Keeping up with the updates: Managing software in higher education

The devices on a college campus are varied as the different majors — so how can we give all students the tools they need to be safe while keeping them (and our data) private and secure? One key component is ensuring devices and apps are kept up to date and secure. Let’s take a look at the risks of outdated software and how to mitigate them, all while optimizing student and IT experience.

Risky business

At your higher education institution, students are thinking about how to manage their classes, studying, trying to navigate a cafeteria at lunch rush, the party on Friday or countless other topics. What they’re not thinking about (okay, maybe the IT majors are), is how secure their devices are and how it affects your network security.

Consider this: cybercriminals are targeting education more than ever before, costing educational institutions an average of $3.79 million per breach. This means it’s more important than ever to minimize risk and reduce any vulnerabilities that might open your systems up for attack.

So where do these risks come from? To name a few:

• Outdated operating systems with unpatched vulnerabilities
• Mismanaged app lifecycle
• Improperly configured apps
• Students using non-sanctioned devices because school-owned devices are outdated
• Vulnerable devices on your network

Mobile device management

In May 2022, the FBI released a report reading that U.S. college and university credentials were advertised for sale on the dark web. This report includes a number of recommendations to institutions to improve their security posture, firstly recommending the upkeep of the latest versions of operating systems and software. The report continues by reminding us that “timely patching is one of the most efficient and cost-effective” ways for an organization to minimize their exposure to cybersecurity threats.

So what’s the best way to ensure your fleet of devices has the latest software updates? If you have the ability to choose what devices go into your fleet, consider taking advantage of the native security and user-friendly interface of macOS. Using Mac with a mobile device management (MDM) solution gives you the ability to easily deploy devices and keep them updated. Your MDM will monitor the device’s operating system version and push updates when needed to keep them in compliance. You can also leverage Mac’s new rapid security response feature to keep user intervention with updates at a minimum while receiving the latest security patches. Providing seamless updates for your users lowers the risk of having out-of-date and vulnerable devices sitting on your network.

Apps from download to depreciation

Managing the lifecycle of your apps starts from deployment. Your MDM gives you the ability to remotely deploy apps while keeping them up to date, and to restrict any apps that do not comply to your data or privacy policies. By making apps available in a self-service portal, you give students a convenient and secure way to download the apps they need without having to wait for IT approval. This central repository of apps saves IT’s time by requiring app apportionment only when the app catalog changes, rather than when a device is upgraded, a user is onboarded or simply when a user wants to download an app. Another option is to remove student intervention and push apps onto your managed devices using a tool like App Installers in Jamf Pro.

In other words, deploying apps with an MDM helps mitigate the risk of having outdated apps by removing the need for IT to monitor, package and update apps—ensuring that these apps have the latest patches and features. Making deployment as automated as possible reduces the need for student or IT intervention, allowing both parties to focus their time and energy on higher-priority issues.

What about student-owned devices?

The variety of devices on your network as a higher education institution can present a challenge, as students likely have their own devices rather than school-provided ones. For this challenge, a "bring your own device" (BYOD) program can be instituted. Often, these programs can be difficult to launch, as they require a balance between security and user privacy — after all, no one wants to feel like the IT department is reading their phone over their shoulder.

This balance is another reason why selecting the right MDM is important. Jamf Pro’s user-driven enrollment features allow students to prompt their own enrollment into your MDM, giving them secure access to your institution’s apps while protecting their privacy. Students have access to school programs on their own devices, reducing the likelihood they’ll use unsanctioned programs, out-of-date apps and other shadow IT practices. This way everyone wins: students can use the devices they love while IT can trust that school data is safe and sound.