Re: [Fed-Talk] Re BYOD
Re: [Fed-Talk] Re BYOD
- Subject: Re: [Fed-Talk] Re BYOD
- From: "Neely, Lee" <email@hidden>
- Date: Fri, 22 Feb 2013 18:30:00 +0000
- Thread-topic: [Fed-Talk] Re BYOD
Your point about the user experience/expectations are valid.
The case of a data container (or not) is a risk based decision. A few years ago I posted a checklist on the sorts of decisions you need to consider for both corporate and BYOD devices. I am working on an update - not published yet - here is the old version: http://www.sans.org/score/mobile-device-checklist.php
At its core, the topic of container or not has two "decision paths" to traverse:
One is an information/cyber security path where you have to understand the sensitivity of the data (all of it) and all the associated risks/protection/security requirements/etc. With those in mind, your site/agency needs to make your own decision, and you may have a different answer for BYOD and GFE.
For us, enough of our data is F//OUO, which means it is _NOT_ public, and there are penalties for loss of that data. Also, sometimes contact lists contain sensitive or PII data - so if that data is on your BYOD and it gets lost or exposed - what then?
The second "decision path" is an IT choice - call it support/overhead/ease of use-
Something that the users love, but is hard to configure/support - an acceptable solution has to be found - again, this is a risk decision and the site/agency has to own it.
In both cases what works for LLNL & LANL, may be completely wrong for NASA,BPA or DOD/etc.
IMO (Yes Opinion) - I'm fond of a container for BYOD as it can be the hard boundary to protect our corporate data/contacts/etc. And from there I don’t have to care much about the device, nor do I want to fight with the user over forcing a password or encryption, or... (I'm dead set against allowing BYOD or GFE rooted/jailbroken devices, and prefer to not allow buggy/unsupported OS loads - but that's me.)
Lee
Lee Neely, CISSP, CCUV
Lawrence Livermore National Laboratory
Cyber Security Program
7000 East Ave L-315
Livermore, CA, 94551
1 Phone: +1 (925) 422-0140
P Mobile : +1 (925) 321-0087
M email@hidden
-----Original Message-----
From: fed-talk-bounces+neely1=email@hidden [mailto:fed-talk-bounces+neely1=email@hidden] On Behalf Of Ron Colvin
Sent: Friday, February 22, 2013 8:21 AM
To: Marcus, Allan B
Cc: email@hidden
Subject: Re: [Fed-Talk] Re BYOD
While I have no doubt that in many cases something like Good for data segregation is a requirement, I do not see it as a global requirement for Government BYOD. We really need to be looking at the data rather than the device. If the user is a climate scientist working with public data why do I need to segment the data? With appropriate data typing those things that are sensitive can go out encrypted and BYOD devices would not have the private keys to decrypt, but the user could access non-sensitive things.
We have a generation that is used to having a computer in their pocket and making it hard to use by default will lead to both loss of talent and lots of interesting workarounds that defeat controls. I want everyone's iPhone to associate with the Enterprise APs as soon as they are within range and for pull email to work for them. There are ways to do it securely and instead of impacting the user experience a better architecture to meet user expectations would be my first goal.
On 2/21/13 4:33 PM, Marcus, Allan B wrote:
> I was speaking of Government Furnished Equipment (GFE).
>
> For BYOD a solution like Good for iOS and Android seems appropriate.
> The new BB has a business and personal partition built in. Just saw a
> demo yesterday and it looks good. Is it enough to come back? Probably not.
>
>
>
> --
> Thanks,
>
> Allan Marcus
> Chief IT Architect
> Los Alamos National Laboratory
> 505-667-5666
> email@hidden
>
>
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden