Wednesday, August 22, 2007

iPhone insecurity hype

Leave it to a new technology for chicken-little "analysts" to begin crying that the sky is falling.

What are the "problems" these analysts cite?
  • "no thought to enterprise security"
  • "may allow hackers to pilfer private data stored on or sent from iPhones"
  • "iPhones are unlikely to have a remote "lock and wipe" function that erases the device's data in the event that it's lost"
  • "iPhone's "closed" operating system makes it impossible to install protection software" (like antivirus)
So, iPhone is not a Blackberry.  And Blackberries, with the BES server, have some great enterprise class features.  But does the lack of some of those features mean the iPhone is a "security nightmare"?  That is just rhetorical hyperbole IMO.

And then there's Gartner:
"We're telling IT executives to not support it because Apple has no
intentions of supporting (iPhone use in) the enterprise," Gartner
analyst Ken Dulaney says. "This is basically a cellular iPod with some
other capabilities and it's important that it be recognized as such."
Sage advice from an IT support standpoint.  But do we all need to start battling with executives over them using iPhones as the next network security scourge?  Probably not.  Most iPhones are likely to be used to synchronize data to a PC.  Assuming you have adequate protection on your desktops and network from viruses, the risk is no different from iPods or any other device someone decides to plug into their laptop and sync data (contacts or calendar).  So, this is not a new risk.

There are certainly going to be some data loss risks with the iPhone, but those are not necessarily new to the iPhone.  There are many other devices people can hook up that perform similar functions and can hold enterprise data that also don't support centralized control.  You should design your security controls with that reality in mind so you don't have to say the sky is falling with every new device out there.  There are solutions to lock down USB ports with policy if you so choose, for example.

Analysts: iPhone Has Neither Security nor Relevance


1 comment: