|
I am coming from the business side rather than from the IT side, but I have been asked to solve a business problem that I think is totally common nowadays, and I hope you can help me with some system admin solutions.
I need to know if my idea will work and it would be very helpful if you could point out some problems areas that I need to consider.
We are a large international organization with a Microsoft infrastructure and about 200 staff who travel frequently. They typically use laptops we provide, but also they want to use their own devices (Bring Your Own Device = BYOD) such as iPads, Macintosh laptops, smartphones, Android tablets, you name it.
What I would like to say to our staff is this:
"Your work computer will be a laptop that you can take home with you or take abroad on your travels.
When you receive this computer it will come with a set of standard software installed, including anti-virus software. Thereafter you have admin rights over this laptop, you are completely responsible for everything on this computer, including backups, just as if it were your personal property. When you leave our organization, you turn your computer in.
"You store your work on your own computer, so you are responsible for backups. If you finish something that should be shared with your colleagues, you upload it to our corporate intranet online, and you let people know it’s there.
"When you come to the office, you will be able to plug your laptop into a docking station with a large-screen monitor and a keyboard. You can log into our network on your office computer, but not on any personal device.
"If you want to access the Internet or printers with any device other than your office laptop you can do so wirelessly."
What do you experienced System Administrators think of this approach. I know our staff would love me for it because they have some big problems with the security of our network, because they can't BYOD, they can install personal software on their laptops, getting software updates is a big hassle with the IT department, etc.
Thanks in advance for your help!
- Thom
|
|
|
|
|
quinet wrote: I know our staff would love me for it
And I suspect your IT department and company lawyers would hate you. IT security is a very serious business and in any corporate organisation it is important to keep good control in order to protect your financial and intellectual property. If you open up your corporate network so people can hook their own systems into it whenever they like, then you are likely to face some serious issues. However many promises people make and however many rules you ask them to follow, the system will be abused.
My advice, don't do it.
Unrequited desire is character building. OriginalGriff
I'm sitting here giving you a standing ovation - Len Goodman
|
|
|
|
|
Richard MacCutchan wrote: And I suspect your IT department and company lawyers would hate you. IT security is a very serious business and in any corporate organisation it is important to keep good control in order to protect your financial and intellectual property. If you open up your corporate network so people can hook their own systems into it whenever they like, then you are likely to face some serious issues. However many promises people make and however many rules you ask them to follow, the system will be abused. My advice, don't do it.
Depends on the network setup. At the customer site I work at, the wireless and office network are 2 distinct and separate connections to the Internet. When connected to the wireless there is no connectivity to the servers available unless you connect in via the VPN or have a Domain connected laptop that uses Direct Access to connect in from anywhere.
If the Wireless and Wired network are all running off the same Internet connection and internal network, then like you say, runaway.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
quinet wrote: "When you come to the office, you will be able to plug your laptop into a
docking station with a large-screen monitor and a keyboard. You can log into our
network on your office computer, but not on any personal device.
In addition to our desktops we employ this setup for our laptop users. This is becoming more common as the power and memory capabilities increasingly are cheaper.
quinet wrote: "Your work computer will be a laptop that you can take home with you or take
abroad on your travels. When you receive this computer it will come with a
set of standard software installed, including anti-virus software. Thereafter
you have admin rights over this laptop, you are completely responsible for
everything on this computer, including backups, just as if it were your personal
property. When you leave our organization, you turn your computer in.
Again this is a great idea, but I would advise using some form of encryption. Bitlocker works well, but it depends on what OS you're currently using. They're are other software based encryption programs to use w/leagcy OS'. This still can create an issue as the user almost never do backups or willingly run AV scans. As long as you're using Active Directory you could push out Forefront and do Bitlocker key recovery. They still download willy-nilly programs like RegReviver and what not, but this gives you a stance on giving them an ultimatim. Either you behave with it, or we'll just re-image it when you screw it up. This tends to stop a lot of the BS downloaders, but not all of them.
quinet wrote: "If you want to access the Internet or printers with any device other than your
office laptop you can do so wirelessly."
We do this as well and it works very well, as it exists on an external network. This can present some issues too if you're in a building close to other businesses or the public I guess. We're fortunate to be "out-of-town", but I think this would still be an answer for the BYOD'ers.
Something worth reading, albeit it's invincible!
|
|
|
|
|