Educause Security Discussion mailing list archives
Re: device security and email using activesync
From: "Patria, Patricia" <PPatria () BENTLEY EDU>
Date: Fri, 5 Nov 2010 08:57:58 -0400
Hi Bob, We also have a BES Server and require Blackberries for any devices that the institution purchases for employees (VPs, Directors, select IT and Facilities staff, etc.). We also require employees with personal Blackberries to connect to our BES server, as that provides additional controls and security. However, we also have an Active Sync server and allow users with Windows Mobile and iPhones to connect to that to sync contacts, calendar and e-mail and do offer support to help get those devices connected. We have similar controls set on both the BES and Active Sync servers for required passwords, timeouts and maximum amount of mail on the phones; the caveat is that users can override the technical controls on certain versions of the iPhone and windows mobile phones. To attempt to prevent that, we also have a Cell Phone and PDA Policy<http://info-privacy.bentley.edu/node/50> and a Data Classification Policy<http://info-privacy.bentley.edu/sites/info-privacy.bentley.edu/files/u21/Bentley%20Data%20Classification%20and%20Usage%20Policyv6.pdf> that prevents sensitive information from being sent via e-mail (knowing that people will read it on phones). Lastly, we require all employees to digitally sign our Acceptable Usage Policy<http://www.bentley.edu/computing-use/index.cfm> on a yearly basis, and also require staff to take mandatory Information Security Training (which reinforces the concept of the BES server and the Cell Phone/PDA policy). So far, the combination of policy, training and technical controls seems to be working. Feel free to contact me if you have additional questions. Patty Patty Patria Chief Information Security Administrator | Bentley University 175 Forest Street, Waltham, MA 02452 |781.891.2364 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Smith, Bob Sent: Thursday, November 04, 2010 6:32 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] device security and email using activesync In our current setup we only allow the use of a Blackberry device, either university or personally owned, connected to our BES for integration with our Exchange system. All devices must conform to the same set of security policies. This current setup has served us well, but recently the desire to integrate/sync the now large numbers of iPads on campus with Exchange has started some research regarding how ActiveSync may play a role in achieving an acceptable level of security (remote wipe, lockout, PIN, etc.) for this and other devices. As part of this research, we are now testing various other devices (iPhone, Droid, iPad, etc.) to see what the actual results are and in doing so I was asked to query this group to see what other institutions are doing or have done with regard to leveraging ActiveSync for security and access to your email system. Do you: * offer support for all devices or just specific devices and what level of support? * allow both institutionally owned and personally owned devices? Why or why not? * require different/same/no security policies for institutionally owned versus personally owned devices? * enforce any security policies using ActiveSync or require/encourage the user to manually set them? * have any "lessons learned" you would care to share? Your feedback is greatly appreciated. Bob Smith AVP IITS & Information Security Officer Longwood University
Current thread:
- device security and email using activesync Smith, Bob (Nov 04)
- Re: device security and email using activesync Patria, Patricia (Nov 05)