Re: Smartphones

[Matthew Giannetto <MGiannetto () MC3 EDU>]

We recently addressed this same issue.  Here’s our solution.

Faculty and staff who wish to sync their personal devices with the College’s email system have to sign an agreement 
stating that they will enable certain security features on their devices, and that their devices must support these 
features.


·         The device will be configured to connect and be managed using only a supported version of Microsoft 
ActiveSync.

·         The device will be configured to lock after, at most, five minutes of inactivity.

·         The device will be protected by a PIN or other secure password when resuming from a locked state.

·         The device will be configured to securely encrypt College data that is synchronized with the device or 
support Active Sync’s remote wipe feature.
We also require the following in the agreement:


·         If the mobile device is lost, stolen, traded-in, sold, or otherwise disposed of, the user will contact the 
Help Desk immediately.

·         If the mobile device is reported lost, stolen, traded-in, sold, or otherwise disposed of, IT Staff may 
attempt to remotely wipe the device and reset the device back to factory default settings.

We plan to notify users who are syncing and give them a period of time to turn in the agreement.  After that period of 
time, we’ll turn off access to all users, and only allow it for those who have College-managed phones, or have signed 
the agreement.  New users will need to sign the agreement before gaining access.  We plan to provide some level of 
training to help them get complaint as well.

In the future, we also plan to thoroughly test the Exchange ActiveSync security policies to force these configurations.

We support anything that supports ActiveSync.  We don’t provide support for Blackberries.

Thanks,

Matt Giannetto
Manager of IT Security
Montgomery County Community College
mgiannetto () mc3 edu | (215) 619-7442


From: Kellogg, Brian D. [mailto:bkellogg () SBU EDU]
Sent: Wednesday, December 16, 2009 12:58 PM
Subject: Smartphones

We’re curious to see how other Institutions are handling Smartphone security and support for employees/faculty.



·         Do you allow non-university phones to sync with your email?

·         What security do you enforce on the phone if any; pins, encryption, …?

·         Do you allow all types of Smartphone’s or do you limit support to Blackberries or Windows mobile, or …?

·         If you support Blackberries do you run a BES server?  Any opinions on the BES server would be appreciated.



Thanks,

Brian Kellogg
St. Bonaventure University

________________________________
Montgomery County Community College is proud to be
the #1 ranked technology-savvy community college in the nation,
as determined by the Center for Digital Education and Converge magazine.