Our institution has instituted a new policy that we are only allowed to use Microsoft apps for work, and we cannot cut-and-paste into or out of them on the iPad or iPhone. Given I have nearly everything in either Obsidian, Things, or other incredible apps on my iPad, I feel pretty hamstrung. Now my iPad sits lonely in the corner. The MacBook is getting more attention, though I just like using the iPad.
They havenât touched the Mac yet and hopefully donât.
Is that your personal iPad or Corporate iPad. Also I would be surprised if they actually allowed corporate data to live in Obsidian or any other Cloud service not owned by them.
Itâs mine. They donât buy me iPads or laptops. I work in academics and the line is a bit blurry. itâs not corporate data. I get what youâre saying, though.
Yeah this is the kind of stuff I wouldnât risk my reputation because of a data breach from a service I used. I feel they made you favor blocking you using them. Again I understand it blurry which is worse.
Yuuuup. So it takes me longer to make a commitment to my work because I usually have to grab a separate device to check my personal calendars. They donât care.
Uh, nope. All it takes is customer information in your daily work and youâre going to be locked down. Itâs a fact of life these days, though I do think many companies (my employer included) take it too far.
We would be sacked if we did, or at least formally cautioned.
THAT is something you should insist is addressed. Also, unless you are a contractor, you should be provided with the tools to do your job, not be expected to BYO. That may mean using a crappy Dell with Windows 10 on it, but that comes with the territory.
The first sentence is true in principle. The line is crossed in practice when middle management is given significant if not full authority to define the job and thereby specify the tool, dismissing or not even soliciting input from those who have to do the job. Labelling the end result as something that comes with the territory is neither an effective nor a respectful answer in such a situation.
Is the new policy that you cannot at all, ever use any macOS apps equivalent to the Microsoft apps (e.g Pages, Numbers âŚ)? Or is it that you cannot transport work-related information between apps using non-sanctioned cloud or internet methods?
What is the response from your IT department when you send them a document in MS Word format that you created using Pages on your mac?
Being also in academia, I can appreciate the desire if not the need to shut off certain methods to share information, especially when sharing could in some cases release information that should not be released. I would be hard pressed to be restricted to the âone tool set to rule them allâ mentality.
A bit sad, isnât it. HTTP and the web was originally created for open sharing of knowledge and academic papers. Now we find ourselves in an era of zero-trust needing to lock down systems to crippling levels.
Depending on configuration, you might have access to wikis in Teams. The one âback-doorâ still available to me is the OneDrive iOS app. At least in our policy, it allows upload from âMy iPadâ and whatever files I have in iCloud. Nothing moves in the opposite direction though.
The day is coming. As cyber security insurance becomes a bigger issue in academia, things will become more locked down. As an example, Iâm following an Educause thread about removing local admin privileges on faculty machines.
I work in academics too, but as the head of information security, so Iâm the enemy here What does or doesnât count as institutional data (data owned by, or under the custodianship of) the organization is sometimes difficult to tease out. But, something as commonplace as email most definitely falls under the category of âcorporate informationâ in at least two important ways:
Email does contain private (and possibly sensitive) information about people who are not the owner of the device. In the event of a breach (even a lost device), our provincial privacy laws require us to notify everyone whoâs private information may have been in the scope of the breach. In the case of a large inbox, thatâs a pretty big deal.
We are required to retain for a period of one year, any records of the institution that may have an effect on someoneâs employment. Emails about an employee that may have contributed to some aspect of their employment (even complaints of poor service) fall into this category.
Academia is a wonderfully weird space to work in: The sharing of knowledge is fundamental to what universities do, but the administrative side is a business just like any other, and subject to (or at least should be subject to) the same concerns and constraints as any other business.
Even on the academic side, though, sharing of information is only âopenâ under certain conditions. Even most idealistic professor doesnât want to see years of research data stolen or destroyed prior to publication, though theyâll often argue very âenthusiasticallyâ against any measure taken to prevent that. Also, a lot of prepublication data is very, very sensitive, and absolutely cannot ever be shared openly. Our very connected world has made the stealing or destruction of research data into a lucrative business for criminals and a strategic objective of nation states.
This is a rather long winded way of saying that academic infosec teams are facing an immense amount of pressure to preserve the âopenâ nature of academia while securing it from external and internal threats. We have traditionally played very far not the âopenâ side of the field, but in a brave new world of ransomware, espionage, and a public thatâs increasingly concerned about how their private information is being handled, things are necessarily becoming more restrictive. Sometimes we go too far and have to reevaluate, but sometimes we donât go far enough and find ourselves involuntarily seeking new employment
I would be very happy to blanket-allow faculty to have local admin on their machines, if they could be held accountable for any loss or breach of information, or breach of licensing resulting from it. We deal with this by denying by default, permitting when a good case can be made, and rescinding when it leads to problems. It often leads to problems.
(I also have no problem with it, if the computer will hold no information for which the university can be held accountable for itâs loss, damage, or misuse and the machine is placed into a BYOD network. Weâre finding this to be a reasonable compromise while we work out how all of this is going to look in the future)
They made it sound like BYOD was a benefit they were conferring upon us. To be honest, compared to using âa crappy Dell with Windows 10,â it kinda is.
I cannot transport information between MS (work-controlled) apps and non-MS apps.
To be honest, I have no problem following those rules, but if I canât cut-and-paste into documents (or use my text expansion snippets), it makes work more challenging. Thereâs a lot of unnecessary retyping of things.
I donât think of you (or our IS team) as the enemy. They are trying to do what is right. There is a middle ground between locked-down security and free-for-all independence that allows us to get our work done in a secure manner. I think we havenât hit that yet. In the meantime, I canât use any of the great mind mapping software, image programs, and other productivity apps that I bought for the iPad (that I also bought).
I learned today that our university is going down this path. The response from our department chair to our IT was that he certainly expected them at that point forward to be on immediate call to service in person any issues with software on our faculty computers.
What constitutes non-MS apps? Apple apps? Is this policy at its core saying that you can only use WindowsOS or, if you are on macOS, that you cannot use anything but MS Office Suite apps? No Adobe Acrobat Pro for example?
How is this policed? Does a flashing red dialog box pop up when you try to do what you are not allowed? Is the Windows system locked down in such a way that cut+paste only works between MS-apps? Does someone come by every day, run a log-book check on your computer, and snap your fingers with a stiff ruler when they find a violation?
I cannot wrap my head around what this general statement really means in practice, let alone how someone would be able to stop it, let alone how someone would envision punishments for violations.
By example, I get a data set formatted as an Excel spreadsheet. I will analyze it in my non-MS commercial software package. The easiest approach is to copy the data from the spread sheet and paste it into the analysis software table. You mean to tell me that you are not allowed to do this?
(apologies otherwise for taking the thread in a non-MPU direction ⌠I am simply too astounded on this news to let it go)
I canât speak to what they do on the Windows side, but for Mac users my college has settled on what I think is a reasonable balance.
They started using Jamf a few years ago. In my experience that mostly means that they can remotely push an update or wipe the machine if needed, and OS updates are locked down. So I wonât be putting the Ventura beta on the work machine. OS updates donât even show as available until ITâs ready to let us install them.
Beyond that, I retain admin access to the computer, and can install software as I wish.
For now, this only applies to mobile devices including tablets. I was predominantly using iPadOS, so all my workflows got shutdown.
MS Apps = Teams, Office, Edge, and a bunch of other stuff that comes with the Office365 suite of apps. When I try to open Outlook via the web interface in Safari I get a warning saying itâs not possible. If I try to copy text from TextEdit into Word⌠nothing will paste. If I paste from Word to TextEdit, instead the test âYour organizationâs data cannot be pasted here.â
I think they have the ability to whitelist non-MS apps, but I havenât explored to see if Adobe works (since I donât use/have it).
There are no punishments. I just canât do it. If I had data in Excel I wanted to copy elsewhere, Iâd get nothing out of the paste. I use the RegEx and text edit powers in BBEdit on huge files⌠now I canât.
I suspect this will just push people to use backdoors (Slack instead of Teams and email, Google Docs instead of Office, etc).
I hope they donât do that to my Mac. I paid for this. If I want to put Ventura on it, shouldnât that be my decision?
Anyway, this went off in a direction. Iâm not trying to bad mouth anyone. Iâm just frustrated that my favorite and most productive device has been rendered useless. After having spent a bunch of money on an iPad Pro + keyboard case.
What does or doesnât count as institutional data (data owned by, or under the custodianship of) the organization is sometimes difficult to tease out. But, something as commonplace as email most definitely falls under the category of âcorporate informationâ in at least two important ways: