|
|
Subscribe / Log in / New account

memfd_secret() in 5.14

memfd_secret() in 5.14

Posted Aug 8, 2021 23:54 UTC (Sun) by anselm (subscriber, #2796)
In reply to: memfd_secret() in 5.14 by khim
Parent article: memfd_secret() in 5.14

Just ask your friends who are not a software developers.

Guess what, my friends who are not software developers usually also have company laptops and phones – and like it that way. After all it's a lot easier to ignore or switch off the company phone outside business hours, over the weekend, or during your vacation than your own phone, especially given that with such an arrangement your boss and colleagues don't need to know your private phone number, which is none of their business.

From a company POV, apart from the recruitment issues mentioned earlier, my friends' employers' IT operations and support people presumably prefer dealing with mostly-uniform hardware from known suppliers (including on-site support contracts, and having spares on hand if a machine breaks) and a common standardised software and UI setup, and definitely don't want the security nightmare of employees maintaining VPN connections into the company from their own machines that are also independently connected to the public Internet for non-company stuff (because of course they don't want to route all their employees' Netflix traffic through the company VPN, either). Many companies tend to figure out eventually that giving people centrally-maintained company hardware to use on the job is cheaper in the long run than dealing with the ongoing hassle and expense of getting people's random privately-bought computers to work properly (and securely) on the company's network. The lucky ones do so before the first malware infestation of the company's network via an employee's BYOD computer.

to post comments

memfd_secret() in 5.14

Posted Aug 9, 2021 7:51 UTC (Mon) by khim (subscriber, #9252) [Link] (2 responses)

> Guess what, my friends who are not software developers usually also have company laptops and phones – and like it that way.

Interesting. So you have certainly managed to avoid the trend. Because statistic doesn't support your words at all: 87% of businesses are dependent on their employee’s ability to access mobile business apps from their smartphone and 67% of employees use personal devices at work.

I would guess this percentage is smaller in US and EU and bigger in third-world countries (almost all my friends from Egypt, Iran and Russia don't know about BYOD or any such fancy acronyms because no one ever thought about providing them with company smartphone and very rarely they got a company-provided laptop), but Bitglass, the Next-Gen CASB company, is based in Silicon Valley with offices worldwide — and it observes what I observe and not what you and Wol are observing.

And while your words sound convincing — they don't explain why things you observe and independent statistic observes don't match.

Because statistic very clearly shows that use of personal devices for work purposes is growing, not shrinking and the mitigation strategy chosen by the Industry is to make them… “less pesonal”, I guess: make sure bootloader is locked or security enclaves are installed (things like Intel SGX are developed for that purpose) and so on.

Add to that the fact that states (not just China or Iran, but also EU and US) increasingly want to ensure that nefarious sites they want to ban remain inaccessible to the most of the population — and you can easily imagine where all that is going.

memfd_secret() in 5.14

Posted Aug 9, 2021 9:15 UTC (Mon) by anselm (subscriber, #2796) [Link]

There can also be regulatory-environment issues that work against BYOD. Here in Germany (as in the rest of the EU) there are very strict personal-data protection requirements that need to factor into companies' risk assessments. Many companies reasonably conclude that having customer or client data stored on (or even accessible from) employee-owned hardware is not a Good Idea, due to compliance issues and the increased risk of data breaches and associated fines/bad PR.

(The article you cite looks interesting but the statistics it quotes seem fishy in various respects. It is also tainted by the fact that the author himself seems to be a big fan of BYOD. I probably wouldn't want to lean on it too heavily for support.)

memfd_secret() in 5.14

Posted Aug 9, 2021 10:32 UTC (Mon) by kleptog (subscriber, #1183) [Link]

The statistics are interesting, but I wonder if they're skewed by many companies having people log in remotely via Citrix or just using an online website or some such. Then sure, users can use any computer they like, it doesn't matter. Similarly, if the phone is only used for phone calls and no actual data is stored I can imagine the "using own phone for work" is doable.

The GDPR basically makes storing company data on uncontrolled personal computers a non-starter for most businesses. But remote access gives the user a controlled system, and web-browsers promise not to cache data fetched via TLS.

They can of course say you have to bring your own device otherwise they won't hire you. On the flip side, they're not allowed to just randomly add monitoring to your personal device and if anything goes wrong (like your home laptop gets hacked) you as employee bear no liability. Which is why companies often hand out laptops anyway because as owner they have many more possibilities to secure the device.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds