Announcement

Collapse
No announcement yet.

Byod

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Byod

    Hi
    i was wondering if there's a room here that talks a little bit about BYOD and all?
    mdm? virtualisation and costumarisation of IT.
    I've been "Caught" and i'm intrigued so i'd like to read from other it people how they manage the whole thing.

    thank you

    Rob

  • #2
    Re: Byod

    I'll move this to the coffee lounge for a better response, but I would be interested in hearing your story and how you were caught in more detail...

    Personally, I'm fine with it as long as the BYOs meet my (fairly exacting) requirements, chief among them the ability to join them to a domain and take full control (now where's that :evillaugh: smilie when you need it )
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Byod

      Save us from the latest internet fads. We've had iPhones and every admin in the country having to configure IMAP so the damned things would work with Exchange, tablets, cloud computing and now BYOD is upon us.

      I'm with Ossian: if they won't let me join it to a domain and manage it properly it doesn't get on the network. Where possible I use Guest wireless networks that are outside the corporate LAN, and use 802.1x authentication where possible so that unauthorised devices cannot connect to the internal wireless networks. My gripe with BYOD is that you never know what the user or their family gets up to on it at home.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: Byod

        Our CFO has been asking me about it.

        Personally the only way i would allow personal devices on the LAN is if we had something like Citrix, VMware View, etc, etc where the users actuall connected to our systems.

        Of course there would need to be stipulations like AV and Windows Updates etc that would need to be there before they would get on the LAN so NAP would be a must.

        My biggest thing about it though is that most of the decision making about it is actual policy rather than the implementation of it. Most of the things that need to be decided are for upper level management rather than the IT team who would need to implement it.

        Comment


        • #5
          Re: Byod

          We use Good for Enterprise which allows a sandboxed email and intranet browser. They are also starting to sandbox specific apps as well to allow a personal device to have access to completely separate business data. There are also controls available to require PIN, block root etc.
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Byod

            I worked at a company a while back where users could bring their own laptops, but they needed to meet minimum software requirements (Office Pro, XP Pro) and min HW requirements, not to mention sign some paperwork that basically said it falls under all of our rules and we could do whatever we wanted to it. If they were new laptops we'd just add them to the domain and lock them down tight and throw our AV on them (and de-junk the OEM crap from it). If they weren't new we'd inspect them first (AV / spyware scans, etc). If anything even smelled hinky we'd format it, and they already approved it in the paperwork.


            Not all users got back in contact with us to remove it from the domain when they left the company. Since they were set to 50 cached logons, and they'd regularly hibernate instead of log out, we would get calls from users who hadn't been with the company in 2 years, and they finally got locked out ... When they started calling years after the company went under, they weren't too happy to learn that they'd have to pay to have us work on it... "But you set it up in the first place ?!?!" "Yeah, and we were paid to do it back then as well, it's called a SALARY."


            Others would remove it from the domain themselves, and then get pissed when they realized that they couldn't log back in anymore (and didn't know the admin password either).


            In terms of laptops that were purchased per our requirements but were owned by the end user, we'd have them get Dells with the hardware encryption built in (like most of our laptops already had). Basically, there's a low level password. Get it wrong, it waits 1 second before it allows them to log back in. Get it wrong again, the wait doubles. Again. And again. And again. Longest we saw was a couple of week wait, eheh. There was a master password we could have their manager put in to unlock it, but no one ever called before they tried at least 20 times, so usually the only thing we could tell them to do was to call back in a week or so lol!
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Byod

              Well, why not turing it around instead of wanting to manage every single device?

              One option can be that your office LAN is treatend as untrusted network, VLAN, whatever. Every device is responsible for its own security, patching etc.

              Based on their device type, OS etc you could move them to a trusted VLAN where people can freely "browse" your DC. If it's untrusted just allow them to connect using VDI/XenApp to the DC, whereas the connection should be encrypted.
              The DC is your trusted network, so that should be managed.

              One of the devices, part of a complete solution can be Cisco ISE.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Byod

                We've had staff using their own devices for a couple of years. However, these only comprise 1 or 2 laptops. I don't join them to the domain, but I do check them for appropriate security software and office apps etc. They connect to the network then supply their credentials when accessing a server.

                They are instructed to ensure that all work data on their machines is copied back to the server when they finish each day.

                Staff can connect their 'phones to the wireless network and use the Internet, but again, they still need to supply their credentials if they access a server.

                I'm still waiting for our BYOD policy to be OK'd (submitted about 2 months ago).
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Re: Byod

                  That is interesting. iPhones and Droids seem to be allowed to connect to my college's wireless network just fine, though Exchange is hosted via [email protected], so the IT folks don't have as much to worry about I guess.

                  Comment


                  • #10
                    Re: Byod

                    Originally posted by RobbieIT View Post
                    Hi
                    i was wondering if there's a room here that talks a little bit about BYOD and all?
                    mdm? virtualisation and costumarisation of IT.
                    I've been "Caught" and i'm intrigued so i'd like to read from other it people how they manage the whole thing.

                    thank you

                    Rob
                    To be brutally honest in the Enterprise iv not seen a huge amount of momentum. Bar the CTO/CIO that has a penchant for the latest IT trend, its an oft repeated phrase but iv yet to see any 'real' world examples of a sound BYOD/BYOT policy and large scale implementation.

                    BYOD is fraught with many obstacles. Primarily security and ensuring the integrity of your data. Realistically the only thing you should care about is who has access to what, when and by what means. Whether the device is owned by the consumer/employee or the company is largely academic.
                    The greater challenge is the myriad of devices, revisions, and platforms you would potentially have to provide some means of arms length support to. Support of course requires time, money and investment. For the sake of employees using their own devices on your corporate network i think its simply a naive and shallow trend that has been given little actual thought.
                    Bar your VIP users, senior managers execs etc BYOD shouldn't really be entertained. As if you can't control the device then it shouldn't be on your network. And if its allowed o your coporate network then it should be supplied via IT in line with your common standards and baselines. As 'supporting' a number of platforms is impractical.
                    In addition you naturally of course require the accompanying tool set and technology's to support such a policy which many organisations don't readily have available as BYOD technology's aren't exactly a turn key or modular type solution.

                    Ultimately any organisation that decides to implement BYOD requires a high level of organisational maturity, policy and compliance with strict adherence to said policy, and built in automated mechanisms to ensure compliance. BYOD makes that task more onerous.

                    Comment

                    Working...
                    X