Is there any infrastructure out there to limit or securely monitor what apps or features are enabled on company/institution mobile devices? Or are we for the most part in a "we expect you not to do this or that" era?
I used to work for a small institution a while back (not USA), they used a Word file of approved apps, authored by a non-IT employee. Their whole idea of InfoSec was equivalent to taping a water balloon to a steering wheel and calling it an airbag. Can't imagine the situation is much better in most other places. Scary really.
Any serious corp will have some kind of MDM deployed: https://en.wikipedia.org/wiki/Mobile_device_management This can be used for various purposes - making a list of allowed apps, restricting internet / configuring VPN, enforcing auth methods, remote wiping the device, etc.
I used to work for a small institution a while back (not USA), they used a Word file of approved apps, authored by a non-IT employee. Their whole idea of InfoSec was equivalent to taping a water balloon to a steering wheel and calling it an airbag. Can't imagine the situation is much better in most other places. Scary really.