I searched and really didn’t see anything in the community, so please post a link if I missed it.
I was curious regarding what people think regarding BYOD and typical company policies. For example, things like acceptable use or perhaps company policies regarding monitoring. I have worked at companies, through company policy, that retained the right to search and/or monitor the work environment of employees. Since BYOD spans both personal and work environments, how do you see the typical corporate policy regarding monitoring and search applying. Any thoughts?
15 Spice ups
We have 2 WiFi networks on every floor of our building.
we have 1 that is connected to internal resources and a separate Cable connection for the other.
Basically all company equipment is setup to connect to the internal WiFi.
I provide a key for the associates and vendors for the “Public” wifi.
We use OPENDNS for both connections so we don’t have abuse of the “public WiFi”
Public WiFi is locked down considerably harder.
Our policy is to only provide Extremely basic support for Personal devices. Ex. WiFi password, that’s about it.
I actually have SW running on it’s own physical server and it scans constantly for new devices so I know when they have physically plugged into a wall jack.
I have a list of about 10 mac address that are banned.
spence
(SpenceLK)
3
I was reading a thread in here a week or so ago that point out the positive points to BYOD the main one being responsibility falls into the users hands and support for the device is limited. I do service some devices and ensure they have adequate antivirus and will occasionally run scans since company data is being transmitted on the device and in all honesty I can assume that the end-user isn’t running scans and just relying on the “real-time” blocks.
Appreciate that, but I more speaking more to having the policy of personal devices REPLACING company devices and the impact of company policy on those personal devices. Sorry if I wasn’t clear.
Edit: For example, having a personal devices with personal information that is used as BYOD. Since the use is blurred between personal and business use, I was curious as how company policy might play out. I know it is probably written (hopefully) clearly in the policy, but say the company decides, while you are at work, that they want to search your phone or other device.
MarkT94
(MarkT94)
5
We’ve been looking at alternatives to BlackBerry as of late. One of the company owners, and my department head have iPhones (only ones in the company). Because BES can’t see them, we have no control over the devices. With BlackBerry possibly going under, we are looking at alternatives, like Mobile Iron (and others).
The biggest problem my boss has with BYOD is not owning the device. We can use something like Mobile Iron to push policy to the devices, and we can tell the users if they wish to use their own personal device, they will have to accept our policy controls. If not, no connection. But, because of the person side of the phone (blurry lines there), their are privacy concerns.
I think we will, at some point, go away from BES (using Express 5 at the moment). When we do, we will likely stick with a company provided device policy. Personally, I would prefer to stick with either BlackBerry or Android - not a fan of iOS. I’ll wind up supporting all three though once we make the move - no way around it.
scott696d
(Scott696d)
6
There are products out there which you can use to control your companies data when downloaded to an employee’s device. We’re looking at Sophos for that here. We will allow the lawyers to bring in their own iPads and we will configure them to work with our Citrix setup. We do not supply anything above and beyond a single laptop / tower for them to use. If someone else here (not a lawyer) wants access to the internet through our wifi they get guest access only as they shouldn’t have that kind of “portable” access to our servers (and data) unless they’re a lawyer.
drx8163
(Dr X)
7
If you bring your own device, phone, Ipad, laptop etc. you can only connect to the guest network. That gets you a 3mb Internet connection only.
No access to anything on the company network. We use a RADIUS server as well as MAC filtering depending on which of the prdocution wirless or wired networks you access.
Our company has had kind of an interesting view on BYOD standards. For the longest time, the company would buy an account manager’s first laptop. When it broke, the account manager was responsible for purchasing his own (which meant a wide spectrum of support from IT). Like Mr. Madden, we have an Employee network that uses the windows log on credentials (Active Directory user/pass) to authenticate to the network, then we have a Guest network that has very limited access to internal resources. All personal devices that we didn’t have (legal) control over their antivirus, firewall, etc would only be allowed on the Guest network.
Recently, though, we’ve changed over to an MS Exchange server from the whole Novell Groupwise system. We enabled a feature on Exchange that forces any mobile device, iDevice, Droid, or Winodws Mobile, to have to setup and enter a 4-digit PIN to unlock the device for any use.
Our policy is that if you want your email on your phone, you’ll enter the PIN every time you unlock it. If you don’t want to enter a PIN, then you don’t have to get email on your phone.
2 Spice ups
My former company used Mobile Iron on all non-BB devices. This gave the company the ability to remote wipe all company defined data in the case of lost/stolen devices whether they were company owned or not. This worked well since it didn’t touch an employee’s “personal” data, if a wipe was required.
mbraden
(Mark1950)
10
We avoid users using their own devices instead of company devices. As they belong to the user you have less control of what is on them that can impact your network.
Mark1950 wrote:
We avoid users using their own devices instead of company devices. As they belong to the user you have less control of what is on them that can impact your network.
Read the article that I just posted. You can, if treated as “view” devices, use BYOD to do the exact opposite. More control to IT, less freedom to users.
Joe9809 wrote:
My former company used Mobile Iron on all non-BB devices. This gave the company the ability to remote wipe all company defined data in the case of lost/stolen devices whether they were company owned or not. This worked well since it didn’t touch an employee’s “personal” data, if a wipe was required.
We use that too with Meraki for iOS.
Scott696d wrote:
There are products out there which you can use to control your companies data when downloaded to an employee’s device. We’re looking at Sophos for that here. We will allow the lawyers to bring in their own iPads and we will configure them to work with our Citrix setup. We do not supply anything above and beyond a single laptop / tower for them to use. If someone else here (not a lawyer) wants access to the internet through our wifi they get guest access only as they shouldn’t have that kind of “portable” access to our servers (and data) unless they’re a lawyer.
Few things as scary as a lawyer with customer data on a portable device!!
johnwhite
(John White)
15
Scott Alan Miller wrote:
Dammit Scott. I’m pretty sure I pay good money for a service that does that.
1 Spice up
pbp
(RoguePacket)
17
We have AUP, of course.
Also, the company have an organization-wide minimum security policy. That policy dictates what BYOD must have. Enforcement through NAC/etc has been minimal, due to expense of such a NAC roll-out.
.
John White wrote:
No worries. Meraki isn’t free.
To offer a different perspective. I’m at a small office with few enough people that I can support their personal devices too. I have a guest wifi for personal devices and guests and a separate internal wifi. Both are filtered by Untangle. The BYOD policy here is that it is ok to use your own devices and I’ll put it on the appropriate network. For example, I don’t want to carry two phones so I use my personal iPhone for business. The down side is that I now own any problems whether they be personal or business, but I would help them with personal issues anyway.
Scott Alan Miller wrote:
I just started looking at Meraki. Do you use it to manage iStuff or the APs?
