website a
summary of the network and computer policy conditions as well as links to the
full versions (University of East Anglia, 2013). This is in stark contrast to Cardiff
Met as the researcher found it very difficult to obtain the network polices as they
were not published on the public internet website, and couldn’t be located on the
internal intranet sites.
6.3. Limitations of the Study
Limitations and weaknesses of the study have been identified, these include but
are not limited too;
Limited time scale for completion of the study.
Data gathering complications, these included, over estimating the amount of
respondents that would complete the questionnaires’, only being able to
interview two teaching staff members and difficulties in arranging an IT
administrator interview.
Changing the quantitative questions of the survey to include more qualitative
comments boxes - the researcher would have liked to have used more comment
51
boxes, but was restricted by the time and effort associated with interpreting
qualitative data.
Information overload – it is believed that the primary research collected too
much information and so not all was analysed fully. There were worries that the
dissertation wouldn’t make sense if all the data was not included, this in turn
adversely effected the word count.
There is no prior research in to the area of BYOD use at Cardiff Met.
The aims and objectives were too broad and so investigations couldn’t be
adequately focused.
In general the author would have liked to discussed findings in much greater
depth but due to time and length this was neither feasible nor possible.
6.4. Validity and Reliability of Research
As the questionnaire was online and assistance was not present to aid
conduction, it may be true that some of the questions were misread or
misunderstood, and so some data may have been erroneous and invalid.
However, with the large sample population of students, it is thought that this
irregularity would have had a negligible effect on the results.
As the interviews were held in person and the interviewees were all professional
individuals, the risk of unreliable and invalid information was very small,
especially as the IT interview was more concerned with organisational policy
and less concerned with the interviewees personal opinion.
Without discrediting professional opinion, it is thought that more than two
teaching staff members should have been interviewed to gain a broader
perspective and to be able to triangulate and validate data. As well as this, one
interviewee had yet to procure a BYOD device, but was due to soon, it would
have been better to re-interview once they had obtained and used the device.
However, due to the projects limitations this was not possible.
Having listed these qualms with the research, and given the limitations, the
author believes that the results from this study are still credible and useful to
conduct further research.
52
6.5. Future Work
BYOD is highly advocated as an area for any researcher to explore, this is as
BYOD’s uses are constantly changing and evolving, and the full potential of the
concept may yet to have been discovered.
It is believed that there is a vast untapped potential of research surrounding
BYOD use within Cardiff Met, as this research only ‘scratched the surface’ so to
speak. Some areas that warrant further research include.
The way in which users and organisations use policies as a way of network
management, this is a recommended area of study as this research has shown
there is a great problem with users understanding and acknowledging policies.
Another potential research area is that of software licencing for academic use, as
presented in this study most respondents believe software should be heavily
discounted or free, but this is not always possible, a feasibility study could be
undertaken to understand why.
Investigation could be conducted in to the effectiveness and viability of Cardiff
Metropolitan’s wireless infrastructure, including MetWiFi, Eduroam and Hallsnet
for example.
Realistically any one of the single objectives could be broadened and examined
thoroughly to provide a greater depth of understanding, as this study was only
able to produce a general overview due to limiting factors.
References
Alberta Education, 2012. Bring your own device: a guide for schools. White Paper.
Edmonton: Alberta Government.
53
Avanade Inc, 2009. Server Virtualization: A Step Toward Cost Efficiency and
Business Agility. Perspective Paper. Seattle: Avanade Perspective.
Ballagas, R., Rohs, M., Sheridan, J.G. & Borchers, J., 2005. BYOD: Bring Your Own
Device. Research Paper. Aachen: RWTH Aachen University.
Berg, S., 2006. Snowball Sampling–I. In S. Kotz, C. Read, N. Balakrishnan & B.
Vidakovic, eds. Encyclopedia of Statistical Sciences. Hiboken, NJ: John Wiley and
Sons, Inc.
Blaikie, N., 2009. Designing Social Research. 2nd ed. Cambridge: Polity Press.
Bryman, A., 2012. Social Research Methods. 4th ed. Oxford: Oxford University
Press.
Bryman, A. & Bell, E., 2011. Business Research Methods. 3rd ed. Oxford: Oxford
University Press.
Cardiff Metropolitan University , 2014. 5 Minute Guides. [Online] Available at:
https://tsr.cardiffmet.ac.uk/learning/Help/5min/Pages/Home.aspx [Accessed
20 March 2014].
Cardiff University INSRV - Information Services, 2013. Regulations for the use of
services, resources and facilities provided by the Cardiff University Directorate of
Information Services. Policy Guidence. Cardiff.
Clifford, M., 2012. Bring Your Own Device (BYOD): 10 Reasons Why It's a Good
Idea. [Online] Available at:
http://www.opencolleges.edu.au/informed/trends/bring-your-own-device-
byod-10-reasons-why-its-a-good-idea/ [Accessed 25 February 2014].
Cooper, D.R. & Schindler, P., 2010. Business Research Methods. 11th ed. New York:
McGraw-Hill/Irwin.
Cope, A.R., 2005. Wireless Networking At Cardiff Univeristy. Policy Guide. Cardiff:
INSRV - Information Services Cardiff University.
Cottrell, S., 2008. The Study Skills Handbook. 3rd ed. New York: Palgrave
Macmillan.
Creswell, J.W. & Plano Clark, V.L., 2011. Designing and Conducting Mixed Method
Research. 2nd ed. Thousand Oaks: Sage Publications.
CSW Group, 2012. Bring Your Own Device - Adapting to the flood of personal
mobile computing devices accessing campus networks. White Paper. Vernon Hills.
54
Curtis, S., 2014. Liverpool researchers create 'contagious' WiFi virus. [Online]
Available at:
http://www.telegraph.co.uk/technology/internet-security/10664576/Liverpool
-researchers-create-contagious-WiFi-virus.html [Accessed 27 February 2014].
Dahlstrom, E., diFilipo, S. & Askren, M., 2013. The Consumerization of Technology
and the Bring-Your-Own-Everything (BYOE) Era of Higher Education. Louisville:
EDUCAUSE Center For Applied Research.
Dixon, B. & Tierney, S., 2012. Bring your own device to school. White Paper.
Redmond, WA: Microsoft Education.
Dobbin, G., Dahlstrom, E., Arroway, P. & Sheehan, M.C., 2011. Mobile IT in Higher
Education. Research Report. Louisville: EDUCAUSE Center for Applied Research.
Evans, J., 2012. Learning in the 21st Century: Mobile + Social Media = Personalized
Learning. [Online] Available at:
http://www.tomorrow.org/speakup/learning21Report_2012_webinar.html
[Accessed 28 February 2014].
Faas, R., 2012. Why BYOD Is A Disaster Waiting To Happen For Schools. [Online]
Available at: http://www.cultofmac.com/176277/why-byod-is-a-disaster-
waiting-to-happen-for-schools/ [Accessed 28 February 2014].
Fidelman, M., 2012. The Latest Infographics: Mobile Business Statistics For 2012.
[Online] Forbes, Inc. Available at:
http://www.forbes.com/sites/markfidelman/2012/05/02/the-latest-
infographics-mobile-business-statistics-for-2012/ [Accessed 23 March 2014].
Finnegan, M., 2013. UK firms 'favour CYOD policies over BYOD'. [Online] Available
at: http://www.computerworlduk.com/news/mobile-wireless/3471406/uk-
firms-favour-cyod-policies-over-byod-report-claims/ [Accessed 26 February
2014].
Fisher, C., 2007. Researching and Writing a Dissertation: A Guidebook for Business
Students. 2nd ed. Harlow: Pearson Education.
Gatewood, B., 2012. The Nuts and Bolts of Making BYOD Work. Information
Management Journal, 46(6), pp.26-30.
Glaser, B. & Strauss, A., 2012. The Discovery of Grounded Theory: strategies for
qualitative research. 7th ed. Transaction Publishers.
55
Grama, J. & Grajek, S., 2013. Research You Can Use: New Insights into Academic IT .
Research Report. Louisville: EDUCAUSE Center for Analysis and Research.
Hamza, A. & Noordin, M.F., 2013. BYOD Usage by Postgraduate Students of
International Islamic University Malaysia: An Analysis. International journal of
Engineering Science Invention, 2(4), pp.2319-6726.
Hayes, J., 2012. The Device Divide. Engineering & Technology, 7(9), pp.76-78.
Insight Direct USA, 2013. Mobility: BYOD vs CYOD. Datasheet. Tempe, AZ: Insight.
Johnson, K. & DeLaGrange, T., 2012. SANS Survey on Mobility/BYOD Security
Policies and Practices. White Paper. Swansea: SANS Institute.
Kumar, R., 2011. Research Methodology: A Step-by-Step Guide for Beginners. 3rd
ed. London: Sage Publications.
Maddem, M. et al., 2013. Teens and Technology 2013. Boston: Pew Research
Centre.
Morris, C., 2009. Quantitative Approaches in Business Studies. 7th ed. Harlow:
Pearson Education.
Nash Networks Inc, 2009. Virtualization: A Small Business Perspective. White
Paper.
Neagle, C., 2013. Disasters. Network World, 30(4), pp.20-23.
Oppenheim, A.N., 1992. Questionnaire Design, Interviewing and Attitude
Measurement. London: Continuum.
Oxford University Press, 2010. Oxford English Dictionary. 3rd ed. Oxford: Oxford
University Press.
Ray, M., 2013. BYO What? Library Media Connection, January/February. pp.8-10.
Riley, P., 2013. Electronic Communications Policy. Policy. Cardiff: Director of
Library & Information Services: Cardiff Metropolitan University.
Robinson, J., 2012. 5 Areas of Consideration for Developing a BYOD Policy for Your
School or District. [Online] Available at:
http://the21stcenturyprincipal.blogspot.co.uk/2012/02/5-areas-of-
consideration-for-developing.html [Accessed 02 March 2014].
Saunders, M., Lewis, P. & Thornhill, A., 2007. Research Methods for Business
Students. 4th ed. Harlow: Pearson Education.
Saunders, M., Lewis, P. & Thornhill, A., 2009. Research Methods for Business
Students. 5th ed. Harlow: Pearson Education.
56
Saunders, M., Lewis, P. & Thornhill, A., 2012. Research Methods for Business
Students. 6th ed. London: Pearson.
Silverman, D., 2010. Doing Qualitative Research. 3rd ed. London: Sage.
SPC ISD, 2013. Conditions of Computer Use - Policy and guidelines governing use of
all University IT and network facilities Approved by the Information Strategy and
Services Committee 11 June 2013. Norwich: University of East Anglia.
Thomson, G., 2012. BYOD: enabling the chaos. Networking Security, Febuary.
pp.5-8.
University of East Anglia, 2013. Usage Polices - University of East Anglia (UEA).
[Online] Available at: http://www.uea.ac.uk/is/itregs/usepols [Accessed 18
March 2014].
Veal, A.J., 2005. Business Research Methods - A Managerial Approach. 2nd ed.
Frenches Forest, NSW: Pearson Education.
Walling, D.R., 2012. The Tech-Savvy Triangle. TechTrends: Linking Research &
Practice to Improve Learning, 56(4), pp.42-46.
Walsh, K., 2013. 5 Reasons Why BYOD is a Bad Idea. [Online] Available at:
http://www.emergingedtech.com/2012/07/5-reasons-why-byod-is-a-bad-idea/
[Accessed 28 February 2014].
Willis, D.A., 2012. Bring Your Own Device: New Opportunities, New Challenges.
White Paper. Stamford: Gartner Research.
Yin, R.K., 2003. Case Study Research: Design and Methods. 3rd ed. Thousand Oaks:
Sage Publicaitons.
Bibliography
Hart, C., 2008. Doing a Literature Review - Releasing the Social Science Research
Imagination. London: Sage.
Appendices
All participant data shown in anonymised.
Appendix A
Submitted Ethical Approval Form
57
PART ONE
Name of applicant: Lloyd James Philip Matthews
Supervisor (if student project): Stuart McNeil
School: Cardiff School Of Management
Student number (if applicable): ST20004183
Programme enrolled on (if applicable): Business Information Systems
Project Title: The vulnerabilities of using Bring
Your Own Device ‘BYOD’ in Cardiff Expected Start Date: 13/01/14
Approximate Duration: 5 weeks
Funding Body (if applicable): N/A
Other researcher(s) working on the project:
N/A
Will the study involve NHS patients or staff?
No
Will the study involve taking samples of human origin from participants?
No
In no more than 150 words, give a non technical summary of the projectThe aim of the project is to identify the vulnerabilities from the use of bring your own device (BYOD) within Cardiff Metropolitan University (CMU), both from a network administration and legal and ethical perspective. Specific objectives include; To investigate whether students at CMU believe that the ability to use BYOD has had a positive effect on their approach to work, including the possible shortfalls such as the divide of students possessing BYOD and those who do not.To analyse the impact of BYOD has had on teaching staff in CSM, CMU. Positive impacts and negative implications.And to critically access the legal, ethical and Networking issues concerned with BYOD from the standpoint of the university administration.
Does your project fall entirely within one of the following categories:Paper based, involving only documents in the public domain
No
Laboratory based, not involving human participants or human tissue samples
No
Practice based not involving human participants (eg curatorial, practice audit)
No
Compulsory projects in professional practice (eg Initial Teacher Education)
No
If you have answered YES to any of these questions, no further information
58
regarding your project is required.If you have answered NO to all of these questions, you must complete Part 2 of this form
DECLARATION:I confirm that this project conforms with the Cardiff Met Research Governance FrameworkSignature of the applicant: Date: 27-11-13
FOR STUDENT PROJECTS ONLYName of supervisor: Stuart McNeil Date:
Signature of supervisor:
PART TWO
A RESEARCH DESIGNA1 Will you be using an approved protocol in your project?
No
A2 If yes, please state the name and code of the approved protocol to be used1
N/AA3 Describe the research design to be used in your projectThe research study is an interpretive study utilising both quantitative and qualitative data generation.An online questionnaire of around fifteen questions in length will be used to gather opinions from 50 -100 students at Cardiff met. Using an online questionnaire should broaden the access to ensure that all students have the possibility to respond. The questionnaire will utilise both open-ended questions where students will have to type an individual response and closed questions such as yes and no. Accessing participants initially will be done by the means of social networking, to further expand the demographic of student response students will then be recruited using the snowball sampling method that gets the initial participants to offer the questionnaire to their friendship group and so on and so forth (Saunders, Lewis and Thornhill, 2012). Once the questionaries’ have been completed a number of analytical techniques will be used to examine the results, quantitative responses from the closed questions will be formatted into spreadsheets for further analysis and evaluation, whilst qualitative responses from the comments sections will be coded into groups such as positive and negative opinions towards BYOD.A minimum of three members of the teaching staff within Cardiff school of management will be interviewed. The interview will be a semi-structured, with the same set of questions put forward to gain the views of different staff
1 An Approved Protocol is one which has been approved by Cardiff Met to be used under supervision of designated members of staff; a list of approved protocols can be found on the Cardiff Met website here
59
members about the topic of BYOD, for example do they believe that it disadvantages some students who have to use university devices (Saunders, Lewis and Thornhill, 2012). With the possibility to expand on questions to gain more perspective. The interview should last approximately half an hour. As the results are qualitative they will have to be analysed thoroughly to gain valuable understanding, this may use steps such as coding, data categorisation, content analysis and comparison to identify potential relationships. Participants will be selected from the pool of tutors within CSM.The researcher intends to interview the university administration and in particular the IT administration team that is responsible for setting out BYOB policies, the head administrator would be the best to interview as all administration would be set up under their command. The interview will be semi-structured with a set list of questions but flexibility to talk about any other relevant areas of knowledge, the interview should last around thirty minutes (Saunders, Lewis and Thornhill, 2012). Once again as the research is qualitative the interview results will have to be scrutinised to draw any findings, the interview findings will be compared against best practice approaches from across the industry. As soon as ethics approval is granted the relevant administration staff members will need to be contacted to guarantee that there is interview availability.A4 Will the project involve deceptive or covert research?
No
A5 If yes, give a rationale for the use of deceptive or covert researchN/A
B PREVIOUS EXPERIENCEB1 What previous experience of research involving human participants relevant to this project do you have?In the second year I had to undertake two modules that required primary research; e-business management and developing a business. Both of which where successful.B2 Student project only
What previous experience of research involving human participants relevant to this project does your supervisor have?
Stuart McNeil has 10 years of experience of research involving human participants.
C POTENTIAL RISKSC1 What potential risks do you foresee?The study does not concern the collection of any sensitive data so significant risks are minimal.Also participants may feel that their data is not kept confidentially or that they may be identifiable in the analysisC2 How will you deal with the potential risks?If participants feel that any of the questions are inappropriate then they can stop at any time and withdraw without penalty.All information that participants provide will be held in confidence and with
60
their informed consent Careful steps will be taken to make sure that participants cannot be directly identified from the questionnaire form and that they cannot be identified as pseudonyms/codes will be used.Your personal details (e.g. signature on the consent form) and your questionnaire/interview transcript will be kept in secure locations and password protectedAt the end of the study all of the information and documentation gathered will be destroyed.The recordings of the interview will also be held in a secure and confidential environment during the study and destroyed when it is complete.
References
Saunders, M., Lewis, P. and Thornhill, A. (2012) Research Methods for Business
Students, 6th edition, London: Pearson.
Appendix B
Participant Information Sheet
Interview Version
Participant Information Sheet
61
The vulnerabilities of using Bring Your Own Device ‘BYOD’ in Cardiff
Metropolitan University
Project Summary
The purpose of this research is to evaluate the vulnerabilities associated with the
use of bring your own device technology within Cardiff metropolitan university,
both from the perspective of staff and students. Your participation will enable
the collection of data that will form part of the study being undertaken at CMU.
Why have you been asked to participate?
You have been asked to participate because you fit the profile of the population
being studied; that is you are currently a student or a staff member at Cardiff
Metropolitan University. During your participation you will be asked questions
to gather your thoughts and opinions relating to the use of BYOD within CMU.
Project Risks
The research involves the completion of a questionnaire or participation in an
interview; which will be recorded for later analysis. We are not seeking to collect
any sensitive information about you; this study is only concerned with your
thoughts and opinions regarding BYOD and will not discuss any other topics. We
do not believe that this study posses any significant risks. However, should you
feel that any of the questions are inappropriate then you can stop at any time.
Furthermore, should you change you mind you can withdraw from the study at
any time – we will completely respect your decision.
How we protect your privacy
All the information you provide will be held in confidence. We have taken careful
steps to make sure that you cannot be directly identified from the questionnaires
form; there is no information on the questionnaires that will identify you. Your
personal details (e.g. signature on the consent form) and your
questionnaire/interview transcript will be kept in secure locations by the
research team. When we have finished the study and analysed all of the
information, all the documentation used to gather the data will be destroyed. The
62
recordings of the interview will also be held in a secure and confidential
environment during the study and destroyed when it is complete
YOU WILL BE OFFERED A COPY OFF THIS INFORMATION SHEET TO KEEP
If you require any further information about this project please contact
Lloyd Matthews, Cardiff Metropolitan University
Email: [email protected]
Ethics Approval Number: 201312008
Online Questionnaire Version
63
Appendix C
Declaration/Consent Form
64
Interview Declaration
Cardiff Metropolitan University Ethics Committee
Participant Content Form
Cardiff Metropolitan University Ethics Reference Number: 201312008
Participant Name or Student ID:Title of Project: The vulnerabilities of using Bring Your Own Device ‘BYOD’
in Cardiff Metropolitan University
Name of Researcher: Lloyd Matthews
Participant to complete this section: Please Initial each box.
1. I confirm that I have read and understand the information sheet for the above study. I have had the opportunity to consider the information, ask questions and have has these answered satisfactorily
2. I understand that my participation is voluntary and that I am free to withdraw at any time, without giving any reason.
3. I agree to take part in the above study.
4. I agree to the interview being audio reordered.
5. I agree to the use of anonymised quotes in publications
_______________________________ ________________________
Signature of Participant Date
____________________________ _____________________________
Name of person taking consent Signature of person taking consent
65
1 copy to be kept by participant & 1 copy for researcher site file.
Online Declaration – found at lloydmatthews.co.uk
Appendix D
Teaching Staff Interview Transcripts
Interviewee One
66
Question Response
67
1. Do you use your own devices on the university network?
No currently from next week using ipad mini that was funded by the department. We are not encouraged to use our own devices, put it that way.
2. Does the university provide you with any portable IT equipment, such as laptops, smart phones, tablets etc.?
Yes I have a laptop that the university has provided
3. Are you aware of any restrictions imposed under the network usage/BYOD policies? If so how do they effect you?
No, I have absolutely no idea, in relation to Cardiff met.Everybody just clicks agree, doesn’t read policy. There should be something corporate in place for us.
4. Do you use your device(s) during contact time e.g. lectures and seminars on campus?
Yes, once I have an ipad mini from next week
5. Do you believe that the continuity associated to using your own devices personally and in work allows you to work more effectively, e.g. not having to transfer work for one machine to another, familiarity of devices, set up time etc.
I am anticipating that to be yes.
6. In your opinion and circumstance does BYOD have any negative implications in relation to your working environment? E.g. possibility of theft, loss of data, data ownership
There are concerns with regard to, theft, they have a big number of them stolen, also with leaving something somewhere its very easy to leave something in a room and forget, the lack of technical support. We can store student data wherever we want, in fact I use at the moment a pen drive, I take everything home to work on over the weekend and then I will bring it back to upload it.If we bring our own staff in a) we have to insure that we have up to date antivirus on it and b) if something goes wrong, for whatever reason there is no technical support. Anything we need to record or keep we need to use the corporate systems.
7. Do you think BYOD could disadvantage students/staff that cannot access personal devices and have to use the university provided resources?
Yes, I think also, I don’t know whether your picking up this but there is a bit of a snobbery about, those that have them think they are really great and those that haven’t they don’t consider us to be very up to date, which is not always the case. Yes I think there is that disadvantage
8. Do you think students using BYOD are using it productively or getting distracted during university?
I would say they are suing it more for their own enjoyment, there own interests and experiences, there not really interacting
68
well. They have a little bit of use (for work) but mostly get bored in lectures and wander off.
9. Do you think that students should have limited access to internet sites such as social networks for example?
Dur9ng lecture time yes, yes. Very hard to go around and check what everyone’s doing, I have about 120 in a first year and they all say they are viewing the lecture on there phones but there not really, you can tell by the fingers that there texting.
10.
Do you believe that software suites such as Microsoft Office, Adobe Creative Cloud that are already licenced to the university should be provided to personal devices for a small fee or for free?
I think, particularly with cloud computing, and this module I think it there it would be of great benefit, I think there should be a term licence a term availability, but you wouldn’t necessarily leave you (students) with it. Yeah I do I think that would be really good.
11.
Do you believe that access to power sources for charging devices should be limited, for example if devices have been electrically checked within the last 2 years e.g. PAT tested/ new device.
Yeah, you can do it anyway, you can do it at the airport for 10p yeah. Yeah I think you should yes, if people, if I have students coming in particularly PHD students and there coming in with their laptops we have those little rooms with the floor plugs and they plug them in down there whilst there using them, absolutely and it should be free.Asked about possibility of tripping other devices- does that happen now, these days, it is less paper for them not to police it.
Interviewee 2
Question Response1. Do you use your own devices on
the university network?Yes, sometimes insufficient and have to use other services. GPRS and 3G mobile cellular not good coverage, phone calls drops.
2. Does the university provide you with any portable IT equipment, such as laptops, smart phones, tablets etc.?
It will provide a specified set of devices, but I don’t use theirs uses his own
3. Are you aware of any restrictions imposed under the network usage/BYOD policies? If so how do they effect you?
Yes, there is an agreement connect to arbitrarily click yes without reading any definition or detail. Only effects me if I don’t click yes
4. Do you use your device(s) during contact time e.g. lectures and seminars on campus?
Yes used in contact time
5. Do you believe that the continuity associated to using your own devices personally and in work
Yes, whole heartedly
69
allows you to work more effectively, e.g. not having to transfer work for one machine to another, familiarity of devices, set up time etc.
6. In your opinion and circumstance does BYOD have any negative implications in relation to your working environment? E.g. possibility of theft, loss of data, data ownership
Not really, I mean it’s a mobile device and it could be lost anywhere although it is quite vulnerable being here. Public connection such as Starbucks is more vulnerable, no more than everywhere else.Data ownership - just accessing it via mobile devices, not stored on my devices stored on site on uwic server on premisesCloud source, same as using a local network access.
7. Do you think BYOD could disadvantage students/staff that cannot access personal devices and have to use the university provided resources?
Directly comparing a network pc with a mobile device, different tools both have uses, pc should be a better faster connection and a real keyboard type quicker and access resources quicker however the boot time of such devices is allot longer and so it depends on the immediacy on my information needs, for example if I need to find out what room I am in at any one time I will use my mobile phone because I is quicker than me going in to a room logging on.
But if I wanted to type something I would use a physical keyboard, the existing network pcs
8. Do you think students using BYOD are using it productively or getting distracted during university?
Both, hypothetical as it is asking to ask what other people thinkOne of the advocates, put up a sign saying please ensure you utilise my mobile in my class – as it was appropriate as I was teaching mobile networks. Actively asking people to be participate with devices. Not one of these technophobic morans that wish too state that individuals can utilise easily accessible tools that help and develop their learning, no.I strongly think that they are very useful tools, lets say a student wants to use a computer to find out and research something in a class, including discussions and live blogging on the go sometimes, sometimes easier on a tablet or handheld device than it is on a computer sometimes, because enables students to walk around a room and engage in a workshop environment or a seminar environment
70
without being constrained and shackled too the situ of the personal computer.A seminar session when students are devolving reflective feedback using mobile devices including voice recording s uploading images videos and data to the cloud.Grasping a deep level of immediacy and knowledge about a particular, is a brilliant process to see rather than seeing half remembered notions on what’s conducted within a workshop being then reiterated down in to a textual document an our or day later.
9. Do you think that students should have limited access to internet sites such as social networks for example?
Scope for that to be a possibility, but we are still finding out information about social networks and their productive use, I think there is something in the notion that they are tools of procrastination, there is something in the notion they are immensely good at driving commentary and engagement within a community, I think it depends on the specific uses of a social media, that is infinitesimally hard to represent within indivusal use as its subjective.Could be conduction a session of live blogging within a facebook page for instance, or taking photos and putting them on flikr or instagram which shows more of a positive engagement possibly, maybe that enables it to be linked in with other online material and this create a richer debate and more accessible means of accessing that content. There is scope for students recognising that they can waste their time on social media, but also recognising that it can be a great tool and asset for them to utilise during class.
10.
Do you believe that software suites such as Microsoft Office, Adobe Creative Cloud that are already licenced to the university should be provided to personal devices for a small fee or for free?
Yes, to non-proprietary software, open-ware.Students on courses that need specific software tools should be provided – agreesHorses for course use the tool that relevant, some tools are going to be irrelevant.
11.
Do you believe that access to power sources for charging devices should be limited, for example if devices have been electrically checked within the last 2 years e.g. PAT tested/ new device.
Student come on to this site and we allow them to walk unaided, we allow students to cycle without training wheels, it seems quite naive to think that we have to then insure that all of their devices are pat tested, it seems that also making work in the
71
bureaucracy of the matter. bureaucracy nightmareWhilst having student sign a waiver when they enrol to say that ensure that your products are not going to blow up.Sockets that have their own individual RCD devices for the scenario in a computer lab where a trip may cause all others work to be lost.A bit nanny state, everyone is an adult here
Appendix E
IT Administrator Interview Transcript
Discussion Topic
1. Current BYOD Policy
Where is it available to users? – The ECM is available in the staff and student portals,
72
and on the staff portal its listed as the ECM for students I think its listed as rules and regulation for use if IT
2. Students using BYOD
Are there device/ bandwidth restrictions in place to prevent overuse/abuse e.g. limit on devices per user account - There are not bandwidth limitations per device in place no
Once connected to a network is all data stored on a device subject to a networking policy - Yes
3. Staff using BYOD
Is there a list of recommended devices, security methods etcetera, that staff can follow –Yes, again on the student portal under learning there is guidance there for mobile phones, tablets etc.
Do you or are you looking to implement CYOD Choose your own device for staff members to ensure compatibility, continuity and security. –Are a small number of Cardiff met devices, that we Hand out to staff, but we don’t do that for personal devices no (no CYOD)
4. Alternative access methods
If a student or staff member uses an alternative data service e.g. 3g/tethering on a device within the university campus, does the university hold any jurisdiction over the data being downloaded/displayed on the device. – I DON’T BELIVE SO
For example a student viewing inappropriate material. A staff member viewing student records
5. Network Infrastructure
How well equipped are the Wi-Fi networks to handle quick influxes in demand ‘flash traffic’ at peak times e.g. lunch time, at the beginning of each hour when lectures are starting etc. – Currently we have some bandwidth issues, we have significant investment going on in the coming months, to improve the Wi-Fi infrastructure. Initially at the cyncoed campus as the issues are more prevalent there, but then in llandaff also. There are a large number of Wi-Fi AP’s and we do regularly review the provision, but it is something that needs significant investment, as I mentioned, and that is what is being requested.
How do you calculate for capacity planning e.g. number of students, usage from different buildings- More around the usage in different areas, yes, so obviously you get Hotspots where there are congregations of users, social location for example you see more actual usage, but for instance in the learning centre for example although usage might not be high as they tend to be using the fixed kit there are allot of connections of course, cause everyone’s got a mobile phone in there pocket so you have high usage.
How can you manage users and ensure that they adhere to applicable polices wherever they are located on a network. – Currently on the campus student and staff are to just abide by the ECP, our halls service is slightly different, we implement packet fence which is an application that allows us to ensure that all devices have up to date antivirus for example, which we are hoping to roll out across the campuses. The use of packet fence will increase security.
6. Disadvantages of BYOD
Do the benefits of implementing a BYOD infrastructure out way the initial costs – Personally Yes, although the initial cost is very high it is an expectation now,
73
practically every device is Wi-Fi enabled and some are Wi-Fi only for example tablets so there has to be a provision. When a Wi-Fi network is in place for business usage it makes sense to just let users use there own devices as well
7. Future
To be cost effective and able to invest in the latest technology could decreasing the amount of university owned hardware be a plausible solution in a future that will see increased BYOD use. There are some potential caveats and issues on this. However students seem to prefer using fixed equipment, and this year has been the most problematic for capacity for catering to users. Using fixed computers is in no way decreasing, although Wi-Fi use has increased exponentially, the uni has no plans to scale back IT provision. One of the reasons we find people use our devices is that they can use the software that they don’t have, we are looking to make available software to students and staff members but licencing sometimes does not allow or is extremely high cost.
How will users that are unable to obtain their own devices be catered for in future – Not looking to get rid of any uni devices, in fact in recent surveys and interviews held in December the number one finding was that we needed more pc’s.
Is there a possibility of introducing virtualisation and or CYOD for all users in Cardiff Met? - Some remote session based desktops are already in use, using RDS like the ones downstairs in reception. Some staff members for example those who work in India use RDS to remotely connect to the network. We are looking to ramp up the use of RDS but only where it would be beneficial and viable. We would like to make use of application streaming as the computing would be done at the users end.
Below are the questions that were fulfilled by reviewing the ECP, and so were
not discussed in the interview.
Discussion Topic
1. Current BYOD Policy
Do you currently employ a BYOD policy? YES Is it separate or tied in with the network usage policy? TIED IN Where is it available to users?
2. Students using BYOD
Are they allowed to plug in to a power source YES but uni are not liable for damages cost or loses 4.2, and if a users device damages the IT provision (e.g. faulty plug blowing fuses) they are liable.
Are there device/ bandwidth restrictions in place to prevent overuse/abuse e.g. limit on devices per user account
Once connected to a network is all data stored on a device subject to a networking policy
Is network activity monitored on BYOD devices as when using a university based machine NO with consent from a member of the v-chancellors board
3. Staff using BYOD
What is the policy concerned with university data stored on personal devices Refer to Policy
Is there a list of recommended devices, security methods etcetera, that staff can follow – guidance on safe storage of files and encryption in the policy
74
Do you or are you looking to implement CYOD Choose your own device for staff members to ensure compatibility, continuity and security.
Are staff members allowed to charge devices within the university YES but uni are not liable for damages cost or loses 4.2, and if a users device damages the IT provision (e.g. faulty plug blowing fuses) they are liable. 5.2.1 maybe
4. Alternative access methods
If a student or staff member uses an alternative data service e.g. 3g/tethering on a device within the university campus, does the university hold any jurisdiction over the data being downloaded/displayed on the device. 1.1 covers staff
For example a student viewing inappropriate material. A staff member viewing student records, covered by 1.1, 6.1, 6.2, 6.3, 6.4
5. Network Infrastructure
How well equipped are the Wi-Fi networks to handle quick influxes in demand ‘flash traffic’ at peak times e.g. lunch time, at the beginning of each hour when lectures are starting etc.
How do you calculate for capacity planning e.g. number of students, usage from different buildings
How can you manage users and ensure that they adhere to applicable polices wherever they are located on a network.
6. Disadvantages of BYOD
Do the benefits of implementing a BYOD infrastructure out way the initial costs Does the university have any procedure in place to allow for students that cant afford
their own devices. YES laptop loans for whole term periods, subject to policy conditions at all times
7. Future
To be cost effective and able to invest in the latest technology could decreasing the amount of university owned hardware be a plausible solution in a future that will see increased BYOD use.
How will users that are unable to obtain their own devices be catered for in future Is there a possibility of introducing virtualisation and or CYOD for all users in
Cardiff Met?
Appendix F
Student Questionnaire Responses
75
76
77
78
79
80
81
82
Related Documents
