Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersBring Your Own Devices : working with them
1101

3122 posts

Uber Geek


#205131 31-Oct-2016 10:34
Send private message

Hi There
Just wondering, how does everyone deal with firms who allow/want 'bring your own devices"

 

Staffers personal laptop: often wont have Outlook, just MS Office Home (if that). thats 1 issue:
So need buy/install outlook : buy just Outlook, or latest Office

 

AV : next issue : what if they have paid for a useless AV that needs to be replaced
home PC/laptop : real security issues as the whole family will be using it, incl kids/dads on Porn/piracy sites . Can you insist
on the same internet usage rules as work PC's ?

Issues with home OneDrive being mixed up with Work one drive a/c's ?

 

Personal ph's used for work email. Do you tell the user that Work may have the option for remote wipe of their personal ph ?
Insist on some sort of ph passkey be setup ?

 

Any good strategies ?
Is it just a best effort that is 100% dependent on the companies/staffer attitude to all this .

 

 

Create new topic
Dynamic
3867 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1661290 31-Oct-2016 10:58
Send private message

Larger corporates can dedicate resources to making BYOD work well and kinds securely.  SMBs doing it place themselves at risk IMHO.

 

We discourage BYOD for SMB business use, advising there is little to prevent a staff member copying data to elsewhere on the laptop and you have no real right of audit on the personally owned device to check it when they 'exit the company'.

 

For the rare client that wants to stay with BYOD (we actually have none who do it as policy, but there is a rare personal laptop on business networks), I advocate taking a firm line on this.

 

  • Company supplied antivirus (absolutely non-negotiable - I would walk away rather than waver on this)
  • Company has remote access to the laptop for support/troubleshooting ( again non-neg)
  • Multiple OneDrives sounds like a headache - dump the personal one if they don't use it.
  • Separate profile for work stuff if you can.
  • PIN number on mobile phone after idle for a couple of minutes.
  • Remote wipe capability on phone (dress this up as being able to wipe phone if lost/stolen)

If the company requires Outlook then the company will need to supply it.  I suggest Office 365 Business plan so the company can revoke the license.

 

If you consider the risk is too great, you have the option of walking away.  To limit the backlash if it turns to custard, you can advise the risks and your concerns on your own letterhead, email a cop, and courier a copy, keeping a printout with a copy of the courier tracking number on file.  This has sometimes resulted in the client seeing we are serious and coming around to our way of thinking.

 

Good luck!




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.



cisconz
cisconz
1341 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1661299 31-Oct-2016 11:11
Send private message

Remote Wipe (On MS anyway) only wipes the synced data, not the whole phone.




Hmmmm

tatbaird
142 posts

Master Geek


  #1661303 31-Oct-2016 11:18
Send private message

 

 

Is there any sort of a domain there? If so you can have the user log in while at work with their domain account and enforce whatever you want. You don't care what they are doing at home, but there will still have to be some pretty good AV compliance when bringing their malware ridden laptop to work. In terms of blocking porn/torrent sites etc, that can be handled by an edge device on the corporate network. Again, you don't care what they do at home, so control the traffic getting into your network only.

 

I don't believe that the end user has any say in security policies if they bring their device and connect it to a corporate network. You have to set the policy and anyone that wants to use their own gear will have to follow that. Anyway, they just want it to work and have good access to their stuff.

 

The Office 365 suggestion is a good one. There are various MDM management tools around for phones.



mrdrifter
576 posts

Ultimate Geek

ID Verified
Trusted

  #1661307 31-Oct-2016 11:25
Send private message

As others have mentioned above, a set of good policies is mandatory to ensure people know what restrictions/limits are in place.

 

I would recommend O365 for productivity applications and you also have the ability to extend this with Conditional Access and Application Management, this can allow controls such as only allowing users to copy/paste/save work related information into managed applications/locations.

 

These services used to require dedicated hardware and management on premises, but many features can now be delivered from public cloud services such as Microsoft Office 365 and Azure. 

cisconz
cisconz
1341 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1661314 31-Oct-2016 11:39
Send private message

tatbaird:

 

 

 

Is there any sort of a domain there? If so you can have the user log in while at work with their domain account and enforce whatever you want.

 

 

Unless they have Windows Home not Pro and are therefore unable to connect to the domain.




Hmmmm

tatbaird
142 posts

Master Geek


  #1661319 31-Oct-2016 11:41
Send private message

Yep good point. It would have to be a requirement though. If you can't join it to the domain, you can't use it.

1101

3122 posts

Uber Geek


  #1661378 31-Oct-2016 13:09
Send private message

tatbaird:

 

Yep good point. It would have to be a requirement though. If you can't join it to the domain, you can't use it.

 

 

There are ways around even that though. Some companies still buy WinHome PC's for their domain network : its do-able .

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1661391 31-Oct-2016 13:33
Send private message

For a smaller business, assuming they have most of their stuff in the cloud now, Azure AD Join is something to look at for just this scenario.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

MadEngineer
4271 posts

Uber Geek

Trusted

  #1661442 31-Oct-2016 14:51
Send private message

cisconz:

Remote Wipe (On MS anyway) only wipes the synced data, not the whole phone.

I've done this for android, iPhone and Nokia from exchange - they all factory reset the devices.

With regards to BYOD I advise against it. Better to supply the hardware. If someone requires a laptop go and buy them a proper device that you can dictate control over.




You're not on Atlantis anymore, Duncan Idaho.

cisconz
cisconz
1341 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1661453 31-Oct-2016 15:08
Send private message

We must have good policies then - never had it wipe the whole phone for me




Hmmmm

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright