Some companies used to require phones without cameras. Is that still a thing anywhere?
1 Like
I’m afraid the “Cyber Security” argument here just doesn’t stack up. I work in this area and have done for most of my working life, each time decisions like this are forced without consultation or at least notification, users will find other ways around the issue, so they can access the information they need, in the way they need.
Turning off iCloud Drive where mixed use is allowed (most corporate policies allow for limited personal user of assigned laptops). The result is that people will move to other services that haven’t been locked down, use other software/tools that aren’t agreed and the problem space increases rather than decreases. It turns into a corporate Whac-A-Mole where everyone becomes more and more frustrated (users and admins), eventually resulting in a strict whitelist of applications and web services, where the advantages of using MacOS are eroded each day.
Two core questions that I’m always left with:
a) Can users really be trusted to not put corporate data on non approved systems / services?
(In the last 25 years, I’m afraid that I haven’t seen any hope on this question)
b) Can Data Loss Prevention help, where corporate data that is marked with the right “classification” is prevented from going to certain places
(since DLP has been a thing, only a few highly regulated industries have managed to control data with classification, so no matter if the tech works, the humans rarely do)
Key thing is the decision to disable iCloud Drive actually makes little difference to a businesses cyber security risk, because users will find a different way.
You and I will. But to the average Joe and Jane it’s a clear signal that putting documents in a store outside the organization is not possible/allowed.
Also, if they open up these services and there and data leak happens, they’re too blame. Or at least they get the fine and the negative publlicity. The user will ’ only’ lose his/her job probably.
1 Like
That must have been a pretty small company. Have to come across any “IT Director” in a company of substantial size that even cares about the actual hardware. Let alone have access to it (or want access to it for that matter). Fot that they have sysadmins.
1 Like
Nah, we probably can’t be trusted to comply 100%. However, I come across so many documents labeled “Confidential” that absolutely should have been “Internal”. As we keep struggling to adapt to agile and collaboration across teams, a misguided sense of secrecy really hinders the organisation more than it helps.
Also - I’m more often trying to get data INTO the corporate network than out. I’m producing graphics, illustrations and animations on my personal machine that I use in presentations to add some visual interest. Still presented via PowerPoint but hopefully with enough differentiation from the dead boring standard templates to keep my audience awake.
(And no, I don’t include any sensitive or confidential data in these graphics.)
1 Like
Meh.
I worked in IT for a large Research I university. My Director had access to anything he wanted in our division. He usually didn’t use it (which was fortunate for our users) but he had access.
This is not good IT policy (which should be designed around minimizing access without curtailing efficiency, effectiveness or security), but he insisted on total access and Sys Admin permissions.
2 Likes
Even without exercising that access, this was a massive risk as any form of virus or malware could use their access to spread.
Even those with Sys Admin access should not run as Sys Admin when accessing email or the web (or other duties) they should temporarily escalate their privileges for specific tasks using a separate set of credentials then revert to standard creds.
2 Likes
I guess I’m just going to have to buy and use my own laptop.
2 Likes
In general, I really recommend not trying on work devices for your personal life. Among other things, if they decide that they’re shutting a device down, you have little recourse – and suddenly, no data.
2 Likes
Seriously, I always do this. I don’t even check personal email on a work device. Not worth the potential issues, hazards or genuine possible disasters.
2 Likes
[quote=“SteveMac, post:44, topic:29969, full:true”]
…a) Can users really be trusted to not put corporate data on non approved systems / services?
(In the last 25 years, I’m afraid that I haven’t seen any hope on this question)…[/quote]
No. And the creativity to create a security/pricacy nightmare, with the best intentions to “get something done”, is amazing.
The last one: a partner needed a name list. An assistant pulled data from the HR system and emailed (unencrypted) a list with not only names but also: SSN, bank data, full personal address, etc.
We have a folder structure in the company. And rights can be assigned individually. And, of course, there’s a folder everybody can see. To avoid the “hassle” of setting up a folder with limited rights (a 3sec task), the “everybody”-folder was full of…everything. No bad intentions at all…but a nightmare that took a while to eliminate.
1 Like