The Whitelist vs The Blacklist (Not the TV Show) and Your BYOD Implementation

WhitelistVSBlacklist

A whitelist is a a list of users, IP address, etc. that have permission to do something, and a blacklist is just the opposite. For example, organizations routinely blacklist websites that employees should not use.

In a BYOD (Bring Your Own Device) model, schools are often faced with the issue of how much they should or should not manage devices and user access. Due to the cost of many management solution, and the choice of BYOD for the sake of resources and budgets, schools often cannot afford corporate level BYOD security systems.

Many schools choose to use their firewalls, Wifi Controllers, and other core components to create user access lists using MAC addresses, leased IPs, and whitelists/blacklists of users. Most of this work is done manually, so having a good strategy is extremely important for efficiency and human resource management.

The key issue is to decide what your philosophy is. Are you going to punish or are you going to reward? Another way to state that would be, “is good network behavior going to earn a student freedom?”.

I believe if a school chose BYOD, and they did so for reasons other than saving money, the school should adhere to the principles that BYOD supports, such as independence, self -management, and self-reliance. If the school adheres to these positive principles, then the goal should not be to directly manage devices, unless a student violates school policy. The goal would be to use a blacklist system to manage those students who continually fail to manage their devices and fail to behave properly.

Deciding, without cause, to lock down the property someone else owns (even a student) is not a core principle of a good BYOD program. That is a core principle of  program that needs resources and simply does not want to buy them. Locking down systems also means focusing massive amounts manpower into a process that is disconnected from teaching and learning. Anytime people in a school spend most of their time not working toward education, there is going to be an opportunity cost paid by the students.

As technology diversifies, and students are flooded with entertainment and pointless apps, the options for regulation become limited. Access to the Internet at school might be a privilege, but students equipped with small high-speed mobile devices can choose to by-pass a school network in order to achieve whatever goals they have.

Obviously this type of circumvention will disconnect them from their teachers and learning resources. Choosing to whitelist students by directly managing their personal equipment, will spark their urge to deploy their mobile options.

Allowing student freedom, until they push to the bounds of the school’s AUP (Acceptable Use Policy) to far, is normally seen as a reasonable response by most students. The student community as a whole will always want some management and protection from theft, fraud, and other malicious behaviour. Therefore blacklisting students who act maliciously and giving other students as much freedom as possible will strengthen the BYOD community and various initiatives,

Tony DePrato

www.tonydeprato.com

Facebooktwitterlinkedinrssmail