back to article BYOD is NOT the Next Biggest Thing™: Bring me Ye Olde Lappetoppe

Remember BYOD? Well, it’s BYODded off into the sunset. It was the Next Big Thing, just before the next Next Big Thing that came after that and it followed hot on the heels of the Previous Big Thing. Without doubt, BYOD was big and it was a thing – but the party is over. For the benefit of occasional readers of this column who …

  1. Voland's right hand Silver badge

    C'est la vie dabsie

    While the technology (802.1x) to authenticate wired connection has been out there for ages and supported across the board (Mac, Linux and Windows), it is yet to be implemented by 50% or so of the IT departments.

    Out of those who have implemented it I have seen only ONE, yes ONE, which assigns different networks with different access policies on the basis of 802.1x identity and once again only ONE which has a fall through for unauthenticated 802.1x devices to a guest network.

    Everyone else runs flat, mostly unprotected network of the "once you get in, you can wreck havoc". If there is a firewall, IDS and NAC it is just one and it is at the border.

    To add insult to injury you often have execs which actively prevent and sabotage attempts to segment: "Waddaya mean I will not have access to the whole network? I am Chief [Stupidity | Ignorance | Thickness ] Officer, I will have access to what I want and how I want". Unfortunately when facing this outburst 99% of corporate IT falls into line straight away and will never design the network to be segmented in the first place. So from there on it cannot introduce different "access" levels even if it wanted to.

    1. yoganmahew

      Re: C'est la vie dabsie

      Indeed and sysadmin (or any senior developer who fancies himself as one) types are as bad - "I need admin access to everything from everywhere". Mind you, the alternatives are awful says that man who enters passwords to ten different systems (usually the same password) thirty times a day. The expectation that people will provide proper support (that requires proper access) 24x7 as a means to cutting down on expensive on-site support only serves to increase the risk.

  2. Chris Miller

    If you allow random devices to connect to your private network, you deserve everything you get. BYOD is perfectly safe* as long as connection is limited to a guest wireless network with its own Internet link and an airgap between it and the real network. If you can't do what you need through a secure web interface (most people can), you'll just have to use a locked-down corporate machine.

    * Whether it's reasonable is another question, I certainly don't think it should be compulsory.

    1. Mark 85
      Meh

      What you say is true. But now go tell the C-Suite suits that they can't get into the company network via the wifi using their latest trinket....err.. toy... err... technological marvel.

      We even gave our sites two wifi connections. One secure and the other "guest"... upper management screamed about having to use passwords for the company (secure) side. But then again, these are the same idiots who's admins start up their computers and login for them since they're too important to remember passwords.

      1. Phil O'Sophical Silver badge

        So don't call the open network "guest". Call it "executive" and firewall it to allow only minimal, well-logged and virus-filtered access.

        1. Terry 6 Silver badge

          Phil O'I 'm glad you said that.

          Sadly too many of the IT guys I've worked alongside have had poor skills with people management.

          The suits need to be told that there is an executive grade network access level, just for them, with easy, and convenient access to all the data. And say that they won't need to go near the oily engine, do not say that they won't be allowed to

          Since they won't even know what it is they haven't got access to ( like anything to do with the server management ) and will have no idea about permissions, that will do nicely.

    2. Anonymous Coward
      Anonymous Coward

      Re: airgap

      So tell us how that secure web interface works across the "airgap". Is it a webcam facing a VGA monitor perhaps? And a robot arm to poke at the keyboard?

    3. big_D Silver badge

      @Chris Miller if you are on the guest network and air gapped from the data you need to perform your job, how is BYOD of any use? Yeah, I know, the irony port allows magical access.

      I'll stick with a corporate device, it is an SEP when it goes wrong (Somebody Else's Problem)

      1. Anonymous Coward
        Anonymous Coward

        A guest network should always be treated as "untrusted" by both the user and provider. Any secure services (banking/corporate email etc) should require an encrypted connection HTTPS as a minimum VPN by preference. In this model BYOD becomes more remote access via a company provided WiFi.. No less secure than any other remote access..

  3. Teiwaz

    Brilliant stream-of consciousness style Rant.

    Read like the most moving poetry.

  4. Novex

    One down, one to go

    Having realized that BYOD wasn't a good idea, I wonder how long it will be before 'let's outsource everything to a cloud so someone else can see all our data'* will die its death too...

    *LOETACSSECSAOD - hmm, not really very catchy, is it...

    1. Dan 55 Silver badge

      Re: One down, one to go

      That policy will be replaced by a new one, Forbid the Use of Cloud Methodology for Enterprise.

      Workers will be heard to mutter "Forbid the Use of Cloud Methodology for Enterprise, they've changed it all again" under their breath. Or something similar.

    2. Alistair Dabbs

      Re: One down, one to go

      If this keeps up, perhaps we'll see a return to valves.

      1. John Tserkezis

        Re: One down, one to go

        "If this keeps up, perhaps we'll see a return to valves."

        You mean where computers filled an entire room? No wait - we still have that now, well, albeit a smaller room.

        1. Alistair Dabbs

          Re: One down, one to go

          You mean where computers filled an entire room?

          Sony will be forced to admit that their difference engine was hacked into by some kids armed with a fretsaw and a bag of nails.

    3. Franco

      Re: One down, one to go

      I've been singing from those hymnsheets since they were first distributed, always thought BYOD and cloud are terrible ideas.

      Every company I suipport who had Blackberrys binned them after that big outage a few years ago that meant no email for several days, and it'll only take one similar outage or the US Government winning their court case against Microsoft for confidence to be dented significantly.

    4. verbaloversupply

      Re: One down, one to go

      Data in the Cloud just died a death here. €36k bill to keep access to data (for limited time) when moved to another system. Also spelled death of lets not consult IT when implementing new systems.

      1. Doctor Syntax Silver badge

        Re: One down, one to go

        "Also spelled death of lets not consult IT when implementing new systems."

        Unlikely. Memories are short.

  5. Chozo
    Devil

    I ♥ BYOD days

    I wear my "I read your email" T-shirt and after a few trips around the site it's amazing how many devices disappear from the network never to return.

  6. chivo243 Silver badge
    Trollface

    Ego vs. Security

    Ego seems to win the first battle every time. After a few outages and anomalies traced back to the Ego's earlier decisions, Ego still wins. Ego makes lots of noise regarding the issue, promises changes to the current situation. Ego holds a meeting "gathering" information to make an informed decision for proper change. Ego is asked by his higher ups, and reports he's had meetings and will announcing when the decision will come... Still waiting for the announcement 6 months on, Ego's higher ups find the issue has been dropped entirely. Ego gets sacked, Ego gets fat severance package. Ego gets job across the street with fat raise... Wait we never talked about security?

  7. Anonymous Coward
    Anonymous Coward

    No PUDs* in the workplace

    You'll have to eat your sweets in the canteen

    (PUDs -> Personal Useless Devices)

  8. Tom 7

    This will turn it around again

    http://www.theregister.co.uk/2015/01/31/microsoft_tells_large_enterprises_no_free_windows_10_for_you/

  9. Trygve Henriksen

    Secure erase....

    We have a Wifi network dedicated to BYOD stuff like notallthatsmartphones and tablets, and 'everyone' wants to read their email on their devices...

    Quite a few reconsider, though, when they have to set up security measures on the device(password protected screen saver) and agree, in writing, to us being able to remotely erase everything on it.

    1. Yet Another Anonymous coward Silver badge

      Re: Secure erase....

      The fip side of no-byod is that if you want me to receive company email or phone calls when I'm not in the office then you issue me with a company device.

      If you expect me to carry a company device then I am on-call, and I am getting paid for on-call time or I'm getting time off in lieu

      1. Trygve Henriksen

        Re: Secure erase....

        My office-supplied phone is a JesusPhone 5(16GB)...

        So I see no reason at all to even try accessing my work mail on my Samsung Pocket whatever.

        Anyway.

        A corporate network is bound to have security holes, but it's up to us as users and administrators to make certain that those holes are as few and far between as possible.

        If someone wants to read corporate email on the phone/tablet/watch/internet-connected toaster... then it's up to us to make certain that outsiders who 'happen upon' that device doesn't get to that email...

        Or the network it resides on...

        That's why the 'remote erase' requirement. If someone nicks the iThingie, we want to be able to delete ANYTHING job-related. Unfortunately, it also means that private stuff goes to H!, but I can live with that...

      2. nichomach

        Re: Secure erase....

        Agreed, if you're expected to respond *outside business hours or your agreed shift*. If it's just there for when you're out of the office in the course of your normal working day, then no.

  10. Anonymous Coward
    Anonymous Coward

    Uh?

    Now all my emails to and from senior management and production departments – I can be dead important at times, I’ll have you know – can be picked out of the air by anyone planted in the next room or even sitting outside on the steps and looking up at the street sign on which someone has so conveniently printed the company’s Wi-Fi password.

    Well, they can pick up the data stream, but if they can read your email just like that you really ought to reconsider your provider. The last time I used any email connection that was not SSL protected was probably 15 years ago - no, I tell a lie, I have used cold SMTP for a test but that was via the old "telnet mailhost 25" route and issue the HELO command manually. Before you're impressed, I was only trying to get some data onto a network sniffer - the last Access All Areas hacker conference in London I was at (which is MANY years ago), I was watching a 12 year old girl do that. She must have gone far. But I digress.

    Secondly, the use of Wifi is more or less foisted upon us by certain manufacturers who don't even provide ethernet ports anymore. New Apple kit, for instance, seems to pretend that there never was a wire involved, slightly spoiled by the fact that they are instead permanently hanging off a power supply cable instead because people don't know how to train a battery.

    I even recall an experiment at a very large oil company which I'm not allowed to name but whose name involves remarkably few characters where in one department simply *everything* was on raw Internet - that is doable insofar you make sure you use decent VPNs. At the time the complexity made it too costly to continue, but now the tech is there to actually do this reasonably easy.

    The latter approach has one massive advantage for company devices: they are always subject to a reasonable degree of transport security, in the office of on an airport Wifi (which is always intercepted since 9/11 gave some people all the excuses they needed), and it enforces a security policy on Internet use. However, a BYOD device is in principle untrusted and should in my opinion never come near a core network.

    Setting up a dirty LAN or a DMZ that proxies a limited set of open standards (umm, oh, Android doesn't support carddav or caldav?) and giving certificate based VPN access to that, OK, but not on the internal network. I like my layers, thank you, and giving an untrusted device access to a network that's one layer removed from the financial and personnel network is not going to happen on my watch.

    I agree with the rationale of some of the BYOD demands, though. Sometimes, IT is indeed not that good in choosing devices that users actually want to work with (a massive understatement if you ever worked in a somewhat staid government department), but there is a business case to be made, and security to be imposed. Without that, I am happy to be Mordac the preventer.

    1. Charles 9

      Re: Uh?

      So what happens when the demand comes from someone over your head?

      1. Mark 85

        Re: Uh?

        And that sums up the whole issue. We know how to secure things, etc. But then you tell some one "no" and the next thing that happens is the CIO's admin or your boss gives you a call and the idiot gets his way. What we get out of it is having to clean up other people's messes.

      2. Trygve Henriksen

        Re: Uh?

        Over the head?

        You make certain to go to the Big BOSS first!

        All company-wide IT policy should be approved by him personally.

        If he says 'No' to BYOB, you can tell any wannabe asshat to go take a hike.

        If he says 'Yes' you ask him for permission to take 'reasonable precautions'(and make certain that he agrees with those precautions).

        In fact, there should not be a level of administration between the Big BOSS and the IT department. He is the only one who should be able to tell you yes or no to anything.

  11. Destroy All Monsters Silver badge
    Thumb Up

    Holy damn that angr!

    Looks like I do not get to the coiffeur today, just reading this got me coiffed.

    1. Destroy All Monsters Silver badge

      Re: Holy damn that angr!

      I also think someone should play with the Bayeux Tapestry Editor for illustrative purposes!

  12. Anonymous Coward
    Anonymous Coward

    Still have a legacy VPN I can connect any BYOD thing to

    But that's subject to a Do Not Resuscitate order. New VPN works with Windows only, and only one of the company supplies dodgy Dells can properly connect to the corportate network. BYOD isn't quite over for us, but it's on its way out. Even connecting my own phone to the Exchange server requires some corporate malware.

  13. keithpeter Silver badge
    Windows

    KYDISH

    Upstairs version....

    Keep Your Dreadfully Insecure Stuff at Home

    Surprised noone mentions remote desktop into company controlled PC on these occasions. Covers data security and network integrity to an extent that others here will no doubt wish to comment on. Seems to work as implemented at current main employer.

    I'll admit to using RDP over the guest wifi on the employer's premises because my 6 year old refurbished Thinkpad / RDP session over wifi combination is *actually faster* than the desktop PC I have been allocated.

    One cafe in Birmingham uses a 9 digit wifi password which they change weekly..... We always end up writing it down.

  14. jake Silver badge

    "BYOD" actually stands for "Break Your Own Defenses".

    Search on "jake +BYOD" here on ElReg ... It's been my mantra since BYOD became a meme amongst the technologically clueless corporate mindset, a little over two and a half years ago.

  15. Anonymous Coward
    Anonymous Coward

    A disturbing amount of focus on masturbating

    Not getting enough ladytime Dabsie?

    1. Alistair Dabbs

      Re: A disturbing amount of focus on masturbating

      Don't talk wank.

  16. Dr_N

    BYOD

    Massive fail in France as no one ever puts their hand in their pocket for laptop or mobile purchases.

    It is a considered a human right that your employer will stump for a mobile and laptop.

    And woe betide the manager who doesn't spec the latest and greatest shiny-shiny and has to deal with the day-in-day-out moaning about how unfair it is people are expected to call their wife/kids/homoeopathist (well they don't use them for work that's for sure) using a three year old Blackberry....

    Nothing beats a sense of entitlement.

  17. Zog_but_not_the_first
    WTF?

    How, how, how???

    Does anything get done with this kind of madness prevalent?

  18. Paul Hovnanian Silver badge
    Facepalm

    Laptops, Tablets, Phones

    Company issued. Now, how to keep these inside the company, connected only to the 'secure' network. Back in the last century, when execs were issued a company laptop, part of the justification was that they could work from wherever they were. At home on the dialup or DSL. Or at one of those newfangled public WiFi hotspots in a coffee shop.

    For all intents and purposes, those machines came back to work as disease-infested as the BYOD stuff that people were prevented from bringing inside. Issuing guidelines made no difference. "Whaddya mean, I can't install my favorite app on MY laptop?!" the exec bellows at the lowly IT person attempting to scrub the cruft off some VP's company laptop yet again. Or the warez that the bosses kid downloads when dad leave the machine unattended on the kitchen table.

    1. Yet Another Anonymous coward Silver badge

      Re: Laptops, Tablets, Phones

      The rule won't apply to the bosses shiny malware infested personal laptop - because to claim back the VAT it was officially company property (like his car and children).

    2. Doctor Syntax Silver badge

      Re: Laptops, Tablets, Phones

      "the lowly IT person attempting to scrub the cruft off some VP's company laptop yet again"

      It department offers a 1 week turnaround service to clean laptops which are returned with a helpful leaflet explaining how to avoid this in future. After a few months of being without laptop for a week each month the penny starts to drop.

    3. Mark 85

      Re: Laptops, Tablets, Phones

      I don't support BYOD personally and my boss supports that. Simple really..

      "Boss, you want me to support that iThing? Fine, buy me one, train me on supporting it and I'm you're boy. Don't do that I'm not going to touch it because I'm not buying XXX a new one if a break it." And even upper management agrees because they're too cheap to buy the iThing and pay for training.

  19. Anonymous Coward
    Anonymous Coward

    Corporate IT Management == PHB

    At my other half's company they've banned sites like Facebook, YouTube etc.

    all done so that the wage slaves can spend more time actually doing stuff.

    Suddenly there is a huge increase in personal tablets and laptops on desks all browsing the banned sites.

    Management sends out a memo asking why this is when the sites have been blocked.

    They poloelty get told that those devices are using mobile connections.

    Everyone is waiting for the inevitable 'ban all personal mobile devices' dictat.

    PHB's every one of them. Is it little wonder that she and half her team have voted with their feet and are moving to other jobs. No, this is not a cunning plan my managemrnt to reduce headcount. They have more than a dozen vacancies in her dept before this episode.

    1. Steven Raith

      Re: Corporate IT Management == PHB

      At a place I worked at previously, they banned non-work related sites.

      Productivity went *down* because people felt they had no personal time to chill between bouts of work and were getting stressed, a few people quit, etc.

      Things chilled out when the staff were actually trusted to manage their own workload again.

      S'funny, actually treating your staff like grown ups, and singling out the actual skivers = better performance overall - who'da thunk it?

      Steven R

    2. James O'Shea

      Re: Corporate IT Management == PHB

      Oh, it's quite reasonable to require that company machines be used only for company purposes. However, I have my personal iPad, and it is set up to generate a hotspot. And, depending on what I want to do, I can and will use either the iPad itself or its network connection sent to my (personal) laptop to do stuff like visit el Reg. Any attempt at telling me what to do with my personal devices which are not on the company network and are running on battery, not even using company electric current, will be treated with the contempt that it deserves. Any comments about company time will be dealt with by pointing out that Federal law mandates x minutes of break for every y hours of work. I'm on break. Go away, or do you want to look at a Federal lawsuit, twit?

      1. Steven Raith

        Re: Corporate IT Management == PHB

        My experience is that places that slap down on internet usage are also the sort of places that do really shitty performance reviews.

        Oddly, the sort of places that trust you to manage your own time tend to have very relaxed performance reviews as the staff are trusted to Do Stuff.

        Survey of one, etc. Maybe it's just the sort of workplaces I gravitate towards, though...

      2. Anonymous Coward
        Anonymous Coward

        Re: Corporate IT Management == PHB

        "Any comments about company time will be dealt with by pointing out that Federal law mandates x minutes of break for every y hours of work. I'm on break. Go away, or do you want to look at a Federal lawsuit, twit?"

        The legal department then comes back and informs you that there is no federal law in regards to lunch breaks (ask people in the retail or assembly line industry—a break? Puh-lease). "Federal law does not require lunch or coffee breaks." – US DOL website. Plus, many states operate "at will," meaning unless you have a written contract specifying the specific terms of your employment (now, if the lunch break is in your contract, OK you can argue on contract law grounds), not just you but your boss can choose to terminate your employment at any time.

  20. Oh Bother

    Evolution?

    I thought internet threats were intelligently designed.

    1. Alistair Dabbs

      Re: Evolution?

      That's right. They call them viruses, fraud, spoofing, hacking, malware and so on but "they're just different names, not different things". Noah put just one male internet threat and one female internet threat on the Ark, and here we are.

      1. P. Lee

        Re: Evolution?

        >Noah put just one male internet threat and one female internet threat on the Ark, and here we are.

        Gullible fool! Don't you know that the entire internet and its protocols came from /dev/random?

        1. jake Silver badge

          @ P. Lee (was: Re: Evolution?)

          /dev/random was the misbegotten child of /dev/null and /dev/zero ... From nothingness came randomness.

          Thus the wonderfulness we have today. All praise /dev

  21. Dana W

    In other words, eat Widows you proles! Secure devices only and that means Windows! Our Microsoft rep said so!

    Yeah, Windows, the Secure, safe operating system! REALLY! No one else need apply! Seriously, does anybody have a company issued device they don't HATE? With rare exemption they are Dell fleet junk, or at best, a bulky, dull, and heavy, (But at least reliable) Lenovo.

    1. jason 7

      I loved my little company 1998 spec AST laptop with Windows 95, 65MB of ram, 166MMX CPU (I overclocked that sucker to 233Mhz though), single USB port, CD Rom and 3GB HDD.

      Great little machine. Wasn't so keen on the locked up tight NT4 laptops that followed it but they weren't bad either.

      However, I caught on and saw what was on the horizon and made the request to be the only desktop PC user in the office. That way I was never under pressure to work from home/hotels or at the weekend.

      "Oh damn, I can't sorry, don't have a laptop!"

      Enabled far more time in the hotel bar.

    2. Doctor Syntax Silver badge

      "In other words, eat Widows you proles! "

      ElReg promoting cannibalism?

  22. Sarah Balfour

    Personal Equipment Now Instant Sacking

    Sorry, can't kip so turning naughty words into topical bacronyms. Sorry, the title was probably a bit dickish, it doesn't really make sense.

    Even my tried-'n'-tested guaranteed kip formula ain't working tonight.

  23. jason 7

    I was waiting for the next stage...BYOE

    Basically they seal up all the plug sockets and put electric meters needing 50p pieces beside each 'hot desk'. Windows would be blocked up to stop anyone using non-approved solar chargers.

    Next phase after that was BYOC (chair), then BYOH (hot desk).

    By that point if you hadn't realised they weren't actually paying you...

  24. RTPIII

    BYOD is not a bunch of filthy k'nights

    BYOD is not a bunch of filthy k'nights trying to storm your French tower of pristine data security, the clopping of the coconuts is progress and promise of a new Arthurian age in data freedom for employer and employee.

    Yes, question the man who knows little bout tha' swallow flight patterns, security needs to be balanced with freedom or else we end up with John Cleese running wild doing Chrysler commercials and Bond movies.

    Bedlam is everywhere, but it always has been. We should still be tilling the moors for moors' juice and moors' fruit with any ho we please. If the serfdom is unhappy, the entire kingdom doth suffer, no?

  25. Anonymous Coward
    Anonymous Coward

    Security hogwash rules OK

    I feel the whole discussion is mainly a lot of noise that is worse than the original BYOD hype ever was.

  26. James O'Shea

    Interesting

    I have had two cell phones for quite some time. One is my personal phone, one is the company phone. For years the company phone was supplied by the company, and was a Windows phone. We used Windows phones because of certain company software, which worked only on Windows phones. And, of course, which broke when Microsoft changed OSes. The company gave up on Windows phones and would allow all personnel to use other phones after successive 'upgrades' which broke compatibility; they went to web-based apps which worked with any web browser, instead. However, ,while we could use any phone we liked so long as the web-based apps worked on it, the company would pay for them, and would set up security on them. So I have an iPhone 5s which has been thoroughly locked down and can be a pain and half (Apple appears to have a problem with connecting to Active Directory networks, and not just from iPhones, either) and has complete access to everything on the company net. I also have a iPhone 5c, which is my personal phone (replacing an Android phone which froze far too often) and which is nowhere nearly as locked down and can only get to the guest network. Secure stuff doesn't fly on the 5c.

    I thought that properly securing all devices which could reach inside the real network was what reasonable companies did... Silly me. I thought that the company phone was just that, the company phone, and that it was supposed to be used for company purposes, and that anything done with it would be monitored by those in charge of IT security (my guys, mostly...) so don't stick your pr0n on it, okay? (And, yes, that includes not having Arsebook and Twatter and all other non-company-approved antisocial networks. Which is all of them, without exception.) Company phones are like company laptops, only smaller.

    Where are these companies which allow access from any random device any random new hire brings in? If any of them are competitors, methinks that spending some time in their parking lot(s) with an iPad or a laptop may be useful.

    1. OzBob

      Re: Interesting

      I used to have one cellphone and the old boss paid the bills and never looked at the call logs. The new boss started querying me on the large number of whore-houses on my call list, so I had to outsource my personal numbers to a burner phone. Ce la quinne.

  27. Anonymous Coward
    Anonymous Coward

    Where I work we have a 100% BYOD policy and it works really well. To be fair I'm also the only one in the company at the moment so I tend to cut myself a bit of slack.

  28. Medixstiff

    BYOD hasn't worked in the last two business I have worked for, because people don't want to shell out money, they want it for free.

    Only management staff have bought their own equipment and only after asking us which is best out of a selection they presented to us.

    1. jason 7

      If I was a metal worker I wouldn't expect the company to ask me to bring my own heavy duty lathe to work.

      Same if I worked for Rentokill, I wouldn't expect to bring my own pesticide.

      Why shouldn't staff expect the tools for free if they are being employed?

      Would be different if the employer gave them each a cheque for £5000 a year for IT kit and support costs.

      1. Joel 1

        @jason7

        It is not unknown for skilled workers to supply their own tools - joiners/stonemasons will often supply their own tools.

        My concern is that often the company budget for IT is far lower than what I would prefer to pay. I use the equipment day in/day out, and I am more than happy to pay out to have the spec of machine I want, rather than that deemed necessary by the bean counters.

        Many times in the past I have paid out myself to max the RAM on the company machine rather than go through the pain of trying to push the justification through the purchase system. RAM is too cheap to worry about. When you can double the RAM for under £50, why worry?

        No-one has yet complained that the inventory software reports too much RAM. No security issues either.

        It is always disappointing as a contractor to be working on the supplied system that has 25% of the performance of my own system. But there you go. They pay enough for me to put up with it (although I did sneak in an extra 4Gb stick of RAM I had lying around - one has some standards).

  29. Daniel B.
    Boffin

    It depends.

    It depends on what the WiFi at the organization is. Any company with a competent IT Security Division that actually listens to their Security bods will have the WiFi network separated from the main network. WiFi is for guests, mobile devices, and will have unrestricted access to the Internet. Only company-issued devices should have WiFi access to the "secure" network, and even then the "secure" WiFi should be a separate "greynet". If possible, have the secure devices connect to the main network via VPN to avoid wifi sniffing.

    1. Allan George Dyer

      "secure" WiFi, "greynet"? Re: It depends.

      Keep it simple: 1) Mandate VPN connections for all External access; 2) Define WiFi as External.

      1. Daniel B.
        Boffin

        Re: "secure" WiFi, "greynet"? It depends.

        Keep it simple: 1) Mandate VPN connections for all External access; 2) Define WiFi as External.

        If I had complete control over IT infrastructure, that would be exactly how I would define WiFi. In fact, one of the bigger banks I've worked at had this policy, and in addition to this they have their WiFi restricted to "authorized users only". It's kind of funny, because you have to jump over far more hoops just to get WiFi access, and it still requires VPN access to the real good stuff, while Ethernet access is only a matter of raising a support ticket. You get plugged in in 24 hours, tops. WiFi access there will require C-level signatures, it's incredibly stupid!

  30. Anonymous Coward
    Anonymous Coward

    Best practice

    - Get all your team new laptops. It shows you give a shit about their basic IT requirements and shuts down any excuses of equipment not fit for purpose

    - If you expect them to make phone calls or be contactable give them new phones too.

    - Have a sensible fair personal use policy

    This costs peanuts in the total cost of an employee and doing business and removes the frustration of ancient kit and removes the need for BYoD.

  31. Anonymous Coward
    Anonymous Coward

    thank God

    BYOD is going. I have noticed the trend in anti-BYOD articles over the last few months and I'm glad we have continually managed to dodge the bullet of having to implement the sh1t on our site. We have had a guest wireless network for several years and its amazing how mush sh1t is connected to it daily every man and his dogs phones and laptops. It sort of goes hand in hand with corporate wifi networks in general. Why anyone would want to sit at their desk and connect to a contended wifi connection running over a BT infinity line rather than the wired 1gb/10gb corporate network with a 1gb internet connection is beyond me!

  32. Anonymous Coward
    Anonymous Coward

    More to it

    There are a couple of things going on in the background here.

    First, BYOD turned out to be self-limiting. Around here, the trend at the margin is for those who went for a Macbook two years ago to switch back to a Thinkpad because there's less faffing, and you can get a *carbon fibre* one.

    Second, in our case, Blackberry shot themselves in the foot during a migration with some mercenary licensing. The story is that they demanded the old and new systems both be fully licensed, simultaneously. I don't know how true that really is - it doesn't sound very Canadian. In any event we stopped issuing Blackberrys, meaning everyone has, or will get, an iPhone anyway.

    I could supply my own $100 Winphone, instead of a $500 iPhone, but I would need VP sign-off. No-one can be bothered, including me. I might need that face time for something important.

    Execs are still sucking up IT resources with shiny things that don't quite work. But that was true in 1995.

  33. Jonathan 27

    BYOD is a lot of work.

    BYOD is why I have to publish a list of supported web browsers for the web application I work on. The list literally contains all the major we browsers, on all the major platforms. But to protect against people complaining that their 10 year old Blackberry running BB6, or Windows XP running IE 6 (Company systems are running Windows 7 with IE 10) can't access the application I need to keep a list of supported web browsers.

    I'm not sure who thought this was a good idea, it's a huge waste of company resources and it costs the employees too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon