When you’re supporting ten thousand machines on four continents and confirming to twenty different data protection doctrines the last thing you need is some neckbeard rocking up demanding to store data in their unauditable homebrew fork of Haiku or some shit.
What is achieved with GPOs and agents is compliance, not security.
In other words, company issued devices don’t protect the data, but they ensure conformity with relevant regulations and standards. Which is what most organisations actually care about.
Many good IT people really do care about actual information security, but not those in charge.
The result are devices that hinder some people’s work but provide questionable actual security.
Oh, wait until you get a job in most offices. Microsoft, Microsoft everywhere.
BYOD with Linux? “We can’t install the company’s spyware on it, get that security risk out of here.”
When you’re supporting ten thousand machines on four continents and confirming to twenty different data protection doctrines the last thing you need is some neckbeard rocking up demanding to store data in their unauditable homebrew fork of Haiku or some shit.
What is achieved with GPOs and agents is compliance, not security.
In other words, company issued devices don’t protect the data, but they ensure conformity with relevant regulations and standards. Which is what most organisations actually care about.
Many good IT people really do care about actual information security, but not those in charge.
The result are devices that hinder some people’s work but provide questionable actual security.
I mean they’re not wrong, BYOD is an absolutely ginormous attack vector.
If an organisations’ security relies on the end device configuration there is no security.
Who needs defense in depth, right?
You can bring your own devices, but you don’t get permission to access anything?
Or what are you even trying to say about what the end users device being able to do anything
I don’t think I said anything about what a device can and cannot do
For the user or the company? Assuming the user isn’t a moron with computers?
Edit: guess im out of the loop as a contractor who generally only does BYOD with my linux machine
If a user doesn’t understand that having complete control over every device in your network is essential, he’s being a complete moron with computers.
You should do your work, not worrying about patching all the 128 tools you think you need, that’s other peoples job.