But ohhhh how I wanted an iPhone :( I would drool with envy when I saw all the apps my friends had on their phones, and the usability of the thing. Why don't more corporations use Androids and iPhones? (ironically enough Symantec started allowing iPhones right before I left, figures)
It seems I am not the only one who feels the same way. In a report released by ComputerWorld, half of the workers surveyed (only 500 total, not a large sampling) would prefer the choice of mobile devices to be used for work. Some were even willing to give up some perks including -gasp- paid leave days.
So now the question remains, why can't we? Are Blackberries more secure than the other two? Everyone remembers last year the big to-do in the Middle East, with countries like the UAE and Saudi Arabia banning the devices because messages are encrypted and sent to RIM. Read: They want the keys so they can be on the look out for terrorists and other nefarious actors. Blackberry also allows certain functions to be disabled when dealing with corporate phones. For example I was not allowed to post pictures on FB (however I could go thru the web rather than the app to circumvent that issue). Can the same be done on the other platforms? Like a ACL for mobile devices?
The apps though allowed by the other two devices are astonishing, and really could help in increasing the efficiency of the worker. Apps which aid in PowerPoint presentations, brainstorming, chatting, blogging, etc are astounding. Apple also offers in the US something called the App Store Volume Purchasing for Business. With this companies can buy in bulk applications they want their employees to use, thereby gently steering them towards work-friendly and approved apps. They also offer getting custom apps built for your company which can link to back-end business databases to further empower the mobile workers. Neat.
How about Android? It seems like Android has a ways to go in terms of business applications, although there are a few handy ones around. I would not call them 'business focused' as a lot of them I thought would be great for personal use, especially keyring.
How about security? Iphones are of course a serious market to hackers (I even blogged about one earlier this month) due to their popularity. If a corporate iphone is popped, what threat is there to the corporate backend? I suppose it depends on what is stored on the iPhone (username/passwords/IP addresses/corporate files) It is possible to run metasploit and nmap on the jailbroken iOS...
Android also seems to have its share of nefarious woes, especially with nasty apps. This shows all phone makers the need for a robust filtering process when allowing apps to be sold on the official phone application store. If you jail break it... well its kinda your own fault for just blindly trusting. Of course don't we do that all the time? Oh man such a condundrum!
McAfee offers some protection for Andriod and Apple mobile users via its Mobile Security Division. This is what $30/year gets you:
- Backup and data restoration;
- Remote locking;
- Alarms in case a device is stolen;
- Remote data removal;
- Anti-malware software and phishing detection;
- A portal to manage multiple devices.
Hey-- yeah Blackberry, what about them? A quick perusal did not reveal too much, however I know the golden egg would be hacking the BES (Blackberry Enterprise Server). This one was disclosed earlier this month. That is not to say the device itself is a bastion... here is the vulnerability that was used at Pwn2Own earlier this year.
I think limiting phones comes down to money and streamlining. Tying users to one phone type means less headaches to the IT staff and much easier to manage. Regardless, steps need to be taken to protect the devices and the servers behind them to ensure they are as secure as they can reasonably be. At the end of the day, its a corporate device-- if you don't like it I guess you gotta get your own phone. And don't connect it to the work network-- for the love of God.
1 comment:
Exchange (which frankly a large majority of commercial organisations use - and rightly so, in terms of flexibility, feature set/completeness, performance, desktop client quality etc) yields a lot of administrative level controls on functionality (disable cameras, bluetooth, wifi, etc) which can be delivered as policy on a per user basis in an AD domain and add the all important ability to remote wipe a lost or stolen device. It's probably not on the same level of granularity that BES offers, but then it's also not an £x000 additional licence on top of your mail infrastructure cost, either (I'm assuming that BES still has a silly price tag attached to it).
Obviously, there's not a lot that can be done if the device never manages to phone home to trigger the wipe before it's 'taken apart' but that's what whole-device encryption is for. Unfortunately Android (as of 2.3, which it was hoped would contain it but did not at release) doesn't have support for whole-device encryption which means that if you're using the vanilla android distro you're SOL if your corp policy mandates this functionality and you instead have to rely on Touchdown which partitions off your exchange contacts, calendar, and mail into a non-native environment which is - frankly - somewhat hateful - but allows for that container to be encrypted on the device.
Dangerously, certain vendor 'adjustments' - as made by the good people at HTC for example - spoof the support of device-level encryption to allow users to connect their devices to their corporate mail which mandates that functionality when in fact doing nothing of the sort, leading to a number of organisations (particularly those working in the medical sector where patient confidentiality is so important) having to wholesale ban Android devices until there is proper support introduced upstream.
Post a Comment