Working Securely: The Device Security Project - Next Steps

Many of our technical teams have been working hard on the Device Security Project. This article aims to give a clear outline of the next steps for the project - the likely impacts, who may be affected and where to get support.

It is vital that our University community and the ways we work remain secure and compliant. We recognise that working from home and teaching online has placed additional responsibilities on many of us – managing multiple priorities, working in new ways and delivering more information online. Ultimately, our focus is upon delivering excellent educational experiences for our students - securely.

Work securely: '3 Ways to Connect' - a quick reference guide

All devices – whatever make, model, format or operating system – must be appropriately secure.

From 12^th December 2020, we will implement the first phase of our '3 Ways to Connect' to University systems project - These are:

Using a University-owned, central or departmentally-managed device (such as a WMG/WBS managed Windows computer or a School of Life Sciences managed Mac). This is the University’s preferred option and principal direction in the medium term. It will be funded if individuals and departments make specific requests and existing equipment cannot be provided or relocated by other routes.
Using a University-owned but self-managed device which must be enrolled in the Device Security System (DSS) to ensure it meets our minimum security requirements. Self-managed Windows computers can enrol here now. Self-managed macOS computers can enrol here now.
If you are using a personal, privately-owned device (not issued or funded by the University or through University-linked research funding), please either request a University-managed device, or use the Workspace virtual desktop service to access University data. It is browser-based, will run on any platform (including Mac and Linux) and gives access to all widely-used applications, email, calendar and Teams.

What happens after 12 December?

We have complex computer usage arrangements across the University and so have developed a phased approach to meet a range of different situations: use this reference guide to understand how your device and work may be impacted.

Device/OS	Approach	Implementation date
University-owned and managed Windows 10 devices (incl. ITS, WBS, WMG managed devices)	No action is required. Devices will be recognised as meeting the minimum security specifications and will be granted access to services	Available from 12 December
University owned, self-managed Windows 10 devices	Enrol Windows computer in the Device Security Service here	Available now – controlled access to services implemented from 12 Dec
University owned, self-managed macOS devices	Enrol Mac computer in the Device Security Service here (WMS and SLS Mac devices - no action needed)	Available now – controlled access to services implemented from 12 Dec
Personal, privately-owned devices (not issued or funded by the University or through University research funding).	Use the Workspace virtual desktop service or, if VDI isn’t suitable - Request a University owned, centrally-managed device from your department. If a University-issued device is not possible: Use web-access Office 365 version of Outlook, Teams, Excel, Word, Powerpoint etc. Do not use installed client versions If client versions of tools are essential - Request an Exception to the policy approach documenting why continued use of private devices is necessary and how any risks will be managed.	Available now – controlled access to services implemented from 12 Dec Web-accessed Office tools will be granted from 12 December Exception Request process available here
iOS phones/tablets Android phones /tablets	University-owned devices - enrol in DSS Personal, privately-owned devices - we are working on a solution, to be agreed and communicated in the New Year.	Available now Personal devices will continue to have unchanged access until a solution is agreed.
Linux devices	Use the Workspace virtual desktop service A Linux Research/teaching Exception for STEM departments has been agreed and will be applied to those users by default. This will allow continued use of the local Teams client Non-STEM Linux users should request an exception to the policy documenting why continued use of Linux devices is necessary	Standard Workspace available now Exception Request process available here
Need something for obsolete OS’s Any other devices or other situation where suggested solutions ‘cannot’ work	Apply for an exception and document how it is managed and risks mitigated. Request an exception - documenting why continued use of ‘anomaly’ devices is necessary and how any risks will be managed (this process will be used to to design a solution).	Exception Request process available here
USB controls	Windows 10 centrally-managed devices – USB use managed via Kaspersky policy controls. University-owned, self-managed macOS devices –devices will already have been enrolled in DSS Kaspersky will be applied to devices using DSS and controls implemented. Personal, privately-owned devices – using VDI: USB transfer not possible Personal, privately-owned devices not using VDI – USB risk to be documented via an Exception Request	Centrally-managed devices from 18 January 2021. Exception required for continued access to USB storage devices, request here Self-managed devices – date TBC Personal devices on VDI – from w/c 14 December Personal devices not on VDI – available once Exception Request agreed.

Help and support

After the implementation dates shown (From 12 December) if your device is unable to access University systems or you experience any other technical issues, contact the Helpdesk immediately.

The team will be able to restore access, document your situation and provide advice on the next steps and best solution for your circumstances.

Self-Service Online - make requests and report incidents through our web-based tool ServiceNow

Call us on 024 765 73737. We're open 9:00am to 5:00pm, Monday to Friday (excluding bank holidays).

Email us at helpdesk@warwick.ac.uk

The Exception Request Process is available here

Read our Device Security Project background information here

Read our detailed Device Security Project FAQs here