I understand the ban on Siri. I understand the ban on iCloud. I understand the ban on Dropbox.
What I don't understand is how they can do that to employee owned devices? That's crazy. If they buy it- absolutely. If they tell me I can't put work documents or emails on my personal phone for security reasons- I totally get that too. But if you're going to be extremely secure- shouldn't you supply the hardware? I've never understood the IT/Consumer fusion idea- it might work in small businesses not as focused on security- but these huge ones that are anal....
Well, if they mean they're blocking it on their network, it is their network, so they can block whatever they want.
But, if they are serious about security, I hope they are blocking access to all Google services, otherwise, they are a bit confused about what the actual threats are.
Employees will just learn to turn off WiFi at IBM and use their 3/4G connections instead.
Thats not the problem, wifi / 3g / 4g has nothing to do with the security profile installed when configure your phone to access IBM resources. Hence the statement about non-technical people such as your self. Doesn't matter if you are connecting via WI-FI or Cellular network, the Security profile is still installed on the phone when it is configured to access the IBM resources.
Does IBM believe that there is a real person translating the voice to text/searchs?
No.
how is apple going to pour though millions of Siri requests, just to find IBMs secret patent ideas?/infomation. or anyone elses?.
You do know that Siri already knows who your Mom and Dad are and what there address, phone number and email addresses are?
Everything you say to Siri is analyzed (to give you a response) and used to improve the responses.
From the iOS 5.1 Software license agreement...
" (c) Siri and Dictation. The Siri and Dictation features of the iOS Software may not be available in all languages or regions and features may vary by region. To the extent that your iOS Device supports all or some of Siri and/or Dictation, these features may allow you to make requests, give commands and/or dictate text to your device using your voice. When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., "my dad") of your address book contacts; and song names in your collection (collectively, your "User Data"). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation, you agree and consent to Apple's and its subsidiaries' and agents' transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services."
What is going unsaid is that there is a Mobile Device Management (MDM) agent on personal devices restricting access to Siri or iCloud. This agent can do whatever the owner wants. Ideally, it is limited to storing data, keeping devices from being rooted/jailbroken yet allowing positively verifiable remote wipes. However, there is a privacy concern. Companies need to have or at least respect limits to what they can do to your personal device. Likewise, they are opening themselves up for verifiable work grievances: hours off site doing company work and not being compensated, texting or emailing while driving (thus on company time/insurance), spousal investigations (where was my husband last weekend).
This is going to go too far on the MDM side or Apple will need to restrict what services can be disabled. These agents are all permissive. Users can uninstall them at any time but lose access to email, WiFi, storage service drives, etc when they do. The last thing people or companies want to see is an interested senator or congressman inviting them to Washington to explain company actions.
IBM surveyed several hundreds of employees and found that many were "blissfully unaware" of what applications on their mobile devices could be security risks.
THIS is why large companies need to have "extraordinarily conservative" security policies!
On the banning of Siri, Horan admitted that IBM is "extraordinarily conservative" when it comes to security, adding: "It's the nature of our business."
Of course, IBM's conservative policies with respect to applications and serves are not limited to Apple. Third-party file transfer services like Dropbox have also been banned as the company trends toward employee-owned devices.
I hope they've banned all use of Skype. As should all corporations that don't want Microsoft and others to listen in on every call. Especially in light of the fact that most employees are "blissfully unaware" of security issues.
In complete agreement. The security issue is a ruse in that IBM's messages are drops in a very big ocean - nearly impossible to separate, and undoubtedly impossible to screen for nefarious business intelligence. BTW, does Apple really care what IBM is doing? I doubt it!
As a former IBM employee, recently departing since the official support of iPhone, there are numerous ways that they control BYOD situations.
The primary factor is the required iPhone profile that every employee must install to access corporate email. This profile also locks down the phone in a number of other ways; eight character alpha-numeric-punctuation password, the lowest possible unlock time (5 minutes), and other small components.
There was such a misunderstanding of iPhones that it wasn't until very late 2011 / early 2012 that they were even supported. There were a lucky couple (a few thousand) that were included in an internal beta project that eventually moved into product after much debate.
I am not sure if the profile has since been updated but when official support first came out the iPhone 4S was not supported because of the Siri and iCloud capabilities that were part of the preinstalled OS. For users that broke the rules, upgrading their iPhone 4 to the latest OS or using the iPhone 4S they were notified that they *must* disable iCloud (all aspects) and Siri was not to be made available from the lock screen. The issue was that you can access the address book and other system level information without the 8 character password being entered.
Aside from e-mail (LotusNotes - UGH), and the required profile, if you wanted access to any other systems another system profile was required for VPN access. Essentially anything you wanted to do for work required another profile.
After a while you become familiar with the restrictions and learn to deal with them for the most part. The eight character password was by far the biggest issue though, so much so that employees would often skip setting up their phone due to the impact. Imagine every time you want to make a phone call, after 5 minutes of not using your phone, you had to enter eight characters?
As a result of all these restrictions, and people not willing to deal with them, you end up with employees that become 9-5'ers and have no desire to answer emails at 5:01 because they don't want to open their laptop again until 9:00am.
As a former IBM employee, recently departing since the official support of iPhone, there are numerous ways that they control BYOD situations.
The primary factor is the required iPhone profile that every employee must install to access corporate email. This profile also locks down the phone in a number of other ways; eight character alpha-numeric-punctuation password, the lowest possible unlock time (5 minutes), and other small components.
There was such a misunderstanding of iPhones that it wasn't until very late 2011 / early 2012 that they were even supported. There were a lucky couple (a few thousand) that were included in an internal beta project that eventually moved into product after much debate.
I am not sure if the profile has since been updated but when official support first came out the iPhone 4S was not supported because of the Siri and iCloud capabilities that were part of the preinstalled OS. For users that broke the rules, upgrading their iPhone 4 to the latest OS or using the iPhone 4S they were notified that they *must* disable iCloud (all aspects) and Siri was not to be made available from the lock screen. The issue was that you can access the address book and other system level information without the 8 character password being entered.
Aside from e-mail (LotusNotes - UGH), and the required profile, if you wanted access to any other systems another system profile was required for VPN access. Essentially anything you wanted to do for work required another profile.
After a while you become familiar with the restrictions and learn to deal with them for the most part. The eight character password was by far the biggest issue though, so much so that employees would often skip setting up their phone due to the impact. Imagine every time you want to make a phone call, after 5 minutes of not using your phone, you had to enter eight characters?
As a result of all these restrictions, and people not willing to deal with them, you end up with employees that become 9-5'ers and have no desire to answer emails at 5:01 because they don't want to open their laptop again until 9:00am.
I worked for IBM as well, 1996 - 2002, worked in the Unix AIX division, Server Software, I was responsible for custom solution for corps. I also worked in the Webspere division for a while. IBM was great for the first 2 years as I was fresh out of ETH University. However it got old real fast, it doesn't surprise me that they banned the use of Siri. They were always banning stuff like that. So was file sharing, especially Napster. I remember Napster came out late 2001 early 2002 and all of the staff were downloading music, remember no one had broadband back then. I think I was using a Motorola StarTac in 96', horrible phone cute design, that's when I bought my first Nokia Communicator, the 9000. Surprisingly they didn't mind me having it, in fact a few other guys bought one as well even my boss.
Comments
Quote:
Originally Posted by Andysol
I understand the ban on Siri. I understand the ban on iCloud. I understand the ban on Dropbox.
What I don't understand is how they can do that to employee owned devices? That's crazy. If they buy it- absolutely. If they tell me I can't put work documents or emails on my personal phone for security reasons- I totally get that too. But if you're going to be extremely secure- shouldn't you supply the hardware? I've never understood the IT/Consumer fusion idea- it might work in small businesses not as focused on security- but these huge ones that are anal....
Well, if they mean they're blocking it on their network, it is their network, so they can block whatever they want.
But, if they are serious about security, I hope they are blocking access to all Google services, otherwise, they are a bit confused about what the actual threats are.
Employees will just learn to turn off WiFi at IBM and use their 3/4G connections instead.
Quote:
Originally Posted by Gustav
Employees will just learn to turn off WiFi at IBM and use their 3/4G connections instead.
Thats not the problem, wifi / 3g / 4g has nothing to do with the security profile installed when configure your phone to access IBM resources. Hence the statement about non-technical people such as your self. Doesn't matter if you are connecting via WI-FI or Cellular network, the Security profile is still installed on the phone when it is configured to access the IBM resources.
Quote:
Originally Posted by bedouin
How do they block these things? With a firewall? If so it doesn't do much good when the person goes home and has access to an unfiltered network.
They can do it if the device has microsoft exchange account on it. They can also install a profile that has exchange disabled.
You do know that Siri already knows who your Mom and Dad are and what there address, phone number and email addresses are?
Everything you say to Siri is analyzed (to give you a response) and used to improve the responses.
From the iOS 5.1 Software license agreement...
" (c) Siri and Dictation. The Siri and Dictation features of the iOS Software may not be available in all languages or regions and features may vary by region. To the extent that your iOS Device supports all or some of Siri and/or Dictation, these features may allow you to make requests, give commands and/or dictate text to your device using your voice. When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and, for Siri, to also process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., "my dad") of your address book contacts; and song names in your collection (collectively, your "User Data"). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation, you agree and consent to Apple's and its subsidiaries' and agents' transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services."
What is going unsaid is that there is a Mobile Device Management (MDM) agent on personal devices restricting access to Siri or iCloud. This agent can do whatever the owner wants. Ideally, it is limited to storing data, keeping devices from being rooted/jailbroken yet allowing positively verifiable remote wipes. However, there is a privacy concern. Companies need to have or at least respect limits to what they can do to your personal device. Likewise, they are opening themselves up for verifiable work grievances: hours off site doing company work and not being compensated, texting or emailing while driving (thus on company time/insurance), spousal investigations (where was my husband last weekend).
This is going to go too far on the MDM side or Apple will need to restrict what services can be disabled. These agents are all permissive. Users can uninstall them at any time but lose access to email, WiFi, storage service drives, etc when they do. The last thing people or companies want to see is an interested senator or congressman inviting them to Washington to explain company actions.
Quote:
IBM surveyed several hundreds of employees and found that many were "blissfully unaware" of what applications on their mobile devices could be security risks.
THIS is why large companies need to have "extraordinarily conservative" security policies!
On the banning of Siri, Horan admitted that IBM is "extraordinarily conservative" when it comes to security, adding: "It's the nature of our business."
Of course, IBM's conservative policies with respect to applications and serves are not limited to Apple. Third-party file transfer services like Dropbox have also been banned as the company trends toward employee-owned devices.
I hope they've banned all use of Skype. As should all corporations that don't want Microsoft and others to listen in on every call. Especially in light of the fact that most employees are "blissfully unaware" of security issues.
MacDailyNews: Microsoft patents spy tech for Skype
IT Pro Portal: Microsoft spyware goes to Washington
In complete agreement. The security issue is a ruse in that IBM's messages are drops in a very big ocean - nearly impossible to separate, and undoubtedly impossible to screen for nefarious business intelligence. BTW, does Apple really care what IBM is doing? I doubt it!
As a former IBM employee, recently departing since the official support of iPhone, there are numerous ways that they control BYOD situations.
The primary factor is the required iPhone profile that every employee must install to access corporate email. This profile also locks down the phone in a number of other ways; eight character alpha-numeric-punctuation password, the lowest possible unlock time (5 minutes), and other small components.
There was such a misunderstanding of iPhones that it wasn't until very late 2011 / early 2012 that they were even supported. There were a lucky couple (a few thousand) that were included in an internal beta project that eventually moved into product after much debate.
I am not sure if the profile has since been updated but when official support first came out the iPhone 4S was not supported because of the Siri and iCloud capabilities that were part of the preinstalled OS. For users that broke the rules, upgrading their iPhone 4 to the latest OS or using the iPhone 4S they were notified that they *must* disable iCloud (all aspects) and Siri was not to be made available from the lock screen. The issue was that you can access the address book and other system level information without the 8 character password being entered.
Aside from e-mail (LotusNotes - UGH), and the required profile, if you wanted access to any other systems another system profile was required for VPN access. Essentially anything you wanted to do for work required another profile.
After a while you become familiar with the restrictions and learn to deal with them for the most part. The eight character password was by far the biggest issue though, so much so that employees would often skip setting up their phone due to the impact. Imagine every time you want to make a phone call, after 5 minutes of not using your phone, you had to enter eight characters?
As a result of all these restrictions, and people not willing to deal with them, you end up with employees that become 9-5'ers and have no desire to answer emails at 5:01 because they don't want to open their laptop again until 9:00am.
Quote:
Originally Posted by BlueBacks
As a former IBM employee, recently departing since the official support of iPhone, there are numerous ways that they control BYOD situations.
The primary factor is the required iPhone profile that every employee must install to access corporate email. This profile also locks down the phone in a number of other ways; eight character alpha-numeric-punctuation password, the lowest possible unlock time (5 minutes), and other small components.
There was such a misunderstanding of iPhones that it wasn't until very late 2011 / early 2012 that they were even supported. There were a lucky couple (a few thousand) that were included in an internal beta project that eventually moved into product after much debate.
I am not sure if the profile has since been updated but when official support first came out the iPhone 4S was not supported because of the Siri and iCloud capabilities that were part of the preinstalled OS. For users that broke the rules, upgrading their iPhone 4 to the latest OS or using the iPhone 4S they were notified that they *must* disable iCloud (all aspects) and Siri was not to be made available from the lock screen. The issue was that you can access the address book and other system level information without the 8 character password being entered.
Aside from e-mail (LotusNotes - UGH), and the required profile, if you wanted access to any other systems another system profile was required for VPN access. Essentially anything you wanted to do for work required another profile.
After a while you become familiar with the restrictions and learn to deal with them for the most part. The eight character password was by far the biggest issue though, so much so that employees would often skip setting up their phone due to the impact. Imagine every time you want to make a phone call, after 5 minutes of not using your phone, you had to enter eight characters?
As a result of all these restrictions, and people not willing to deal with them, you end up with employees that become 9-5'ers and have no desire to answer emails at 5:01 because they don't want to open their laptop again until 9:00am.
I worked for IBM as well, 1996 - 2002, worked in the Unix AIX division, Server Software, I was responsible for custom solution for corps. I also worked in the Webspere division for a while. IBM was great for the first 2 years as I was fresh out of ETH University. However it got old real fast, it doesn't surprise me that they banned the use of Siri. They were always banning stuff like that. So was file sharing, especially Napster. I remember Napster came out late 2001 early 2002 and all of the staff were downloading music, remember no one had broadband back then. I think I was using a Motorola StarTac in 96', horrible phone cute design, that's when I bought my first Nokia Communicator, the 9000. Surprisingly they didn't mind me having it, in fact a few other guys bought one as well even my boss.