My work's IS policies have rendered my iPad useless

Our institution has instituted a new policy that we are only allowed to use Microsoft apps for work, and we cannot cut-and-paste into or out of them on the iPad or iPhone. Given I have nearly everything in either Obsidian, Things, or other incredible apps on my iPad, I feel pretty hamstrung. Now my iPad sits lonely in the corner. The MacBook is getting more attention, though I just like using the iPad. :frowning:

They haven’t touched the Mac yet and hopefully don’t.

This is the reverse of what’s discussed here.

Can you get web access via the iPad to any of your data?

They thought of that! I was hoping they would have missed that backdoor.

Now I have my calendars spread across calendar.app (personal) and yucky outlook (work), email same way.

I assume you must be working with state secrets and nuclear codes. Sounds like your security team is working overtime.

1 Like

I basically just email the Kentucky Fried Chicken recipe back and forth to my friend who sends me the Coca-Cola formula.

11 Likes

Is that your personal iPad or Corporate iPad. Also I would be surprised if they actually allowed corporate data to live in Obsidian or any other Cloud service not owned by them.

3 Likes

It’s mine. They don’t buy me iPads or laptops. I work in academics and the line is a bit blurry. it’s not corporate data. I get what you’re saying, though.

Yeah this is the kind of stuff I wouldn’t risk my reputation because of a data breach from a service I used. I feel they made you favor blocking you using them. Again I understand it blurry which is worse.

2 Likes

Yuuuup. So it takes me longer to make a commitment to my work because I usually have to grab a separate device to check my personal calendars. They don’t care.

Uh, nope. All it takes is customer information in your daily work and you’re going to be locked down. It’s a fact of life these days, though I do think many companies (my employer included) take it too far.

We would be sacked if we did, or at least formally cautioned.

THAT is something you should insist is addressed. Also, unless you are a contractor, you should be provided with the tools to do your job, not be expected to BYO. That may mean using a crappy Dell with Windows 10 on it, but that comes with the territory.

Off topic perhaps but …

The first sentence is true in principle. The line is crossed in practice when middle management is given significant if not full authority to define the job and thereby specify the tool, dismissing or not even soliciting input from those who have to do the job. Labelling the end result as something that comes with the territory is neither an effective nor a respectful answer in such a situation.


JJW

3 Likes

Is the new policy that you cannot at all, ever use any macOS apps equivalent to the Microsoft apps (e.g Pages, Numbers …)? Or is it that you cannot transport work-related information between apps using non-sanctioned cloud or internet methods?

What is the response from your IT department when you send them a document in MS Word format that you created using Pages on your mac?

Being also in academia, I can appreciate the desire if not the need to shut off certain methods to share information, especially when sharing could in some cases release information that should not be released. I would be hard pressed to be restricted to the “one tool set to rule them all” mentality.


JJW

A bit sad, isn’t it. HTTP and the web was originally created for open sharing of knowledge and academic papers. Now we find ourselves in an era of zero-trust needing to lock down systems to crippling levels.

Depending on configuration, you might have access to wikis in Teams. The one “back-door” still available to me is the OneDrive iOS app. At least in our policy, it allows upload from “My iPad” and whatever files I have in iCloud. Nothing moves in the opposite direction though.

The day is coming. As cyber security insurance becomes a bigger issue in academia, things will become more locked down. As an example, I’m following an Educause thread about removing local admin privileges on faculty machines.

I work in academics too, but as the head of information security, so I’m the enemy here :wink: What does or doesn’t count as institutional data (data owned by, or under the custodianship of) the organization is sometimes difficult to tease out. But, something as commonplace as email most definitely falls under the category of “corporate information” in at least two important ways:

  1. Email does contain private (and possibly sensitive) information about people who are not the owner of the device. In the event of a breach (even a lost device), our provincial privacy laws require us to notify everyone who’s private information may have been in the scope of the breach. In the case of a large inbox, that’s a pretty big deal.

  2. We are required to retain for a period of one year, any records of the institution that may have an effect on someone’s employment. Emails about an employee that may have contributed to some aspect of their employment (even complaints of poor service) fall into this category.

Academia is a wonderfully weird space to work in: The sharing of knowledge is fundamental to what universities do, but the administrative side is a business just like any other, and subject to (or at least should be subject to) the same concerns and constraints as any other business.

Even on the academic side, though, sharing of information is only “open” under certain conditions. Even most idealistic professor doesn’t want to see years of research data stolen or destroyed prior to publication, though they’ll often argue very “enthusiastically” against any measure taken to prevent that. Also, a lot of prepublication data is very, very sensitive, and absolutely cannot ever be shared openly. Our very connected world has made the stealing or destruction of research data into a lucrative business for criminals and a strategic objective of nation states.

This is a rather long winded way of saying that academic infosec teams are facing an immense amount of pressure to preserve the “open” nature of academia while securing it from external and internal threats. We have traditionally played very far not the “open” side of the field, but in a brave new world of ransomware, espionage, and a public that’s increasingly concerned about how their private information is being handled, things are necessarily becoming more restrictive. Sometimes we go too far and have to reevaluate, but sometimes we don’t go far enough and find ourselves involuntarily seeking new employment :wink:

3 Likes

I would be very happy to blanket-allow faculty to have local admin on their machines, if they could be held accountable for any loss or breach of information, or breach of licensing resulting from it. We deal with this by denying by default, permitting when a good case can be made, and rescinding when it leads to problems. It often leads to problems.

(I also have no problem with it, if the computer will hold no information for which the university can be held accountable for it’s loss, damage, or misuse and the machine is placed into a BYOD network. We’re finding this to be a reasonable compromise while we work out how all of this is going to look in the future)

2 Likes

They made it sound like BYOD was a benefit they were conferring upon us. To be honest, compared to using “a crappy Dell with Windows 10,” it kinda is.

I cannot transport information between MS (work-controlled) apps and non-MS apps.

To be honest, I have no problem following those rules, but if I can’t cut-and-paste into documents (or use my text expansion snippets), it makes work more challenging. There’s a lot of unnecessary retyping of things.

I don’t think of you (or our IS team) as the enemy. They are trying to do what is right. There is a middle ground between locked-down security and free-for-all independence that allows us to get our work done in a secure manner. I think we haven’t hit that yet. In the meantime, I can’t use any of the great mind mapping software, image programs, and other productivity apps that I bought for the iPad (that I also bought).

I learned today that our university is going down this path. The response from our department chair to our IT was that he certainly expected them at that point forward to be on immediate call to service in person any issues with software on our faculty computers.


JJW

1 Like

What constitutes non-MS apps? Apple apps? Is this policy at its core saying that you can only use WindowsOS or, if you are on macOS, that you cannot use anything but MS Office Suite apps? No Adobe Acrobat Pro for example?

How is this policed? Does a flashing red dialog box pop up when you try to do what you are not allowed? Is the Windows system locked down in such a way that cut+paste only works between MS-apps? Does someone come by every day, run a log-book check on your computer, and snap your fingers with a stiff ruler when they find a violation?

I cannot wrap my head around what this general statement really means in practice, let alone how someone would be able to stop it, let alone how someone would envision punishments for violations.

By example, I get a data set formatted as an Excel spreadsheet. I will analyze it in my non-MS commercial software package. The easiest approach is to copy the data from the spread sheet and paste it into the analysis software table. You mean to tell me that you are not allowed to do this?

(apologies otherwise for taking the thread in a non-MPU direction … I am simply too astounded on this news to let it go)


JJW

1 Like

I can’t speak to what they do on the Windows side, but for Mac users my college has settled on what I think is a reasonable balance.

They started using Jamf a few years ago. In my experience that mostly means that they can remotely push an update or wipe the machine if needed, and OS updates are locked down. So I won’t be putting the Ventura beta on the work machine. OS updates don’t even show as available until IT’s ready to let us install them.

Beyond that, I retain admin access to the computer, and can install software as I wish.

1 Like

For now, this only applies to mobile devices including tablets. I was predominantly using iPadOS, so all my workflows got shutdown.

MS Apps = Teams, Office, Edge, and a bunch of other stuff that comes with the Office365 suite of apps. When I try to open Outlook via the web interface in Safari I get a warning saying it’s not possible. If I try to copy text from TextEdit into Word… nothing will paste. If I paste from Word to TextEdit, instead the test “Your organization’s data cannot be pasted here.”

I think they have the ability to whitelist non-MS apps, but I haven’t explored to see if Adobe works (since I don’t use/have it).

There are no punishments. I just can’t do it. If I had data in Excel I wanted to copy elsewhere, I’d get nothing out of the paste. I use the RegEx and text edit powers in BBEdit on huge files… now I can’t.

I suspect this will just push people to use backdoors (Slack instead of Teams and email, Google Docs instead of Office, etc).

I hope they don’t do that to my Mac. I paid for this. If I want to put Ventura on it, shouldn’t that be my decision?

Anyway, this went off in a direction. I’m not trying to bad mouth anyone. I’m just frustrated that my favorite and most productive device has been rendered useless. After having spent a bunch of money on an iPad Pro + keyboard case.