Managing End-User Device Risk

COVID-19 has changed the threat landscape for the university, putting end-user devices, most notably devices used for University work, at greater risk as they move off campus.  IT Services has launched four services, using best-of-breed tools, to back up, manage, encrypt, and actively protect machines. The rollout and privacy issues raised by such tools are being addressed through faculty governance and close partnership with unit IT.

Role of University End User Device Policy

The End User Device Policy, revised with input from the Board of Computing Activities and Services, Office of Legal Counsel, and the IT Leadership Council, describes how devices used for University Business must be secured and answers many questions related to the policy.  See the 1-pager for a simplified version of the key policy items.

Risks and Solutions

The table below outlines common end user device risks, common solutions, and the tools provided free of charge to implement these solutions.  Unit IT can use these tools to achieve the goals outlined in the End User Device Policy.

What is the risk to me? What solution reduces this risk? Tool(s) Provided through IT Allocation
Loss of data and privacy due to device misconfiguration Device Management Jamf
Microsoft Endpoint Configuration Manager (MECM) 
Loss of data and privacy due to the device being stolen or lost Encryption services Jamf
Microsoft Bitlocker Administration and Monitoring (MBAM)
Loss of data and privacy due to day-to-day mishaps,  ransomware situations, etc. Backup Code42
Loss of data and privacy due to external threats Endpoint Protection CrowdStrike