Hi Spiceheads,
I’m dropping in to ask the community here: what is your Bring Your Own Device policy?
We are finding in our market research that there is a huge disparity in how companies of all sizes handle users phones, tablets and laptops on company networks, and interacting with company files. With a lot of staff resorting to shadow IT to get their daily jobs done, how do you handle this in your workplace?
7 Spice ups
kkyishkkii
(Kkyishkkii)
2
We don’t allow personal devices on our network. End of.
4 Spice ups
Bud-G
(Bud G.)
3
Yes, this is our policy too. If we want it on our network, we’ll get you one and we’ll control it. Otherwise it’s a security risk which we don’t want to have.
2 Spice ups
kz650
(Pictuelle)
4
BYOD all day long, vland and segregated, captive portal, QOS - no issues 
2 Spice ups
We don’t have one. Management made the decision that personal devices are not allowed on our WiFi and that was it.
We have seperated personal device wifi and use Meraki to ban the devices from the local network.
As far as putting email on personal devices, we have pretty walkthrus with pictures and stuff, but if that doesnt work, the user is SOL, although I do laugh when they complain about the rules.
Last thing I need is to be forced to deal with someone explaining how putting email on their phone took up a huge chunk of space
qwelm
(Qwelm)
7
We have a separate network for personal devices. Only company devices listed in AD, with the exception of some test cases in the IT department, are allowed to connect to our business network. End users have the option of connecting their Office365 email to their own mobile devices, but must have a PIN or other passcode on the device and we reserve the ability to do a remote wipe of their device if we need to.
1 Spice up
Our policy basically governs who is eligible for mobile phone reimbursement, the lack of support for personal devices, and fact that all devices that sync email must have an access PIN enabled. Beyond that, we encourage use of the secured WLAN, but do not allow physical connections to the network from non company-owned devices.
Use what you feel most comfortable using, but we have security protocols set up to handle any threats, phishing attempts, etc.
BYOD. sure. put on our network - um, no
that’s the policy, works well for us
BucDan
(BucDan)
11
BYOD, Guest network ssid: VLANed, segregated, and QOS just like Pictuelle.
We provide an isolated Wifi for personal devices with the policy (and understanding) that we’re doing that as a benefit to our employees. We simply ask private matters be done on the non-business wifi and business work remain on the internal network. Works like a dream.
With BYOD quickly becoming the rule rather the exception, native Windows Server functionality does not provide adequate means to secure user access from personal devices.
UserLock alleviates this increased risk to security by empowering IT to control, limit, track, record and automatically block all inappropriate or suspicious sessions across Wi-Fi and/or VPN sessions.
Be sure that whoever is gaining network access, via whatever device, is the owner of those credentials.
- Define a maximum number of simultaneous Wi-Fi/VPN sessions that a user can open. (If you specify 0 users will not be able to open a Wi-Fi/VPN session
- Limit working hours or session time to limit the risks that come with BYOD
- Monitor and respond to suspicious access behavior – be that log ins from new devices or at odd times.
Hope this helps those looking at better securing network access for a remote and mobile workforce
BYOD is fine but they go on the guest VLAN, no company info on personal devices.
