The new iPad has CIO's quaking in their cubicles

N2IT · March 2012

The new iPad has CIOs quaking in their cubicles — Cloud Computing News

Another jacked article from Linked In.

I found this one very interesting.

It looks like architects better get that road map out and start coming up with some strategies. These babies are coming in hot and IT better be able to support them. The amount of devices on the networking is going to continue to climb.

I'd like to hear the networking guys talk about this and how they plan on adapting to this change.

tpatt100 · March 2012

I'm surprised it is a problem "now". Smart phones should have been the advanced warning

shaqazoolu · March 2012

If I'm a CIO I better have an office to shake in. I've been in a cubicle long enough.

DevilWAH · March 2012

tpatt100 wrote: »

I'm surprised it is a problem "now". Smart phones should have been the advanced warning

The problem is not supporting them on the network thats easy. but its the fact people want to use them to access sensitive data, as well as use them as personal devices.

How would you feel if you employer wanted to bring his own desktop in to work, the same one he had been trawling through **** with the night before and that was potential full of malwear. Trouble is people want there "ipad" to be personal to them so that out side of work they can use it for what they like, while at work it is treated as a trusted device...

People have the attude that if they have brought a device they should be able to do what they want with it out side of work, and that is prvt to them.

Smart phone where very different, mostly people only want to sync contacts and calendars. Ipad they want to present the company figures on it at 3pm then go home and stream some doggy film to it at 11pm..

I can make the device secure, but only be restricting there personal use of it, so its finding the balance at the moment, how much big brother will people accept.

N2IT · March 2012

You don't see a potential availability issue with all those new devices coming into the environment? That's a lot more RF being utilized. I don't think I would chalk it up as being "easy". I think there is some potential risk there.

tpatt100 · March 2012

DevilWAH wrote: »

The problem is not supporting them on the network thats easy. but its the fact people want to use them to access sensitive data, as well as use them as personal devices.

How would you feel if you employer wanted to bring his own desktop in to work, the same one he had been trawling through **** with the night before and that was potential full of malwear. Trouble is people want there "ipad" to be personal to them so that out side of work they can use it for what they like, while at work it is treated as a trusted device...

People have the attude that if they have brought a device they should be able to do what they want with it out side of work, and that is prvt to them.

Smart phone where very different, mostly people only want to sync contacts and calendars. Ipad they want to present the company figures on it at 3pm then go home and stream some doggy film to it at 11pm..

I can make the device secure, but only be restricting there personal use of it, so its finding the balance at the moment, how much big brother will people accept.

Employees were already a problem with mixing personal and business when companies began issuing laptops. Employees thought of laptops as their "personal" laptop and were mixing work files along with personal files. Back in the day of Napster I was finding peer to peer software installed on machines like Kazaa.

Then MP3 players that were flash drives came along and employees were plugging the devices into their work machines to transfer files back and forth.

Then smart phones with the following capabilities mobile hotspot, hard drive, file sharing, cameras, etc etc came into the work place. I had a hell of a time convincing my bosses that we needed to address this when I caught employees using their wifi on their phones to connect their laptops to get around Websense or they were plugging the devices into their work machines to transfer music over and or pictures.

All of this stuff of separating work and personal has been a problem for a long time and companies should have already addressed this then and easily adapt to it now. We can have iPads at work but they only connect to the unsecure wifi and NO work files are allowed on them. I use mine just for study pdf files basically when I am at work anyways.

SteveLord · March 2012

FWIW, Apple just released their own Apple Configuration app. Catch is you need an Apple machine to run it on (an issue where I work...for now.) And for those who didnt know, its against EULA to run Apple operating systems in a virtual environment that doesnt sit on Apple hardware.

Here it is in their Mac App store.
http://itunes.apple.com/us/app/apple-configurator/id434433123?mt=12

rwmidl · March 2012

There was a spot on the Today show this morning about a test Symantec did. They dropped a few smart phones with "apps" such as "HR Payroll" and other sensitive appearing applications in public locations to make it appear they were "lost". They then tracked the phones to see what happened and what apps people accessed. Sure enough, most of the found phones, people were searching through the "sensitive" apps.

DevilWAH wrote: »

The problem is not supporting them on the network thats easy. but its the fact people want to use them to access sensitive data, as well as use them as personal devices.

How would you feel if you employer wanted to bring his own desktop in to work, the same one he had been trawling through **** with the night before and that was potential full of malwear. Trouble is people want there "ipad" to be personal to them so that out side of work they can use it for what they like, while at work it is treated as a trusted device...

People have the attude that if they have brought a device they should be able to do what they want with it out side of work, and that is prvt to them.

Smart phone where very different, mostly people only want to sync contacts and calendars. Ipad they want to present the company figures on it at 3pm then go home and stream some doggy film to it at 11pm..

I can make the device secure, but only be restricting there personal use of it, so its finding the balance at the moment, how much big brother will people accept.

Roguetadhg · March 2012

The problem will only get worst. It won't go away.

I'm considering hiding the wireless SSID because I keep getting asked for the Wireless password - which I have to lookup, and write down because it's so darned complex.

I still don't understand the lack of a name for the ipad.

DevilWAH · March 2012

tpatt100 wrote: »

Employees were already a problem with mixing personal and business when companies began issuing laptops. Employees thought of laptops as their "personal" laptop and were mixing work files along with personal files. Back in the day of Napster I was finding peer to peer software installed on machines like Kazaa.

Then MP3 players that were flash drives came along and employees were plugging the devices into their work machines to transfer files back and forth.

Then smart phones with the following capabilities mobile hotspot, hard drive, file sharing, cameras, etc etc came into the work place. I had a hell of a time convincing my bosses that we needed to address this when I caught employees using their wifi on their phones to connect their laptops to get around Websense or they were plugging the devices into their work machines to transfer music over and or pictures.

All of this stuff of separating work and personal has been a problem for a long time and companies should have already addressed this then and easily adapt to it now. We can have iPads at work but they only connect to the unsecure wifi and NO work files are allowed on them. I use mine just for study pdf files basically when I am at work anyways.

Indeed, but if its a company lap top I can easily put a stop to you using it for any thing else. I can stop you loading software.only allow it to connect to the company network. Block it form accessing the netowrk if you have made any unoffical changes. In fact I can pretty much lock it down as much as I want. Disable all the usb ports, you name it I can do it. if its my company and I have paid for it, I can do what I want to prevent you using it for personal use.

So like you say most compinies have a public wireless net work./hotspot that people can use personal devices on.

I can easily make you personal device secure on my network, but to do so I have to restrict your personal use of it, which again I can do, there's plenty of software around i could use to do so. But would you let me. In my compny we have a very simple policy when it comes to mobile devices, if you want them on the corprate network thats fine, but it does require us to install software on them and it does mean we take control of some functions. To the point you agree we can remotly wipe your device if we think it has been stolen or compromised. And we track what soft were is loaded and can unnstall it remotly. If you dont agree with it you stay on the public wifi and cant access senstive company info.

Roguetadhg · March 2012

DevilWAH wrote: »

I can easily make you personal device secure on my network, but to do so I have to restrict your personal use of it, which again I can do, there's plenty of software around i could use to do so. But would you let me. In my compny we have a very simple policy when it comes to mobile devices, if you want them on the corprate network thats fine, but it does require us to install software on them and it does mean we take control of some functions. To the point you agree we can remotly wipe your device if we think it has been stolen or compromised. And we track what soft were is loaded and can unnstall it remotly. If you dont agree with it you stay on the public wifi and cant access senstive company info.

Nice, what software?

DevilWAH · March 2012

http://images.apple.com/ipad/business/docs/iOS_Security.pdf for what is built in to ipods, we also require some other software to be installed that the user can't remove.

IPADs and Blackberries I think are possible the most business friendly, although Android is not bad.

As i said its not that it cant be done, just that in doing it we remove the control of the device from the owner to the business, and most individuals don't like this.

nerdydad · March 2012

One of the biggest things I have noticed on the network side is lack of addresses, when we set up guest wireless, it is usually just for a small amount of users, so we assign /25 or 26, but all the employees start using up those addresses with thier personal devices.

N2IT · March 2012

nerdydad wrote: »

One of the biggest things I have noticed on the network side is lack of addresses, when we set up guest wireless, it is usually just for a small amount of users, so we assign /25 or 26, but all the employees start using up those addresses with thier personal devices.

Thanks for addressing the question!

Would you ever considering issuing more address if more people brought more devices in or just deal with unavailability?

nerdydad · March 2012

N2IT wrote: »

Thanks for addressing the question!

Would you ever considering issuing more address if more people brought more devices in or just deal with unavailability?

Well, what we are dealing with now is there is a corporate standard and we are trying to get them to change the standard, as it stands we request a varience depending on the site. Perhaps IPv6 will fix the limitation, but as it stands, thare are only so many addresses, so...

themagicone · March 2012

Availablilty to me seems to be easier to fix than now people running mobile hot spots and running ad-hoc networks. How many calls do help-desk get "I can't access X on my laptop", you spend 30 mins tracking it down to find out they are connected to someones IPad, etc. To me that seems that will be harder to fix. You can't turn off connecting to various wireless networks if the person travels and they need to connect to public wi-fi.

N2IT · March 2012

themagicone wrote: »

Availablilty to me seems to be easier to fix than now people running mobile hot spots and running ad-hoc networks. How many calls do help-desk get "I can't access X on my laptop", you spend 30 mins tracking it down to find out they are connected to someones IPad, etc. To me that seems that will be harder to fix. You can't turn off connecting to various wireless networks if the person travels and they need to connect to public wi-fi.

That's a good point about connecting to other devices. Especially users who are not savvy at all with technology.

QHalo · March 2012

N2IT wrote: »

The new iPad has CIOs quaking in their cubicles — Cloud Computing News

Another jacked article from Linked In.

I found this one very interesting.

It looks like architects better get that road map out and start coming up with some strategies. These babies are coming in hot and IT better be able to support them. The amount of devices on the networking is going to continue to climb.

I'd like to hear the networking guys talk about this and how they plan on adapting to this change.

This starts with management, IT access policies and acceptable use of company infrastructure and equipment. Define how employees are allowed to use those pieces of equipment and then plan accordingly and you'll be just fine. I think most organizations already started doing this with the first iteration of the iPad and other mobile devices.

dustinmurphy · March 2012

I think it all comes down to corporate policy. Most of the places I've worked... if you want IT equipment for business use, the company has to provide it.. otherwise, you don't use the company network or its resources. If you want to use your personal equipment, it can access the public WiFi (internet-only, does not connect to corporate network)

In my eyes... if someone needs an iPad for business use... they need to make a good case and bring it up to management... and it should be company provided. (which also means company secured and admin'd) That's always been my policy. (I've worked for small companies... so it may or may not be different for larger companies... but the ones I've worked for in non-IT positions did not have availability for personal devices)

Same goes with phones / laptops.

What ends up happening if companies don't adopt this type of policy is that there are new, unknown holes in security. What happens when that employee that stores his/her business documents on a personal device... then leaves the company? They now have access to all of their business docs. Sometimes this isn't a problem... but other times, it is.

demonfurbie · March 2012

i disabled ssid broadcasting just to stop the bandwidth sucking tablets

i had 1 user that would download over 30 gig aday to his tablet

SteveLord · March 2012

BYOD = Business not paying for the hardware and getting nearly free labor out of someone that at a minimum, will be doing email with said hardware. Main attraction right there. $:\$

N2IT · March 2012

SteveLord wrote: »

BYOD = Business not paying for the hardware and getting nearly free labor out of someone that at a minimum, will be doing email with said hardware. Main attraction right there. $:\$

Remote users on their own devices.

Company A
Liabilities and Shareholders Equity
Toilet paper 0
Electricity 0
Laptops 0
Desktops 0
Lease 0
Coffee 0
Public utilities 0

DevilWAH · March 2012

dustinmurphy wrote: »

What ends up happening if companies don't adopt this type of policy is that there are new, unknown holes in security. What happens when that employee that stores his/her business documents on a personal device... then leaves the company? They now have access to all of their business docs. Sometimes this isn't a problem... but other times, it is.

Thats why in my company you agree to remote wipe software installed on your device that we have the access to invoke. When you sign your device on the the interneal network you agree that before you leave you will hand it to IT with you personal passwords if nessesary so it can be checked for company data. FAiler to do so means a complete remote wipe after you leave.

DevilWAH · March 2012

dustinmurphy wrote: »

In my eyes... if someone needs an iPad for business use... they need to make a good case and bring it up to management... and it should be company provided. (which also means company secured and admin'd) That's always been my policy. (I've worked for small companies... so it may or may not be different for larger companies... but the ones I've worked for in non-IT positions did not have availability for personal devices)

Here is the problem people don't want that, People wants ipod for work or a laptop. So you say right company will provide a dell 6410 or Ipad 2. They say hold on I already have an ipad 3 or a mac air, I don't want to carry two lap tops around or two tablets. why can't I just use mine???

This is not just a case of the company not providing equipment, its people not satisfied with what the company provide. Phones are another prime example, you need work email on your phone, fine here is a blackberry... But hold on the say, I have an iphone why cant I sue that, that can receive email two, i dont want to have to carry two phones....

So its not a case of the company not wanting to pay for equipment, but that users want to use specific devices, dosen't matter if the company buys them or they belong to the indivual the issue is still the same. Most companies have standard devices to keep management easy. what is happening if is the varity of devices is increasing daily. Being able to keep these "secure and Admin'd" is a huge task, for what ever reason they are on the network.

dustinmurphy · March 2012

DevilWAH wrote: »

Here is the problem people don't want that, People wants ipod for work or a laptop. So you say right company will provide a dell 6410 or Ipad 2. They say hold on I already have an ipad 3 or a mac air, I don't want to carry two lap tops around or two tablets. why can't I just use mine???

This is not just a case of the company not providing equipment, its people not satisfied with what the company provide. Phones are another prime example, you need work email on your phone, fine here is a blackberry... But hold on the say, I have an iphone why cant I sue that, that can receive email two, i dont want to have to carry two phones....

So its not a case of the company not wanting to pay for equipment, but that users want to use specific devices, dosen't matter if the company buys them or they belong to the indivual the issue is still the same. Most companies have standard devices to keep management easy. what is happening if is the varity of devices is increasing daily. Being able to keep these "secure and Admin'd" is a huge task, for what ever reason they are on the network.

Right... and that's why it comes down to corporate policy. If corporate policy dictates that personal items are not allowed to be used on the business network.. then it's against policy, and the user just needs to suck it up... but these are not things that a Sys Admin or anyone at that level can implement... it has to be implemented by upper management (and should).

If corporate policy says that the devices can be used on the business network... for business uses... then, going the route that your company has taken (basically requiring the business to take "ownership" of the security and software on the device) is the best way.

I know that in all the companies I've worked... if a user wanted equipment such as a smartphone, laptop, or tablet... they had to be provided by the company. I also know that Intel has a similar policy, however emails can be setup on a phone... but nothing else (though OWA access). My mother-in-law works in the HR at Intel... and she gets upset because she can't get her calendar on her Android phone... because it's her personal phone.

My brother-in-law works for BofA... and he works from home 90%+ of the time... but they provide and control his access from home (has a VPN router, VOIP phone, specific printer, and a company-provided laptop). When he is on "leave" for one reason or another... they cut his access... he can't even surf the internet on the laptop). Same thing with his phone. The company provides him a phone... even though he had his own smartphone.

I use my personal laptop for logging in from home at both of my last 2 jobs... BUT... I was part of a small IT department (if not ALL the IT department)...

unclerico · March 2012

This is an issue we are facing now as well, as I'm sure most companies will in the very near future. We provide an unsecured SSID for guests to use, but they don't get free reign to use as much bandwidth as they want. With our wireless solution we can police traffic to whatever we see fit. We open 443 inbound on the firewall applied to the guest SSID so that they can connect with Junos Pulse and from there they can access RDP and in a very short while their Virtual Desktop.

I try to enforce as much security as possible, but the execs think they are so much smarter than I am and so ultimately I get overridden. Their attitude is that of a company from 10 years ago so we/they will be compromised at some point. I brought in a security firm to do an enterprise assessment and we were completely owned. They got something like 50% of the people to respond to a spear phishing attack and turned over their credentials. Hell, even our CNC administrator says that we should have told her they were coming so she could change passwords for our ERP system. These people just don't get it.

SephStorm · March 2012

I see no need for these devices at work. Honestly.

SteveLord · March 2012

SephStorm wrote: »

I see no need for these devices at work. Honestly.

As with all tablets, "It depends what you use it for."

themagicone · March 2012

I've had this argument numerous times with previous employers. Now days I accept the fact that I am going to get what give and those items are for business. So what I have to carry 2 smart phones, it's not really that big of a deal. Personal stays in car/hotel room, all calls are forwarded to business phone + I have pop access to personal email so I just use that during the day. If business phone is destroyed, lost, stolen, etc this it's the employers responsibility to replace it. Now if I was using my personal phone and it was lost/stolen/etc, no employer is going to pay for it.

When I worked for a job long time ago I needed a laptop to work on some of their equipment. They wouldn't provide one (not sure how they thought the equipment was going to be fixed elsewise, but that's another story). I went and bought one to use. They said they claimed no responsibility on it so when I left the company they said the needed to inspect the computer for sensitive data. I told them to screw off unless they had a search warrant. They didn't say one more word to me.

The new iPad has CIO's quaking in their cubicles

Comments