Educause Security Discussion mailing list archives
Re: Smartphone Policies.
From: "Maloney, Michael" <mmaloney () MIDDLESEXCC EDU>
Date: Mon, 27 Apr 2009 15:14:16 -0400
Basically our policy boils down to 2 categories College owned devices. A) College owned Blackberry's connect via the BES Server. B) College owned Windows Mobile devices and Apple Iphone/Touch connect via Active Sync. These devices must support remote wiping. C) All purchases and contracts for all devices must be approved by the college's purchasing department. Departments cannot purchase devices themselves and expect them to be connected. D) PIN's must be used in order to access the device. In the event one is lost/stolen, we will issue a wipe upon next sync. Personally owned devices: A) Personal owned Blackberry's may not connect to the BES Server. B) Personal Windows Mobile and Apple products may not connect via Active Sync. C) All devices may connect via a mobile web browser via Outlook Mobile Access. D) By default, all user accounts have Active Sync disabled unless they have a college owned device capable of using Active Sync. ******************************************** Mike Maloney Sr. System Engineer Middlesex County College 2600 Woodbridge Avenue Edison, NJ 08818 Phone: 732-906-7754 Cell: 908-217-2086 Fax: 732-906-4266 Email: mmaloney () middlesexcc edu ******************************************** -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie Sent: Monday, April 27, 2009 1:09 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Smartphone Policies. Long ago, perhaps back in the Pleistocene, a phone could be trusted to make and receive phone calls and otherwise leave well enough alone. Now, of course, with iPhones and Blackberries everywhere, people want to read their mail, check their calendars, and otherwise manipulate College data using their handheld devices. Like many places, I'm sure, we've been lax in addressing this, so we've got departments going off on their own, buying random products, and then asking ITS to make them work. Does anyone have some sage advice -- or even better, written policies -- for containing this? Have you standardized on a particular phone OS, manufacturer, model, etc.?
From almost any perspective -- security, warranty, support, inventory
control -- we need to get a handle on this. --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Smartphone Policies. Matthew Gracie (Apr 27)
- <Possible follow-ups>
- Re: Smartphone Policies. Plesco, Todd (Apr 27)
- Re: Smartphone Policies. Tupker, Mike (Apr 27)
- Re: Smartphone Policies. Leon DuPree (Apr 27)
- Re: Smartphone Policies. Maloney, Michael (Apr 27)
- Re: Smartphone Policies. Cal Frye (Apr 27)
- Re: Smartphone Policies. Cal Frye (Apr 27)
- Re: Smartphone Policies. Adam Stone (Apr 27)
- Re: Smartphone Policies. Caroline Couture (Apr 27)
- Re: Smartphone Policies. Connie Sadler (May 14)
- Re: Smartphone Policies. Chris Green (May 14)
- Re: Smartphone Policies. Adam Carlson (May 15)