landwomble t1_jc1q283 wrote
Every time I read one of these stories I want to know WHY THE FUCK these orgs aren't applying mobile device management policies to gov devices to control what is installed on them. It's easy, they have the tooling already, just TURN IT ON.
mega153 t1_jc249nw wrote
I think this might be just a reclassification situation. Instead of tiktok being blocked implicitly by not being on the whitelist, it's being explicitly blocked on a blacklist. Afaik, we haven't actually got a report of these devices removing tiktok as opposed to just banning the app. Functionally, nothing changed while headlines are made for clicks.
Guigsy t1_jc4i8sb wrote
Iv worked on IT helpdesks for 3 different government agencies/departments in recent times. And currently do. You can't install twitter, Facebook, YouTube or pretty much anything unless you request it and it gets authorised and then pushed out to your device. You don't get access to ether the android or apple stores to download apps.
So there must be more to this than the headline let's on.
Additional_Ad_2778 t1_jc621b7 wrote
There seem to be plenty of reports of people using personal devices for government related business. That might have a lot to do with it. Did your work cover MPs, ministers, consultants and similar positions?
Guigsy t1_jc6cqp8 wrote
I cant say which department/s it was/is. Security is incredibly tight. But its not MI5 or anything like that :D A lot of civil servants mostly at the moment. But iv spoken to people you would put in that list. But not MP's or ministers. Although we were warned they might call if they wanted to. I guess they are too important and have too many assistants to deal with us directly :D
One of the locations i worked had an OG enigma machine i walked past every day. which was cool.
My security training lasted a week when i started. 3 strike rule enforced by security officers who would do occasional patrols arround the place. left pc unlocked, strike, printed something and left it at the printer because it was a mistake and didnt shread it. strike. left any documents on your desk at the end of the day not locked away. strike. 3rd strike was instant dismissal.
My security trainer told a story of when he went to his gym and over heard a guy talking to a fried about where he worked. (This was some time ago when people were not QUITE as concious about security as they should have been.) He didnt mention what he did. mention the place by name or too many specifics. But he could tell from some of the bits he did say that he worked in the building. So he waited for him to leave. took a note of the registration number of his car. Then when he got into work looked up his reg number which was recorded when he comes in the gates and cross referenced it with his security pass. Took his name and went and found his desk. He said he sat down next to him. introduced himself and asked him how how his session at the gym was. Which got a confused reaction. He didnt get a strike. But got given a sturn warning to be more carefull about exactly what he said in public places.
SuperToxin t1_jc230fw wrote
Most likely as simple as “ we don’t want to pay for that and pay to have someone set it up and pay for someone to have to deal with those devices” so instead they just give people a phone.
landwomble t1_jc274xy wrote
UK Gov has M365. They have this already via InTune. Who on earth, outside of government, would think allowing users to install ANYTHING they like on a work device was a good idea, let alone users that are privy to very sensitive information. It's madness.
Additional_Ad_2778 t1_jc25zvw wrote
Because this is how many people in government think.
“I think that’s a personal choice,” Michelle Donelan, the minister at the helm of the U.K.’s new Department for Science, Innovation and Technology, told POLITICO in an interview. “As a Conservative, I strongly believe in personal choice.”
It's shocking to be reminded how thick some of our representatives really are.
landwomble t1_jc27ewj wrote
"As a CIO I strongly believe in protecting the integrity of the network and the information contained within it, you fvcking idiot" would be my response
[deleted] t1_jc40wmg wrote
[deleted]
British_Monarchy t1_jc61055 wrote
I am pretty liberal when it comes to state involvement in my life. From CCTV to banning sugary drinks I want as much freedom to do what I want as possible as long as it doesn't infringe or harm someone else.
But using the "I'll do what I want" on national security is a big fucking leap that just screams either selfishness or ignorance.
FleetAdmiralFader t1_jc2ae2r wrote
For some it's probably a whitelist/blacklist situation and the ban is for the employees with elevated priveleges, not the typical employee. As a developer, I'm allowed a wide range of permissions including some Admin rights. However, my devices are still managed by the company and they turn on restrictions at any point.
This could be a situation where they are explicitly locking down the users that previously had extra permissions....but it's the government so maybe not.
matiyarosz t1_jc4s2mo wrote
They do though, large parts of HMG use InTune as the MDM solution.
And as you say, all they have to do is flick a switch, deploy a new policy and InTune will do everything for them.
GetOutOfTheWhey t1_jc512rh wrote
The truth? It's really all just bring your own device in with these government officials.
And the actual government devices that are provided likely will have the things you just described. But the vast majority are BYOD and people are just being told to remove it.
Whether they do or not, is not possible to be checked because it is BYOD.
landwomble t1_jc66wl7 wrote
Any corp that runs BYOD should be using Conditional Access / InTune or a 3rd party equivalent. You sign into mail/calendar etc and it enrolls your device, turns on and enforces strong PIN, encryption, remote wipe etc.
This is very much a Solved Problem.
Viewing a single comment thread. View all comments