Re: [Fed-Talk] Iphone 5 is a Fizzle with no Sizzle
Re: [Fed-Talk] Iphone 5 is a Fizzle with no Sizzle
- Subject: Re: [Fed-Talk] Iphone 5 is a Fizzle with no Sizzle
- From: "Villano, Paul Mr CIV USA TRADOC" <email@hidden>
- Date: Thu, 13 Sep 2012 14:19:01 -0400
- Priority: normal
If the organization monitors the device and has sticky fingers with it then it's not really BYOD as far as I can tell. Nobody is going to put out hundreds of dollars for a device out of pocket and then have the Army muck around and lock it down and have access to their personal stuff. The only way BYOD is going to ever work is if the Army does what it says it does and trusts the educated user to do the right thing. The DoD will have to trust the user because the user will certainly never trust DoD to that level.
----- Original Message -----
From: "Link, Peter R." <email@hidden>
Date: Thursday, September 13, 2012 14:10
Subject: Re: [Fed-Talk] Iphone 5 is a Fizzle with no Sizzle
To: Todd Heberlein <email@hidden>
Cc: "Villano, Paul Mr CIV USA TRADOC" <email@hidden>, "email@hidden Talk" <email@hidden>
> The DOE banner states that nothing on the computer is yours and
> you have no right to privacy; therefore, once a BYOD is used for
> DOE projects there's no way it goes back to the user, unless the
> proper MDM product is used that creates and stores all DOE data in
> a separate encrypted compartment, which can easily be wiped. (Wow,
> that's a long sentence.)
>
> The answer to all your questions depends on what the federal
> organization wants to do because I believe the capability to do
> all of what you ask for (except auditing but there might be
> something that does that) is currently available.
>
> You also bring up all the problems I see with BYOD and they are
> the same problems I see with government-owned mobile devices,
> which we all have to deal with.
>
>
> On Sep 13, 2012, at 11:01 AM, Todd Heberlein <mailto:email@hidden>> wrote:
>
>
> On Sep 13, 2012, at 10:38 AM, "Villano, Paul Mr CIV USA TRADOC" <mailto:email@hidden>> wrote:
>
> To get this back on topic the reason this is important is that it's a consideration with BYOD on the horizon.
>
> I see BYOD as a huge sea change.
>
> They are portable, so they are regularly outside the protection of an organization's network protection infrastructure. The devices are user-managed, so professional staff are no longer maintaining them. Analysis of activity inside the devices is darn difficult, especially with iOS devices (woe is me with audit trail analysis). Data is constantly being stored or at least cached on them, so what happens when the employee quits or is fired? Does the organization have the right to make sure no proprietary data is left on the person's personal device? What policies does the organization have when their employee travels to foreign countries with their devices (think China)?
>
> Given the fact that almost all of them have both cellular and WiFi connections, they can all serve as routers into your organization. How many routes are there into your organization's network? Count the number of mobile devices connected via WiFi.
>
> Just scary, scary, scary. And inevitable.
>
> Todd
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden<mailto:email@hidden>)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
> Peter Link
> Cyber Security Analyst
> Cyber Security Program
> Lawrence Livermore National Laboratory
> PO Box 808, L-315
> Livermore, CA 94551-0808
> email@hidden<mailto:email@hidden>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden