| |
| ▲ | lijok 2 hours ago | parent | next [-] | | Personal machine as in a machine that you use for anything other than work for that particular client. The same goes for putting anything personal on a company issued device, such as signing into your private email. It is a problem in all circumstances. The problems may not always manifest, but if they do, you’ll be in deep trouble. Problems range from the mild; company has mandatory tooling that takes control of your machine. To the extreme; offices get raided and equipment seized indiscriminately. General assertions are fine. The exercise of whether to follow them up with research is left as an exercise to the reader. | |
| ▲ | Sardtok 2 hours ago | parent | prev | next [-] | | Mixing personal and work data in the same directories on disk can be an issue. Requires extra work to cleanly separate private stuff and confidential work stuff. | | |
| ▲ | necovek 2 hours ago | parent [-] | | This is still very general, and in opposition to the previous advice. A solution to this seems to be "use separate directories", not "use separate machines". | | |
| ▲ | sshine 2 hours ago | parent [-] | | Using separate directories does not guarantee proper deletion. | | |
| ▲ | necovek 2 hours ago | parent [-] | | Using separate laptops does not guarantee proper deletion. Not sure what your point is? (Contractual terms between an employee/contractor and employer/company is what ensures there is no abuse for the most part) | | |
| ▲ | sshine 2 hours ago | parent [-] | | I should say: Using separate directories makes improper deletion likely. Using separate computers with full-disk encryption and shredding procedures makes proper deletion a happy path. It's not that you cannot properly isolate environments on a single computer. It's that a single computer is, unless you're a Qubes/BSD/Hypervisor fanatic, not very isolated at all. So if/when your personal computer gets compromised because of a browser zero-day, your work's intellectual property is potentially compromised. When you combine that with likely not deleting files properly (or at all), the window of opportunity for IP theft is much bigger. When you further add the complete unlikeliness that former employees/contractors will report that their personal computers were compromised after having neglected to properly purge your intellectual property, the case for buying your employees/contractors dedicated machinery becomes a no-brainer. Simply from a corporate risk perspective. It's not a practical problem, but a principal + legal problem. | | |
| ▲ | necovek an hour ago | parent [-] | | I fully agree it's a legal problem, which is what my point was from the beginning — depending on the circumstances, it might apply to you or not. Companies both have to have a set of "processes" in place for legal/compliance reasons, and an employee is liable if they do something that's outside the recommended practice (like using a personal device when forbidden by such policies). Still, the focus should be on liability and ensuring compliance with legal terms, and an employee needs to make sure they do that. In some cases, that's easier done with a separate computer. In others (when there is no direct spelled-out requirement), downsides of using a separate device outweight the benefits of making compliance with legal terms easier. As a side note, a browser zero-day is probably even more likely to target work computers, so that example is pretty bad — company data remaining on personal devices by accident is where the problem really is. |
|
|
|
|
| |
| ▲ | sshine 2 hours ago | parent | prev | next [-] | | > Care to elaborate in what circumstances is using a "personal machine for work" a problem and why? When you stop working for an employer/customer and you are legally required to purge all files. Having everything work-related on a dedicated machine makes purging all files very easy. Not having everything work-related on a dedicated machine makes purging all files questionable. | | |
| ▲ | 11 minutes ago | parent | next [-] | | [deleted] | |
| ▲ | necovek 2 hours ago | parent | prev [-] | | Ok, so one circumstance is when there is a "legal requirement to purge all files". That's certainly not "always" and not always as hard: one of my jobs was at an open source company, and there are plenty of those to go around these days; as a consultant, you may start with some base work to build off of that you keep the rights to as well... This also assumes you never-ever used a personal device to access any of them either (they might be in caches or Trash/Recycle Bin) — and I agree that to satisfy such a legal requirement, you probably don't want to be using a personal device to access them at all. Keeping things separate has some upsides, but also some downsides (multiple devices to lug around) — depending on their situation, everybody should choose their own compromise (granted, some engagement contracts will make that choice for you). | | |
| ▲ | sshine 2 hours ago | parent [-] | | I've personally come to be very happy with hardware isolation as a method of mental compartmentalization. E.g. choice of computer dictates choice of activity, I won't accidentally work on something when I'm not supposed to. I've had paid-for open source gigs, and I have a bunch of open source work spread out on a bunch of machines. Downsides are: - The bag gets heavy when I have multiple events for separate customers/events on the same day
- For stuff that is shared between computers (e.g. open source projects), I can forget to git push
I've tried to put my machines on the same VPN for some convenience wrt. file sync.Fortunately, the most locked off machines never need for other computers to connect to them. And yes, this came as a customer requirement, but I've decided to grow with the choice. I don't trust process isolation on a single computer very much. |
|
| |
| ▲ | kroltan 2 hours ago | parent | prev [-] | | - Endpoint monitoring software may compromise more than it strictly needs to; - If you're a contractor, risk of leaking other clients' assets (running `tree` in the wrong folder while screensharing or more subtle variations); - Shredder policy, done with the work = destroy hardware (though I don't think companies with shredder policy would incentivise personal laptops, you never know) | | |
| ▲ | necovek 2 hours ago | parent [-] | | If it's a personal laptop, I would assume there is no "endpoint monitoring software" installed. When it comes to "assets", companies make a big fuss about leaking them, but in reality, it's totally irrelevant. I.e. witness Windows OS source code being leaked: Microsoft wasn't affected at all. Leaking short/mid-term plans would probably have a bigger effect (abuse on the stock market, beating a competitor to the market on their big bet...). | | |
| ▲ | lijok 2 hours ago | parent [-] | | > When it comes to "assets", companies make a big fuss about leaking them, but in reality, it's totally irrelevant There’s no milder way to put this; you’re delusional. | | |
| ▲ | necovek 2 hours ago | parent [-] | | There are certainly "milder ways" to put it, but the tone one uses is certainly on the author. For example, please let me know of any one's company leaked source code and how someone has used that to their advantage and become amazingly successful in the same market? | | |
| ▲ | lijok 2 hours ago | parent [-] | | What does this have to do with work device management? Are you seriously suggesting using a personal device for work, despite the asset leakage risk, and relying on "it doesn't matter" as recourse if that risk were to materialize? |
|
|
|
|
|
