Re: [Fed-Talk] Re BYOD
Re: [Fed-Talk] Re BYOD
- Subject: Re: [Fed-Talk] Re BYOD
- From: "Marcus, Allan B" <email@hidden>
- Date: Sat, 23 Feb 2013 00:42:14 +0000
- Thread-topic: [Fed-Talk] Re BYOD
That assumes you let your devices on your network. We don't.
--
Thanks,
Allan Marcus
Chief IT Architect
Los Alamos National Laboratory
505-667-5666
email@hidden
On 2/22/13 12:04 PM, "Ron Colvin" <email@hidden> wrote:
>If we stick to IOS and Linux like in-channel update mechanisms are the
>resources required to vet loads worth it? If everything that is
>installed on the device comes from upstream on a device that you are
>willing to trust enough to have it in your users hands I think that may
>be sufficient for some level of generic use in the Enterprise. Depending
>on the Enterprise email system many MDM settings can be implemented
>through ActiveSync for data protection and device protection against
>common events. That same mechanism can be used to monitor and require OS
>updates as well. I would prefer to do checks against unusual traffic and
>services rather than using lots of effort to lock down devices. If the
>personal or Enterprise device configured in such a way that the average
>user has to carry two or more segregation of duties starts getting
>problematic on the devices.
>
>On 2/22/13 1:30 PM, Neely, Lee wrote:
>> IMO (Yes Opinion) - I'm fond of a container for BYOD as it can be the
>>hard boundary to protect our corporate data/contacts/etc. And from there
>>I don¹t have to care much about the device, nor do I want to fight with
>>the user over forcing a password or encryption, or... (I'm dead set
>>against allowing BYOD or GFE rooted/jailbroken devices, and prefer to
>>not allow buggy/unsupported OS loads - but that's me.)
>>
>> Lee
>>
>> Lee Neely, CISSP, CCUV
>>
>> Lawrence Livermore National Laboratory
>> Cyber Security Program
>> 7000 East Ave L-315
>> Livermore, CA, 94551
>>
>>
>> -----Original Message-----
>> From: fed-talk-bounces+neely1=email@hidden
>>[mailto:fed-talk-bounces+neely1=email@hidden] On Behalf Of
>>Ron Colvin
>> Sent: Friday, February 22, 2013 8:21 AM
>> To: Marcus, Allan B
>> Cc: email@hidden
>> Subject: Re: [Fed-Talk] Re BYOD
>>
>> While I have no doubt that in many cases something like Good for data
>>segregation is a requirement, I do not see it as a global requirement
>>for Government BYOD. We really need to be looking at the data rather
>>than the device. If the user is a climate scientist working with public
>>data why do I need to segment the data? With appropriate data typing
>>those things that are sensitive can go out encrypted and BYOD devices
>>would not have the private keys to decrypt, but the user could access
>>non-sensitive things.
>>
>>
>> We have a generation that is used to having a computer in their pocket
>>and making it hard to use by default will lead to both loss of talent
>>and lots of interesting workarounds that defeat controls. I want
>>everyone's iPhone to associate with the Enterprise APs as soon as they
>>are within range and for pull email to work for them. There are ways to
>>do it securely and instead of impacting the user experience a better
>>architecture to meet user expectations would be my first goal.
>>
>> On 2/21/13 4:33 PM, Marcus, Allan B wrote:
>>> I was speaking of Government Furnished Equipment (GFE).
>>>
>>> For BYOD a solution like Good for iOS and Android seems appropriate.
>>> The new BB has a business and personal partition built in. Just saw a
>>> demo yesterday and it looks good. Is it enough to come back? Probably
>>>not.
>>>
>>>
>>>
>>> --
>>> Thanks,
>>>
>>> Allan Marcus
>>> Chief IT Architect
>>> Los Alamos National Laboratory
>>> 505-667-5666
>>> email@hidden
>>>
>>>
>>>
>>>
>>>
>
>
>--
>
>
>********************************************************
>Ron Colvin CISSP, CAP, CEH
>Certified Security Analyst
>NASA - Goddard Space Flight Center
><email@hidden>
>Direct phone 301-286-2451
>NASA Jabber (email@hidden) AIM rcolvin13
>NASA LCS (email@hidden)
>********************************************************
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden