Educause Security Discussion mailing list archives
Re: iPad / mobile device security and policy
From: "Webb, Justin" <justin.webb () MARQUETTE EDU>
Date: Wed, 2 Feb 2011 19:25:12 +0000
We are using the iPhone Configuration Utility. One other nice thing is that you can sign the individual profiles, so there is some form of verification to the user before they go about installing it. A lot of the information about Enterprise deployment can be found here: http://www.apple.com/support/ipad/enterprise/ The Config profiles can be installed via the utility, or can be accessed by merely browsing to a webpage which has the xml profile on it. Let me know if you have additional questions. Sincerely, Justin P. Webb, GCIH Security Analyst IT Services, Marquette University 414-288-4196 justin.webb () marquette edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL Sent: Wednesday, February 02, 2011 1:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad / mobile device security and policy I'm not an iPad user, so - forgive the questions - is all of this done through the onboard firmware/softare?.....or are you using a 3rd party package to do this? We're still moving to Symantec Endpoint Encryption, and I'm hoping they come up with an iPad client..... M ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Webb, Justin [justin.webb () MARQUETTE EDU] Sent: Wednesday, February 02, 2011 12:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad / mobile device security and policy We are finalizing our iPad/iPhone/iPod policy and will be including a requirement that a basic passcode be placed on our "base" level configuration, which is for all students and staff. We have a higher tiered approach for shared iPads, and finally, we have a full lockdown configuration that will be used when the iPad could potentially contain sensitive data. This last profile requires an alphanumeric unlock code, it wipes after 10 failed attempts, encrypts backups, sets up our Wifi, email, and configures the VPN client. The profile can only be removed by an administrator. Sincerely, Justin P. Webb, GCIH Security Analyst IT Services, Marquette University 414-288-4196 justin.webb () marquette edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Flynn, Gary - flynngn Sent: Wednesday, February 02, 2011 10:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad / mobile device security and policy Along this line, what are people's thoughts on requiring a passcode on aphone or other mobile device whether it is enforced through something like ActiveSync or not? Having hundreds or thousands of mobile devices configured with a campus email account that anyone having physical access to the phone can reach is a bit unnerving. But a lot of people don't like the inconvenience of having to type a passcode to unlock the device before using it. -----Original Message----- From: Marty Manjak <mm376 () ALBANY EDU> Organization: University at Albany Reply-To: <mm376 () albany edu> Date: Wed, 2 Feb 2011 11:19:31 -0500 To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] iPad / mobile device security and policy
Lewis, We are considering using ActiveSynch to push a basic security policy out to personally-owned mobile devices as a condition to getting access to institutional business records. We currently do this with Blackberries that are managed through our own BES server. We have a campus Information Security Council whose membership includes the major data owners (Registrar, HR, Accounting, etc.). That's the governance body that will formulate the policy requiring personally-owned devices to comply with the acceptance of the security policy. This is all in the planning stages but that is the direction and the control mechanism that we are looking to implement. On 02/01/2011 11:46 PM, Watkins, Lewis wrote:I'm looking for model policies and processes for managing iPad use in campus environments? Does your institution have iPad specific policies, or are iPads included in a broader mobile device policy? How do your faculty and administrators currently use iPads? Are any limits place on their use? Do you have specific configuraiton requirements or recommendations? How concerned are you about the security of iPads, particularly for use with confidential information? Thank you for any guidance, advice, or references you can provide. Lewis ____________________________ Lewis Watkins, CISO University of Texas System-- Marty Manjak Information Security Officer University at Albany 518/437-3813 CISSP, GSEC, GCIH, GWIN
-- Gary Flynn Security Engineer James Madison University -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- iPad / mobile device security and policy Watkins, Lewis (Feb 01)
- Re: iPad / mobile device security and policy Semmens, Theresa (Feb 02)
- Re: iPad / mobile device security and policy Flynn, Gary - flynngn (Feb 02)
- Re: iPad / mobile device security and policy Marty Manjak (Feb 02)
- Re: iPad / mobile device security and policy Flynn, Gary - flynngn (Feb 02)
- Re: iPad / mobile device security and policy Julian Y. Koh (Feb 02)
- Re: iPad / mobile device security and policy Webb, Justin (Feb 02)
- Re: iPad / mobile device security and policy SCHALIP, MICHAEL (Feb 02)
- Re: iPad / mobile device security and policy Webb, Justin (Feb 02)
- Re: iPad / mobile device security and policy Flynn, Gary - flynngn (Feb 02)
- Re: iPad / mobile device security and policy Semmens, Theresa (Feb 02)
- <Possible follow-ups>
- Re: iPad / mobile device security and policy Barron Hulver (Feb 02)