hi, does anyone have a policy around BYOD mobile devices and blacklist apps? if so, how well do your users respond to it.? Our challenge is that we have a number of apps we'd like to blacklist, and concerned they will revolt

Device ManagementData Protection & Encryption
478 views2 Upvotes5 Comments
Sort By:
Oldest
Senior Information Security Manager in Software4 years ago
Will they really revolt? Or just complain?

 

If they are corporate issued devices, you own them and dictate how they can be used.

 

If it is their devices, they can only access data and/or apps since you allow it.

 

Ultimately, it comes down to educating them about the risks, and management understanding how they are going to deal with these risks.

 

In regulated industries (finance, banking, healthcare, government, etc.) they understand that there are limits with BYOD.
1
Senior Enterprise Architect, Application Consulting in Healthcare and Biotech4 years ago
Yes, we require that BYOD users install our endpoint security software.  Since these devices access company and customer confidential data, my company reserves the right to inspect these devices, and remotely brick the device if the device is lost or compromised.  Other requirements are that the devices cannot be rooted or jailbroken, and that OS/security patches are kept current.  I am not aware if we blacklist apps, but there is a prohibition against using the devices for socially unacceptable (my words, not the company's) purposes.   So it's possible that some apps are blocked.  I'm not aware of anyone complaining.
CEO in Services (non-Government)4 years ago
Yes we allow BYOD. Employees can use BYOD with MFA and use only Authenticator enabled applications. No VPN access to corporate is allowed. We have a separate guest wifi for outsiders and BYOD devices. Some applications are not BYOD enabled and those cannot be used from a BYOD.

As a CTO - I am one person who does not have a corporate device. I work only on my BYOD. Eat your own dog food.
1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
@dchou1107 in Education4 years ago

👍 that’s the way to do it.

Senior Director, Defense Programs in Software4 years ago
There’s a lot going on here. Without knowing the industry or how the company is segmenting & protecting data, hard to say how users would react.

But generally if the company needs to control a device they need to do their job, a corporate device should be an option if they don’t agree to the controls.

If there is low enough risk to use their own without those controls, I prefer *not* to know what they have on their own device to blocklist, as I don’t need the company to know who has Tinder, Grinder, OnlyFans, or any other number of apps, and don’t want to see their messages. Context - too many conversations & internal affairs meetings for me to care about.

Assuming the need for control is this high on a mobile device, is the same done if they log into Office 365 in a web browser, or are users just going to think this is silly and not understand why these two devices are treated differently?

Content you might like

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.7k views13 Upvotes49 Comments

In the age of cloud computing and remote working, is the traditional firewall dead?

CloudEnd-User Services & CollaborationEngineering+10 more

The firewall is dead46%

Long live the firewall53%

4.5k views2 Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies? If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Applications & PlatformsSecurityData Protection & Encryption+8 more
Director of IT in Education2 months ago
We do a combination of both.
931 views1 Comment

How do you implement cryptography for top secret information exchange foreseeing a post quantum scenario soon and what types of algorithms do you use? What about network security, are VPN keys are more secure?

Security & GRCNetworkData Protection & Encryption+6 more
CISO in Softwarea year ago
I think we need to be patient and wait for approved NIST algorithms and not rush ahead.
1
Read More Comments
4.2k views1 Upvote5 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes