Hacker News new | past | comments | ask | show | jobs | submit login

Enforcing/auditing sane security settings on the device.

Very much required for compliance, zero trust, protection of IP, and foundational to a reasonable security plan.




I think I added #4 after your comment. Which is essentially my response. It seems like a very weak measure, at the cost of privacy considering it's the worker's personal device... If our solution is to require separate devices anyway, then spyware seems like a waste of time, they should be providing secured hardware/OS.

On second thought, this _is_ the answer... they are making a compromise on security, it's an economic decision. Maybe it makes sense from a business perspective: check some boxes, get a bit of security (not much) for almost nothing - but as you can probably tell, I think it's both pretentious and disrespectful.


The ship has totally sailed on whether it's a best practice to instrument machines employees use to conduct work, in the name of compliance and security. That's an utterly standard control, and unless you have a remarkably potent new argument against doing so, arguing that companies shouldn't do this sort of thing is kind of uninteresting. If anything, the prevailing sentiment (for better or worse, mostly worse) is that companies should be doing more of this, not less.


Yes, it's definitely a economic decision. They're going to run this type of software on their own fleet and want it on everything connecting to the network. If you're willing to run it on your own device that saves them the hardware cost.

That said, a lot of users _want_ to use their own devices (maybe they have better equipment, maybe it's less locked down, maybe they don't want duplicates). It's not sane for the business to allow a device that is more likely to be compromised and/or have poor security hygiene on the network.

I'm a fan of privacy but... At least on my team, we're definitely not spying on you, we're making sure you have a password, encryption, antivirus, and updates installed before you can connect to resources. It's shocking how many people don't have authentication enabled and run as root, if they have a choice, on their home system. That said - we could flip switches and do a lot more spying if it was mandated :/


Why don’t you write an opensource “agent” then, with no remote code execution capability? I doubt people would mind running some opensource bash script that hardens their devices.

Anything but this, and it’s clear you’re just evil.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: