Smartphone security gets better: Blanket bans no longer inevitable Built-in mobile device security is better than that of PCs, but still insufficient, according to Symantec. A new whitepaper from the net security giant, entitled A Window into Mobile Device Security: Examining the security approaches employed in Apple's iOS and Google's Android, looks at the security strategies behind Apple's …
Like the "Will find a way to get around blanket bans"
Users might struggle to get their iPads on the network without any Wifi though!
Or perhaps the term in their contract relating to the "unauthorised connection of devices" might be enough to convince them when the first person gets fired?
FFS user's seem to be developing the belief that they have the right to connect anything to the work network, install whatever they want on whichever unfortunate device they are using at the moment, have access to social networking and generally piss about on someone elses network.
Time for a BOFH crackdown!
...and got fed up dicking about with the wannabe network nazis here.
Still, I'll suggest that you try facilitating the needs of your users, rather than lording it over your feifdom. There are ways to allow iWotsits and Droidthings onto networks securely. Plenty of places manage it. Would you rather people be using their own 3G connection to natter on Facebonk all day, or would you like to let them onto a "dirty" LAN where you can audit what they are doing during the hours that, presumably, they are being paid to work?
Unfortunately a "BOFH Crackdown" only works in the Odds N' Sods section of El Reg. In real life it's more likely to gain you the utter disrespect of your colleagues and peers, which could be a far more potent security risk than any number of fondle toys. It's alright bleating on about terms of contracts and laws and lawsuits, but that doesn't help when your servers have melted into a puddle because of a disgruntled ex-employee who was subject to your little jack-booted tirade.
Where I work, absolute security is a vital component of what we do. We _do not_ permit personal devices to be connected to the network, hell some buildings don't even allow you to take your mobile phone in with you.
The systems will only accept _authorised_ USB media, and will report on anyone who plugs an unauthorised device in. At which point it is confiscated and quite possibly destroyed.
The needs of users is adequately catered for in terms of business requirements. If they need something extra, the process of requesting it is very simple but does require that they actually provide a justification.
There's also no 3G reception on site, so we don't need to worry about that! Obviously we don't run Wifi either
Granted it's a very different environment to the one you work in, but some places actually require _robust_ security on their networks. When you're handling information of a very very sensitive nature there's absolutely no justification for letting users use their own kit.
Previous experience in other roles also suggests that users are quite happy to install "Free Gamez" on their own, but expect IT to pick up the pieces when it turns out to be full of malware. Your other posts suggest you're not one of these, but believe me when I say you're in the minority.
Hell homeworkers here are even provided with a locked down laptop that routes _all_ comms over a VPN, no VPN access means the laptops a shiny brick. That's just the employees that do a job that's of lower sensitivity. Anything more sensitive and homeworkings not an option.
So jack booted network nazi? Possibly, but it's a requirement of this particular job.
FWIW the BOFH Crackdown comment was a joke, it'd not be particularly productive to run around with a cattleprod!
Eh, if you're working for MI5 or the Census, fine. However, there are a lot of workplaces that don't deal in national security or large amounts of money. In this case surely a "let them eat cake (within reason, segregated from the sensitive stuff)" approach is likely to result in a happier and more productive workforce than one kept very thoroughly under the thumb?
Like the article alludes to, these days people WILL bring Internet-connected devices in. They are too ubiquitous to ignore. Unless you're in a highly secure environment that doesn't allow phones into the building in the first place (and I was a keyer at the 2001 census so I know what you're talking about), people will have their various fondle-toys and toyphones with them. A blanket Thou Shall Not does seem a little like Canute's advisors, under the circumstances.
So you don't have a typical workplace, which is fine. However last time this subject came up, the comment threads did rather get hijacked by people who seemed like they'd been given a little bit of power and were stroking their moustache (or cat if you like), sat on their throne in the server room, while throwing the sack at any attempt to use an iPhone. Network Nazis, basically.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
