back to article Everything your users ever need to know about BYOD

Back in the old days providing your employees with corporate computer equipment was an expensive business. When I was 19 I was the university holidays PC guy in an office full of RPG III developers; the fact that they thought their System/38 with its 5250 terminals was a pretty neat piece of kit was the only reason they didn't …

  1. Cliff

    A banking app that requires a 5-digit passcode?

    Name and shame right now. That should be criminal.

    1. Anonymous Coward
      Anonymous Coward

      Re: A banking app that requires a 5-digit passcode?

      Santander.

      1. Cliff

        Re: A banking app that requires a 5-digit passcode?

        Bloody hell. That's insane.

      2. Anonymous Coward
        Anonymous Coward

        Re: A banking app that requires a 5-digit passcode?

        Barclays

    2. Adrian Harvey

      Re: A banking app that requires a 5-digit passcode?

      Can't say for sure what bank they're referring to here, but my bank would match this, however they have a device enrolment process so that only your enrolled device can get in with that pin. ie: the passcode is one half of a 2-factor authentication scheme (the other half being, obviously, possession of the phone) This is as secure as my debit card, so seems pretty reasonable to me. In fact, I'd probably notice my phone missing sooner than I'd notice my debit card left behind in a shop...

  2. Steve Davies 3 Silver badge

    WiFi connection for BYOD devices

    A number of places I've worked at even the guest WiFi devices (including Phones) had to have their MAC Address registered. One place even required that guest devices were security scanned before and after use.

    Then there is the fallacy about 'you leave and nothing goes with you when your access is disabled'.

    Doh!

    Do you insist on all BYOD devices have all possible removable or network storage disabled?

    Even places that block all the USB ports on desktop devices are not secure. got a phone with a camera? Take a picture of the screen, sms it to your phone at home and delete everything.

  3. fnusnu

    You were doing so well right up to this point: "on which of course you can enforce frequent password changes."

    Why would you do that? It only encourages users to write their password down somewhere accessible. Frequent password changes are the idle instructions of lazy auditors and are not based on any sort of sound evidence.

    If you can't detect compromised accounts then you have already failed.

  4. Lusty

    Really?

    This is the opposite of why BYOD catches on. People don't want your shitty windows desktop on their iPad, they want an iPad experience with a rewritten corporate app (OWA, Salesforce etc.) which either is an app or is a web interface. If you're thinking terminal services, VDI or the like then trust me when I say your users already hate you and it's the reason they will begin to create THEIR content outside of your network. Information workers are the ones creating the data, and if you make it hard for them to do so they will just cut you out of the loop, just like the CEO will when he goes for a full cloud strategy...

    1. Maventi

      Re: Really?

      Couldn't agree more. Using remote Windows on a tablet is a really crappy experience and quite frankly is completely missing the point. It's often even crippled by Windows standards; things like visual effects are often turned off to conserve resources on the hosting servers so you end up with a cluttered interface that looks like it's straight from the 1990s. Sadly this only widens the gap between the corporate and consumer experience.

    2. Mark 65

      Re: Really?

      I'd argue that if you're considering VDI as in the article then BYOD is utterly pointless. The expense you've just gone to with server hardware means that the screen and WYSE unit you could have on the desktop is an insignificant cost compared to the hassle of someone connecting their porn filled malware riddled laptop to your network. Obviously an exaggeration but why would you ever want to deal with this eventuality, it makes no sense? Please don't try and offload your hardware costs onto me.

  5. chainman

    Really excellent summary

    Covered the bases with just enough to give the nitties something to nit on.

  6. Frank N. Stein

    I've been supporting corporate end users since 1996 and the only BYOD devices I've ever had to support are Smartphones in an MDM environment, managed by Airwatch, Good, and Mobile Iron. I feel for any tech support rep who has to support BYOD laptops or Tablets.

  7. Ken 16 Silver badge
    Holmes

    VDI is good for Bring Some Other Dude's Device*

    When there's an environment where a lot of business partners and sub contractors are working on site, each with their own corporate standard and secured laptop, VDI gives a nice abstraction layer for shared working. I've concerns about end users bringing home devices onto a network.

    (*aka 'Be SOD'd' - copyright pending)

    1. Lusty

      Re: VDI is good for Bring Some Other Dude's Device*

      " I've concerns about end users bringing home devices onto a network."

      These concerns are down to your security configuration on your network. If you had enabled the Windows firewall on desktops like you were supposed to, and configured Direct Access, and enabled firewalls on your servers, and segregated your endpoint networks from your server networks using firewalls then you probably wouldn't be so worried. The corporate network is where the user is, if not you've either done it wrong or you're tied up in compliance which means you won't have a BYOD policy saying anything more than "no BYOD here pal".

      A good modern network treats the endpoint network like the Internet, only possibly with web filtering to prevent porn in the workplace. If you genuinely are worried I assume you have NAP/NAC enabled to stop people plugging stuff in? And don't have any wireless networks? Ah I remember the 90s well :)

  8. rcp27

    "We will let you know what browsers we support for browser-based packages."

    That would be IE 6 on Windows XP, then.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020