I found the statistics in this article kind of surprising, especially the following:
A survey covering 17 countries by business technology company Avanade found that 88% of executives said employees were using their own personal computing technologies for business purposes.
This commentary seems to jive with our experience as well:
"It's the new reality for organisations, and IT needs to find an effective way to securely manage these devices. What we've seen is a cultural divide between IT and the rest of the organisation.
"IT thinks about security, that's their job, the rest of the organisation doesn't."
Making secure behaviour the easiest option is the best way to get employees to cooperate, says Mimecast's Justin Pirie.
"Companies need to make sure they have the facilities to support the 'right' behaviour with the proliferation of devices.
"This has to mean that the 'right' behaviour also becomes the 'easiest' behaviour."
I think the key point of this is that we need to prepare for a time when teachers simply bring in their own computers to use. This has already happened in some cases. It also means that we need to make the best practice the easiest thing for people to do. No matter how much we tell people to follow proper security measures, they are not going to do it unless it's the easiest thing to do. I learned this from the book Switch: How to Change Things When Change is Hard by Chip and Dan Heath. They would call this "shaping the path" to make it easiest for people to do what we want them to do.
If we don't make it easy for people to do the safest thing, then we'll be fighting "shadow IT" systems forever.