Educause Security Discussion mailing list archives

Re: Smartphone Policies.

From: "Maloney, Michael" <mmaloney () MIDDLESEXCC EDU>
Date: Mon, 27 Apr 2009 15:14:16 -0400

Basically our policy boils down to 2 categories

College owned devices.

A) College owned Blackberry's connect via the BES Server. 
B) College owned Windows Mobile devices and Apple Iphone/Touch connect
via Active Sync.  These devices must support remote wiping.
C) All purchases and contracts for all devices must be approved by the
college's purchasing department.  Departments cannot purchase devices
themselves and expect them to be connected. 
D) PIN's must be used in order to access the device.  In the event one
is lost/stolen, we will issue a wipe upon next sync.

Personally owned devices:
A) Personal owned Blackberry's may not connect to the BES Server.
B) Personal Windows Mobile and Apple products may not connect via Active
Sync.
C) All devices may connect via a mobile web browser via Outlook Mobile
Access.
D) By default, all user accounts have Active Sync disabled unless they
have a college owned device capable of using Active Sync.




********************************************
Mike Maloney
Sr. System Engineer
Middlesex County College
2600 Woodbridge Avenue
Edison, NJ 08818
Phone: 732-906-7754
Cell: 908-217-2086
Fax: 732-906-4266
Email: mmaloney () middlesexcc edu
********************************************


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie
Sent: Monday, April 27, 2009 1:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Smartphone Policies.

Long ago, perhaps back in the Pleistocene, a phone could be trusted to
make and receive phone calls and otherwise leave well enough alone.

Now, of course, with iPhones and Blackberries everywhere, people want to
read their mail, check their calendars, and otherwise manipulate College
data using their handheld devices.

Like many places, I'm sure, we've been lax in addressing this, so we've
got departments going off on their own, buying random products, and then
asking ITS to make them work.

Does anyone have some sage advice -- or even better, written policies --
for containing this? Have you standardized on a particular phone OS,
manufacturer, model, etc.?

From almost any perspective -- security, warranty, support, inventory

control -- we need to get a handle on this.

--Matt

-- 
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

Smartphone Policies. Matthew Gracie (Apr 27)
- <Possible follow-ups>
- Re: Smartphone Policies. Plesco, Todd (Apr 27)
- Re: Smartphone Policies. Tupker, Mike (Apr 27)
- Re: Smartphone Policies. Leon DuPree (Apr 27)
- Re: Smartphone Policies. Maloney, Michael (Apr 27)
- Re: Smartphone Policies. Cal Frye (Apr 27)
- Re: Smartphone Policies. Cal Frye (Apr 27)
- Re: Smartphone Policies. Adam Stone (Apr 27)
- Re: Smartphone Policies. Caroline Couture (Apr 27)
- Re: Smartphone Policies. Connie Sadler (May 14)
- Re: Smartphone Policies. Chris Green (May 14)
- Re: Smartphone Policies. Adam Carlson (May 15)