Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Proper device management could have prevented the FBI/Apple fight

Jeffery Battersby | Feb. 23, 2016
This isn't Apple's fault, it's the County's fault. If the County had done their job, it would be an easy task to open up the iPhone since the MDM software is the equivalent of a legal backdoor.

No policy

San Bernardino County actually owns MDM software but, according to the AP, it never implemented it. Emphasis mine:

San Bernardino had an existing contract with a technology provider, MobileIron Inc, but did not install it on any inspectors' iPhones, county spokesman David Wert said. There is no countywide policy on the matter and departments make their own decisions, he said.

The mistake San Bernardino County made is not unusual. And that mistake is thinking that you have to know all the details of how devices are going to be managed before you begin rolling out a management plan. The mistake is in thinking that having a policy for MDM means you have answers to questions like:

  • What's the password policy?
  • Are we filtering internet?
  • Should we provide VPN?
  • Are we allowing Siri?
  • Is FaceTime cool?

And questions like those lead to questions like:

  • For all departments?
  • For users with personal devices?
  • What if they don't have company email?
  • Do they have access to company data?
  • Are they working in the R&D department?

Which leads to: "There is no policy on this matter and departments make their own decisions."

If you're responsible for iOS devices, here's a simple policy for you:

All devices must be enrolled in the MDM system.

Period. No questions asked.

The simple act of enrolling devices adds the legal backdoor to those devices and allows an administrative user to temporarily wipe a device's passcode, if necessary.

No legal intervention required.

Once enrolled, you can wrangle over the who, what, how and why of security policies. You can even let departments make their own decisions! But while the wrangling or lack thereof takes place, you will have control of all your devices.

A brief shill

If you, like San Bernardino County, have purchased an MDM product, start using it now. Turn it on. Enrol your devices.

If you don't already have something in place, we've spent the last three months looking at Apple's super inexpensive, easy-to-implement MDM service. A few hours and US$20 will get you started.

Really. It's just that simple.

Source: Macworld AU


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.