Re: Mobile Devices, MDM, and Google...

["Washburn, Ian" <ian () IU EDU>]

Frank,

 

We are evaluating the AirWatch platform. I performed the 3PA for the product and it is in the process of being approved 
by our data stewards. AirWatch would be used for university owned devices and faculty/staff personal devices that have 
a business need to store or consume critical or sensitive university data. 

 

For students and other employee devices we are looking at ATT toggle. This would be an opt-in service available for 
free.

*       Do you do user-based Profiles for MDM, or Device-based Profiles?

*       If user based: Do you treat your Faculty/Staff/Students the same or differently?

In AirWatch we will have both. Device profiles for departmental mobile devices and most likely we will have several 
user profiles that will be based on the type of critical/sensitive data our staff need to consume.

AirWatch will allow us to create profiles for different departments or project groups that would allow us to enforce 
university policy for encryption and password strength. AirWatch allows the restriction of application functions like 
copy and paste and screen captures.

In Toggle we would treat staff and students the same. It’s a free service to our folks. Policies would enforce basic 
security protections but not be held to IU policy standards.

*       What email system do you use?

Our faculty and staff use Exchange and our students are using UMail hosted by google

*       What MDM system do you use? (And do you like it)

Currently we are only using Exchange ActiveSync. We would like more functionaility

*       Do you have a written mobile device policy? (And would you be willing to share it?)

We do have a written mobile device policy IT12.1

 <https://protect.iu.edu/cybersecurity/policies/IT12/12.1> https://protect.iu.edu/cybersecurity/policies/IT12/12.1 

*       What policies do you enforce?

We aren’t currently enforcing any of our policies through Exchange ActiveSync. AirWatch is where we will start 
enforcing encryption and password protection for university devices.

 

 

Ian Washburn, GSEC, GMOB

Lead Security Analyst

University Information Security Office

Indiana University

ian () iu edu

 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank 
Barton
Sent: Thursday, June 4, 2015 4:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mobile Devices, MDM, and Google...

 

Goo afternoon folks, we are in the process of centralizing our Mobile Device Management, and making sure that similar 
(Identical?) rules apply to all platforms, and we had some questions for folks that are already doing this. We are a 
Google Apps university, which adds somewhat of a layer of complexity.

 

The questions we have are:

*       Do you do user-based Profiles for MDM, or Device-based Profiles?

*       If user based: Do you treat your Faculty/Staff/Students the same or differently?

*       What email system do you use?
*       What MDM system do you use? (And do you like it)
*       Do you have a written mobile device policy? (And would you be willing to share it?)
*       What policies do you enforce?

We are currently using the Google MDM to enforce a passcode on android devices across the board, and using Apple's MDM 
for university owned iOS devices. As you can guess, this causes some disconnect, and we are looking to do it right, 
across the board.

 

Thank You

Frank

 

-- 

Frank Barton

ACMT

IT Systems Administrator

Husson University

Attachment: smime.p7s
Description: