Computer question | Syracusefan.com

Computer question

Capt. Tuttle

Capt. Tuttle

Living Legend
Joined
Aug 22, 2011
Messages
25,607
Like
36,045
My office has a server. We have 10 people who use it. Each has their own laptop. We all run windows. Most of our programs are cloud based. (Caveat, I expect to be adding at least 5 people in 2022.)
Two tech people have told my staff that we should have “business” PCs, not the “personal” PCs that we have.
My question is why? What is the difference. I am looking at a $10-15k investment (new pcs, set up, etc)
Thanks in advance.
Merry Christmas
 
You mean personal vs "Business" line computers? There is nothing that makes a business computer a "business" computer. It's kind of like saying "that is a business level car".

Unless you're company is doing high end graphics or computing, basically any laptop made in the last 5 years should be more than suffice for emails, word processing, basic programming etc...

What is the reason that the tech people are telling you?
 
dan7800 said:
You mean personal vs "Business" line computers? There is nothing that makes a business computer a "business" computer. It's kind of like saying "that is a business level car".

Unless you're company is doing high end graphics or computing, basically any laptop made in the last 5 years should be more than suffice for emails, word processing, basic programming etc...

What is the reason that the tech people are telling you?
Expand...
IDK. We are meeting another on Tuesday. I will try to find out
 
The main reason is to ensure appropriate cyber security and management of end user devices used to access company data / systems that contain sensitive information, which could be breached or exfiltrated if appropriate security controls are not in place. This is difficult to govern if people are using different devices and there's no centralized security protocol in place [this is often coordinated by IT].

One approach is to standardize equipment. Company issued laptops / desktop computers can be configured by IT with the same security software -- such as anti-malware protection, and any other tools you have in place [IDS, IPS, etc.]. These protections can be configured and changed to ensure consistency, and then "pushed" to users to ensure that the appropriate security is in place. It's also easier to coordinate changes, to implement new protections, etc. which can then be adjusted once and applied to all end users instead of having to do this individually 10, 20 or how ever many times on everyone's different device. Standardization also makes it easier to deliver ongoing support and maintenance.

Of course, you can also do this if everyone has different devices, but this makes the entire process more complex. If one person has an HP [Windows] and another is using a Mac, you might need different versions of the same security software to accommodate both platforms. The configurations will be different. And of course, if your users are essentially bringing their own devices to the job and IT has a laissez faire approach, then it is difficult to ensure that security best practices are being followed.

It also enhances the exposure risk for sensitive data -- for example, if someone is using a personal laptop to access your firm's data, and their wife or kid also uses the laptop, they may [inadvertently] gain access to files, data, records, etc. that they shouldn't see. Or if users are downloading documentation to their individual devices, the sensitive information has now passed outside of your organization's control and is at risk if others access the device, or if the device is lost / stolen.

This isn't an insurmountable issue. Lots of companies don't use standardized devices, it just makes it a lot more difficult to ensure that security is in place and being followed. If you leave it up to the end users, then the exposure risk goes up considerably. But you can partially offset that by requiring users to VPN into your network [just an example], which means that they can only connect and access systems and data by a secure log in. It could also be configured to prevent downloading of records -- so in practice only authorized users would be able to log in and get to the data.

This is already longer than I intended, so to sum up it comes down to how much security do you want to have in place, and whether you want to centrally manage the security or leave it up to the users and cross your fingers. Security can be implemented no matter which option you select, but your company will have a lot more control, consistency, and lower costs if you orchestrate it on behalf of the users, instead of leaving it up to them.
 
Last edited:
RF2044 said:
The main reason is to ensure appropriate cyber security and management of end user devices that are used to access company data / systems that contain sensitive information that could be breached or exfiltrated if appropriate security controls are not in place. That is difficult to govern if people are using different devices and there's no centralized security protocol in place [this is often centrally coordinated by IT].

One approach is to standardize equipment. Company issued laptops / desktop computers can be configured by IT with the same security software -- such as anti-malware protection, and any other tools you have in place [IDS, IPS, etc.]. These protections can be configured and changed to ensure consistency, and then "pushed" to users to ensure that the appropriate security is in place. It's also easier to coordinate changes, to implement new protections, etc. which can then be adjusted once and applied to all end users instead of having to do this individually 10, 20 or how ever many times on everyone's different device. Standardization also makes it easier to deliver ongoing support and maintenance.

Of course, you can also do this if everyone has different devices, but this makes the entire process more complex. If one person has an HP [Windows] and another is using a Mac, you might need different versions of the same security software to accommodate both platforms. The configurations will be different. And of course, if your users are essentially bringing their own devices to the job and IT has a laissez faire approach, then it is difficult to ensure that security best practices are being followed.

It also enhances the exposure risk for sensitive data -- for example, if someone is using a personal laptop to access your firm's data, and their wife or kid also uses the laptop, they may [inadvertently] gain access to files, data, records, etc. that they shouldn't see. Or if users are downloading documentation to their individual devices, the sensitive information has now passed outside of your organization's control and is at risk if others access the device, or if the device is lost / stolen.

This isn't an insurmountable issue. Lots of companies don't use standardized devices, it just makes it a lot more difficult to ensure that security is in place and being followed. If you leave it up to the end users, then the exposure risk goes up considerably. But you can partially offset that by requiring users to VPN into your network [just an example], which means that they can only connect and access systems and data by a secure log in. It could also be configured to prevent downloading of records -- so in practice only authorized users would be able to log in and get to the data.

This is already longer than I intended, so to sum up it comes down to how much security do you want to have in place, and whether you want to centrally manage the security or leave it up to the users and cross your fingers. Security can be implemented no matter which option you select, but your company will have a lot more control, consistency, and lower costs if you orchestrate it on behalf of the users, instead of leaving it up to them.
Expand...
Lots of great nuggets in that post. I'm not anywhere near a geek but my wife works for a very large health care system and on her work laptop for her to use it at home she has to log into several portals to be able to access what she needs. It's not a case of just turning it on and she is up and running which is what I was able to do with my less sensitive work stuff that I could access on my phone with a simple log in and password that just needed changing every 90 days.
 
RF2044 said:
The main reason is to ensure appropriate cyber security and management of end user devices used to access company data / systems that contain sensitive information, which could be breached or exfiltrated if appropriate security controls are not in place. This is difficult to govern if people are using different devices and there's no centralized security protocol in place [this is often coordinated by IT].

One approach is to standardize equipment. Company issued laptops / desktop computers can be configured by IT with the same security software -- such as anti-malware protection, and any other tools you have in place [IDS, IPS, etc.]. These protections can be configured and changed to ensure consistency, and then "pushed" to users to ensure that the appropriate security is in place. It's also easier to coordinate changes, to implement new protections, etc. which can then be adjusted once and applied to all end users instead of having to do this individually 10, 20 or how ever many times on everyone's different device. Standardization also makes it easier to deliver ongoing support and maintenance.

Of course, you can also do this if everyone has different devices, but this makes the entire process more complex. If one person has an HP [Windows] and another is using a Mac, you might need different versions of the same security software to accommodate both platforms. The configurations will be different. And of course, if your users are essentially bringing their own devices to the job and IT has a laissez faire approach, then it is difficult to ensure that security best practices are being followed.

It also enhances the exposure risk for sensitive data -- for example, if someone is using a personal laptop to access your firm's data, and their wife or kid also uses the laptop, they may [inadvertently] gain access to files, data, records, etc. that they shouldn't see. Or if users are downloading documentation to their individual devices, the sensitive information has now passed outside of your organization's control and is at risk if others access the device, or if the device is lost / stolen.

This isn't an insurmountable issue. Lots of companies don't use standardized devices, it just makes it a lot more difficult to ensure that security is in place and being followed. If you leave it up to the end users, then the exposure risk goes up considerably. But you can partially offset that by requiring users to VPN into your network [just an example], which means that they can only connect and access systems and data by a secure log in. It could also be configured to prevent downloading of records -- so in practice only authorized users would be able to log in and get to the data.

This is already longer than I intended, so to sum up it comes down to how much security do you want to have in place, and whether you want to centrally manage the security or leave it up to the users and cross your fingers. Security can be implemented no matter which option you select, but your company will have a lot more control, consistency, and lower costs if you orchestrate it on behalf of the users, instead of leaving it up to them.
Expand...
+1 to this. If it is a matter of standardizing/control, then that's one thing (and it makes sense).

@RF2044 seems to be your go to for this.
 
as people have said.. so many pieces to the puzzle. if you allow people to access you data from a variety of devices/platforms. How do you control security/backups/software installs.

much like some apps work on some versions of windows and some websites work best on some browsers. Also when you allow people to use personal machines to work with data locally you have an exposure on how well they control their own box from being compromised. Most businesses run software to look for issues on business machines but very hard to do if people own their own.
 
You must log in or register to reply here.

Similar threads

SWC75
    • Like
The Coach Adrian Autry Show - before Clemson 1
Replies
3
Views
725
kcsu
kcsu
SWC75
    • Like
The Adrian Autry Show - before Georgia Tech
Replies
2
Views
739
stlorange
S
SWC75
    • Like
The last Adrian Autry Show of the season
Replies
3
Views
772
baggerbob
B
SWC75
    • Like
NCAA Seed Stats - through 2023
Replies
5
Views
2K
SWC75
SWC75

Forum statistics

Threads
167,682
Messages
4,720,546
Members
5,915
Latest member
vegasnick

Share this page

Online statistics

Members online
225
Guests online
1,400
Total visitors
1,625
Totals may include hidden visitors.


Top Bottom