Feeds

back to article Danger, Will Robinson! Beware the hidden perils of BYOD

When I first became involved with networked PCs, the company I was working with was upgrading its NetWare 2.0a installation to 2.15. We were pushing the boundaries of networking with our three-way gateway connecting Ethernet, Token Ring and PCnet. The only local storage on all but the most high-end PCs was a floppy drive, and …

COMMENTS

This topic is closed for new posts.
Happy

When BYOD works for me

On the subject of BYOD(ish) for my remote needs I can use Citrix Receiver or VMware View to connect into a Windows desktop env from my Mac or iPad. Both are very useful for weekend/out-of-hours support that being a sys admin usually incurs. Because I'm an owner of fruity tech I also have become the unofficial Apple support bod when it comes to linking BYOD kit to the office.

I also have a 2005/6 vintage work HP laptop which is still running XP (recently rebuilt) and that can use VPN to get in. But it runs like a dog nowadays, so I prefer to use my own kit.

There's no choice for BYOD when it comes to phone, so I still have a work Blackberry and my own iPhone.

0
1

Re: When BYOD works for me

Call yourself a Sys Admin and you still use XP?

Do you still have the box for your computer?

1
6
Silver badge

Re: Do you still have the box for your computer?

Nobody keeps the box for 14 years, don't be silly.

0
0

Re: When BYOD works for me

I'm a Linux Sys Admin who has to put up with what the company provides. Hence I prefer to use my own kit...

4
0
Silver badge

Re: When BYOD works for me

My last employer is still running XP machine from 2002 / 2003... You can probably guess why they are an ex-employer. ;-)

BYOD isn't really an option here. It is illegal to put corporate data on a non-corporate machine.

0
0
Silver badge

At last, someone who understands what the playbook was/is. The split between the personal/business apps and data in BB sounds like it's exactly what you're after.

6
0
Bronze badge

Yep, it was a neat solution. RIM's problem was that Apple had already trained everyone in what to expect from a tablet. So when RIM came along saying "Actually there's a different way" (and it was a very different way indeed!) no one listened or understood. There loss, but an even bigger loss for RIM.

Nowadays the idea is moot because the PIM / Email client software on the Playbook is perfectly capable of connecting to all sorts of things in its own right (Exchange, IMAP, etc), though arguably with less security for the corporate employer than the Playbook / BB6/7 / Bridge way. And alas the Playbook line isn't going anywhere either, so that's it.

It's much the same with BlackBerry Balance on BB10 phones. It's a really neat idea, it's pretty well bullet proof from the point of view of corporate security and personal privacy, it's a very good BYOD solution, far in advance of what everyone else is doing. Also it's the first actually useful Multi Level Security System I've ever heard of (all the others have been terrible usability kludges). And once again very few people out there have ever heard of it let alone know what it could do for their corporate users. Yet with pretty much every Android app now working just fine in BB10, you really can have a mix of personal fun and properly good (i.e. accredited) corporate security.

1
0
Anonymous Coward

It's not that hard

Simply encourage users to BYOD. Then slowly tighten security requirements (fiddly MDM software to install and set up, and so on) until they beg the company to provide them with a corporate smartphone.

2
1
Anonymous Coward

Re: It's not that hard

You can't do that too slowly! No point setting up MDM software after all the company's intellectual property has already leaked out through a compromised BYOD phone.

Joking apart, that why I like the idea behind BlackBerry's Balance. Phone split into Corporate half and Personal half. Corporate half locked down to the n'th degree, but the Personal half is yours to do what you wish with. And yet things like calenders, email and contacts remain usable, sane and well managed.

1
0
Bronze badge
Windows

RDP?

Same territory as Citrix I guess but cheaper?

That's what we use. Data stays on employer's servers. None on my laptop. Login/password to Windows desktop not stored.

T'other employer does not provide RDP session, so I use an encrypted hard drive and offline email reader. Disabled suspend so only hibernate or power off choices, hence reboot needed, so you have to know passphrase.

Tramp icon: I can run my whole tiny world from a recycled laptop...

0
0
Paris Hilton

Choose from a selected range as your own device

My current company is trying to implement a "Bring your own device that we hoisted on you" policy, where you can choose a discounted laptop or high-end mobile phone, as your own, it's reduced price is taken from your monthly pay, but the corporate IT will manage it for you. When you leave the company, it will be remotely wiped and you can then do with it as you wish.

Good idea in theory, but what about grumble flicks you watched at home, on your personal device, off company time that may leave browser traces that could get you fired for having pr0n at work the next morning (not to mention, sticky keys)...

Paris, because grumble flicks...

2
0
Silver badge
Alert

This is why DRM is inevitable

It is situations like this that make Digital Restrictions Management (DRM) inevitable. I am deeply concerned about the capacity for abuse of DRM, but would eventually end up writing in myself if it is not done. Before DRM extends deep roots we need to put in place laws and technical mechanisms for key escrow that preclude single nefarious entities from abusing the technology.

Thus far, the bad guys rule DRM and the only reason it has not sent us to hell already is that the bad guys are not very good at securing things. They are getting better and before they actually get DRM working we need to stop them from making it work against us.

Treacherous devices without controls to protect the public interest are dangerous. Note: The public interest is not equal to the interest of the state. These interests are so divergent now, the state is one of the bad guys we need protection from.

0
0
Bronze badge

Re: This is why DRM is inevitable

These interests are so divergent now, the state is one of the bad guys we need protection from.

Especially in the Land of the Free Spied Upon.

0
1
Silver badge
Facepalm

For me, BYOD means...

... bring your own device (and leave it here in this safe while you're at work, and never ever use it to access company resources, though we'll make sure of that last part by allowing only authorized devices and users to access our company's data and apps).

In my opinion, the other meaning of BYOD (The one that everybody else uses, i.e. bring any mobile device you fancy, so we can save X Euros in hardware purchases, and expend 10X Euros more in software, security and support) is utter madness, a clear indicator that management, more often than not, doesn't have a clue, and a recursive security nightmare.

7
0

Citrix Receiver may be fine in theory, but on Linux YMMV.

The latest version has some serious issues with Ubuntu and XenDesktop and little interest in getting them resolved insofar as I can see.

Shame because it would actually work pretty well for me if it actually worked....

1
0
Anonymous Coward

USB encryption

The biggest problem with encrypted USB sticks is when you need to copy files to a client's computer and find it can't read it.

Of course they don't have the rights to install any special software to permit such use, and even if you can get their IT folk's attention in time you may well find they use a Mac or Linux box so Windows-specific support is useless.

I know there are the odd device out there that is properly self-contained (e.g. with own PIN keypad for the encryption and just appears as USB storage when correct) but most of the affordable solutions are useless in such a situation.

0
0
Silver badge
Boffin

Re: USB encryption

TrueCrypt in Traveller mode.

You load it on the unencrypted USB stick, then use it to create an encrypted container on the stick.

Biggest problem I usually find is that the client site has blocked the use of USB full stop, not that you can't run the encryption component.

0
0
Anonymous Coward

Re: USB encryption

But on a locked down PC, will you be able to run TrueCrypt at all?

If the admin had done their job right, you won't be able to run an arbitrary program of a USB stick!

Back to my basic point - there are no universal solutions that work "out of the box" and don't involve changing the client's Windows/Mac/Linux box.

0
0

This post has been deleted by a moderator

Coat

Re: BYOD Security Solution

Woah, oldschool!

Timely, unintrusive advertising, relevant to the discussion, (probably) useful to several participants in the discussion, and delivered with honesty and integrity?

The 80s BBS called, they want their spam back...

4
1
Bronze badge

Work on a train requires local copy

If you want your users to be able to work on a train, they need a local copy of the data. That's a fundamental constraint. Thin-client solutions like Citrix simply aren't usable over 3G/4G networks while moving through tunnels and railway cuttings; even Outlook Web Access can be torture.

This means documents on the client device must be stored in encrypted form. BitLocker is suitable on Windows, but I'm not aware of any equivalent on Android or iOS.

1
0

Data On A Train

I want this motherfucking data off this motherfucking train.

0
0
Coffee/keyboard

BYOD? Where's the network?

It's astounding to me that there could be such a long discussion of "all" the issues surrounding BYOD, and yet there's absolutely no treatment at all for what the network looks like in that scenario. The experience of users is jolted from the beginning in most BYOD scenarios by the idiotic NAC schemes deployed by those who buy such snake oil, but I don't suppose that's important enough to be included in a discussion labeled as "all".

0
0
This topic is closed for new posts.