AusCERT Tough Talk live panel

AusCERT Tough Talk live panel

Summary: How are Australian businesses coping with BYOD, and how should they? We come up with answers in this live broadcast.

SHARE:
6

On 17 May, at 4:10pm AEST, ZDNet Australia hosted a live panel discussion from the AusCERT 2012 event held in the Gold Coast, Queensland.

The panel was entitled "Tough Talk: BYO Disaster?" and dealt with the issues organisations face in coping with employees (and sometimes the boss) bringing their own devices into, what is supposed to be, a secure workspace.

Despite the incredible proliferation of mobile devices, and our increasing dependence on them, some companies are simply throwing up their hands and banning the devices. So, how should Australian businesses deal with the BYOD situation?

We talked to experts in the security field, to come up with best policies for ensuring that you're not a BYOD casualty.

The panel was moderated by ZDNet Australia's Brian Haverty, and featured guests included:

Richard Byfield, Datacom, managing director of Technical Security Services. (Credit: Datacom)


Charles Tomeo, Webroot Software, director of Systems Engineers. (Credit: Webroot Software)


Andrew Bycroft, Earthwave senior architect. (Credit: Andrew Bycroft)


Sean Doherty, Symantec, vice president and CTO, Enterprise Security Group. (Credit: Symantec)


Topics: AUSCERT, Security, ZDNetLive

Brian Haverty

About Brian Haverty

Brian Haverty has been editing and writing on an extensive range of technology subjects for 10 years in Australia but the areas he specialises in are digital publishing and production systems. He has launched a number of print publications in Australia, including Technology & Business and C|Level, and has served as Editor-in-Chief for the Australian editions of PC Magazine and Windows Sources.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Will an audio pod be available for the "Tough Talk: BYO Disaster?"
    st956703@iinet.com.au
    sierratango
  • did this go to 'net at 4pm Eastern Australian time?
    sierratango
    • Yes

      It did, yes.
      iBeanie
  • Hi Sierra,

    This is viewable above. Tell me if you're not able to see it.
    suzanne.tindal
  • Too scared? Use NAP

    I do not understand the notion that one cannot do anything about people bringing their own devices.
    It is completely possible and plausible to effectively block BYO devices.
    You can use Microsoft Network Access Protection at the switch 802.1x level, which will make sure those devices are not iOS-based not Linux-based, that they are sanitized, have updates/AV installed etc. You can ensure ipsec with kerberos inside AD domain and control policies using GPO, so non-AD-joined Windows machines would not be able to access ANY internal resources, including Internet Proxies. The only compatibility issue you may have is with Linux or non-AD-joined devices like printers etc. Those can be isolated onto its own VLAN and connected to its own servers that do not have the above enforcements but are not accessible to poi polloi LAN/WiFi.
    On the switchports, enable DHCP protection to safeguard your main VLAN against unwise folks who misconfigure their WiFi access point they decided to bring to work. Also limit number of MAC addresses to 1, so they do not connect other hubs/switches.
    Everything is possible, if planned and deployed properly.
    Otherwise your best bet is use VDI or Citrix XenApp/Microsoft App-V.
    cubeover
  • The right BYOD architecture

    A proper BYOD architecture would be domain-joined accounts, not machines.
    E.g. your Exchange email would be controller with corporate policies - you would need to type a PIN when opening that account, only account data would be wiped, corp policies would control what you can save and where etc.
    Right now this is only possible on a machine level, and machine management can be enforced only on Microsoft Windows Pro editions - so here lies the root of the issue.
    If this is shifted to account level (also with SkyDrive, Skype etc) then your company could control all accounts you use for work, even on your personal devices.
    But the protocols aren't there yet.
    cubeover