The disconnect between university IT departments and faculty experts - in security, reliability, privacy, law, etc. - at the same university (or within the same system such as UC) is embarrassing.
The article says Trellix but the same could be written about any EDR from a capability standpoint. To add to the staff's point about giving root access, and while that's more on Microsoft needing to get vendors out of the kernel, it shouldn't be a compromise users have to make.
With that said, I find myself agreeing with the mandate, if you're using university resources, they have a responsibility to protect those resources and EDR is table stakes these days.. but they also need to be providing any devices required for the job, allowing BYOD for restricted data makes an already tough environment to secure harder than it needs to be.
There is a complicating factor. Universities are not your average top-down hierarchies. While some aspects of the work do belong to the employer, other aspects are yours (or you PI's), and they may follow you to your next job. While administrative matters and sensitive data tend to belong to the university, everything you create as an academic is usually yours.
It's pretty common, particularly among researchers who do not handle sensitive data, to have a burner laptop for accessing university resources and personal devices for the actual work. Many people also use personal email addresses for work. Work email rarely survives changes in employment, making it too short-lived for many purposes.
Intrusive, malware-like "security" software running on user devices introduces undesirable security and privacy risks.
Moreover, universities should avoid the chilling effects of intrusive monitoring of faculty and student devices, as well as the potential legal liability.
A better solution is resource access revocation upon detection of bad behavior, with an administrative escalation path to manage false positives.
At many universities faculty and students ignore the locked-down IT network and use a guest network instead, or their smartphones.
Unfortunately there may not be an easy way to access databases and other paid resources (e.g. via library login, which would seem reasonable.) The good news is that in many fields much of the material that used to be paywalled (e.g. journal papers) is now available under open access. (But not legal databases like Lexis etc. and some other resources.)
