Announcement

Collapse
No announcement yet.

Exchange 2010 And Phone security

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 And Phone security

    I have just rolled out Exchange 2010. We have several users that use smart phones that connect to the Companies Exchange server. I put a Sync policy in place the requires a password PIN for each phone to help keep the phones secure.

    By doing this I have ran into a lot of friction from users not wanting this on their personal phones. I understand but this is Company data they have on their phones. Most of us understand how important is it these day's to look cell phones down but the average user doesn’t..

    I try to explain to people why things need to be secure but they don't get it. Now the owner of the company wants me to show reason why these people should be inconvenienced. I explain things to my boss and then he goes to the owner, blah, blah, blah.

    Anyone know of some good doc's or white papers on why this needs to be done? Any type of Microsoft recommendation papers? I have been looking but not finding anything with real meat. I figure if I can give the company owner something good he will be inclined to do this
    Any help with this would be great.

    H

  • #2
    Re: Exchange 2010 And Phone security

    Here's what I know:

    It's not your job to be the technology police. It's you job to implement appropriate controls that meet your company's AUP and security requirements. It's not for you to decide what those are, unless you're part of the team responsible for developing those policies, guidelines and standards.

    If you were not given a mandate to implement this policy then my suggestion would be to reverse it and then make your case as to why it should be implemented. If the powers that be decide that they're OK with it not being implemented then you've done your job by explaining the risks and there isn't anything else you can or should do.

    Comment


    • #3
      Re: Exchange 2010 And Phone security

      Originally posted by joeqwerty View Post
      Here's what I know:

      It's not your job to be the technology police. It's you job to implement appropriate controls that meet your company's AUP and security requirements. It's not for you to decide what those are, unless you're part of the team responsible for developing those policies, guidelines and standards.

      If you were not given a mandate to implement this policy then my suggestion would be to reverse it and then make your case as to why it should be implemented. If the powers that be decide that they're OK with it not being implemented then you've done your job by explaining the risks and there isn't anything else you can or should do.
      That pretty much covers everything I would have to say on it.

      We're going through pretty much the same scenario at the moment and pointed out that these are policy matters that must come from HR/Management and that the IT team then only implement these as per the policy.

      Reverse your changes and advise that the users have company data on the phone and that in the event that it gets stolen/lost then the company could be compromised.

      Comment


      • #4
        Re: Exchange 2010 And Phone security

        Keep in mind that should you use Standard and Enterprise CALs for Exchange, you have additional features available with regards to mobile device security and others. It's all down to the business requirements, whether the features are needed.

        Comment


        • #5
          Re: Exchange 2010 And Phone security

          Thanks for all the input. The company I work for has about 50 employees and about 15 or so use their phones to connect to Company e-mail... It's a shame that these people are employed by a very good company could care less about the security of the company. I've work for many companies and this is bar far the best I have ever had the privilege to work for...

          The funny thing is this. One users who refuse to have a code on their phone,,, locks their office door every night before leaving. That office is inside a main office with a security system LMAO! But wont allow a 4 pin code on their phone...

          Again that’s for the some guidance..

          H

          Comment

          Working...
          X