cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jay_Scheiner
Newcomer I

BYOD / Mobile

Looking for people's actual experience implementing BYOD for mobile. In particular, if anyone has done this in DoD / DoD contractor space, or something similar (highly sensitive / regulated).

 

- Did you use MDM, if so which? Were there issues enrolling people's personal phones in your MDM solution?

- How would you handle a classified spill, including the potential need to wipe a device?

- How could you ensure the security posture of the device, including that it wasn't jailbroken?

- Any other 'gotchas' ?

2 Replies
CISOScott
Community Champion

One of the things you have to be aware of is false positives.

We use LookOut for work on our Android phones and an investigator got disabled for an attempted rootkit.

He panicked and wiped his device so we could not do forensics on it. (we had called him and told him not to use it as it may be compromised.) Lesson learned: Just tell him to bring it in next time. We suspected something fishy but then another user got the same warning the following week so we now think it was a false positive.

 

 

JGomez
Newcomer I

My biggest concerns with byod and mdm solutions are privacy concerns. Most companies don’t publish what they do and don’t view/track on private devices.

Considering the DoD stance on classified spills on mobile devices was to destroy the device, I would be hesitant to register my own device on their solutions.