|
The DOE banner states that nothing on the computer is yours and you have no right to privacy; therefore, once a BYOD is used for DOE projects there's no way it goes back to the user, unless the proper MDM product is used that creates and stores all DOE data
in a separate encrypted compartment, which can easily be wiped. (Wow, that's a long sentence.)
The answer to all your questions depends on what the federal organization wants to do because I believe the capability to do all of what you ask for (except auditing but there might be something that does that) is currently available.
You also bring up all the problems I see with BYOD and they are the same problems I see with government-owned mobile devices, which we all have to deal with.
On Sep 13, 2012, at 11:01 AM, Todd Heberlein < email@hidden> wrote:
On Sep 13, 2012, at 10:38 AM, "Villano, Paul Mr CIV USA TRADOC" <email@hidden> wrote:
To get this back on topic the reason this is important is that it's a consideration with BYOD on the horizon.
I see BYOD as a huge sea change.
They are portable, so they are regularly outside the protection of an organization's network protection infrastructure. The devices are user-managed, so professional staff are no longer maintaining them. Analysis of activity inside the devices is darn difficult,
especially with iOS devices (woe is me with audit trail analysis). Data is constantly being stored or at least cached on them, so what happens when the employee quits or is fired? Does the organization have the right to make sure no proprietary data is left
on the person's personal device? What policies does the organization have when their employee travels to foreign countries with their devices (think China)?
Given the fact that almost all of them have both cellular and WiFi connections, they can all serve as routers into your organization. How many routes are there into your organization's network? Count the number of mobile devices connected via WiFi.
Just scary, scary, scary. And inevitable.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden
|