Computer Security: Professional access to private devices

Today’s buzzword, “bring your own device” (BYOD) – i.e. the possibility of bringing your own tablet, laptop or smartphone to work – has long been established practice at CERN. The nature of our community, the comings and goings, new arrivals and departures on a daily basis, researchers from abroad, students, teachers and lecturers, requires flexibility in device provisioning. While CERN’s IT department supports centrally managed Windows laptops and PCs as well as centrally managed solutions for Linux systems, it is an unsurmountable challenge for them to provide any flavour of operating system for any type of hardware in any kind of language. But BYOD does not mean that you can do whatever you want…

Once you are connected to CERN’s wired or wireless networks, you are bound by CERN’s Computing Rules (also known as CERN’s Operational Circular No. 5) which requires you to always keep your system up-to-date, fully patched and protected against unauthorised access. In addition, the personal use of CERN’s computing facilities, i.e. its network, is regulated, must be limited in terms of resource consumption, and must not be detrimental to your official duties, constitute political, commercial or profit-making activity, or be inappropriate, offensive or illegal. While the CERN Computer Security Team is mandated to enforce the CERN Computing Rules and therefore automatically monitors all activity on its networks (see our Bulletin article on “Transparency for your privacy“), CERN also values your privacy (“Your privacy at CERN matters“) as governed by the office of data privacy protection.

Your personal device is yours and only yours. Neither your supervisor, line management or hierarchy, nor IT desktop support, ServiceDesk or local support personnel have the means to access your computer without your consent. If they do need to access your device, e.g. to help you to resolve computer issues, to install software or for any other reason, they should ask for your consent. The consent requirement also holds true for the CERN Computer Security Team. If this consent cannot be obtained, access is still possible with the explicit authorisation of the DG in accordance with CERN’s policy on “third-party access to users’ accounts and data“. Your collaboration, however, is always appreciated to allow us to resolve and follow up on computer security incidents or to carry out fraud investigations.

/Public Release. The material in this public release comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.