Risky Internet Links
"Because the phone sits in a closed environment, its uniquely different from PCs attached to the generic Internet," Dulaney said. "By definition it has security advantages a generic PC wouldnt have." That said, the smart phone can expose itself to the risky Internet through, for example, browsing, Dulaney said, and lacks a firewall.Nonetheless, executives will "no doubt" bring the phones into their organizations, he said. Recognizing that inevitability, Gartner is reiterating to its clients its recommended three-level support policy: Platform, Appliance and Concierge. At the Platform level of support, an organizations IT group selects a device because its characteristics meet enterprise security policies. At the Appliance level of support, IT permits some degree of choice to its end users: IT asks users to narrow the functionality they deploy on a given devicesay, limiting their use to browsing. In return they get more support. Read more here about the hurdles the iPhone faces in infiltrating the enterprise. If forced by executives to support the iPhone, Gartner suggests slotting the device under a Concierge level, where security is offered at a high price. In this level of support, an organization would apply bodies to the problem. If an executive insists on being supported with some device, the only thing the enterprise can do to safeguard its data assets is to hire college kids to look after the device. If its lost, a college kid would do nothing but try to find out where it is and to prevent loss of data, Dulaney said. Given that higher-level executives are the ones who can demand IT support, the risk of exposure is that much higher, he pointed outi.e., a lost iPhone could very well have, for example, a companys financials on it. Mac OS X fans point to the fact that the operating system, considered by many to be far more secure than Windows, will ensure that the iPhone is secure. At this point, however, nobody knows what features have been removed from Mac OS X to fit it into a smart phone form factor. "To take a big operating system and shrink it down to a phone is a serious technical challenge, I dont care who you are," Dulaney said. "Who knows what Apples done here." For example, Apple could have gotten the operating system from a third party and just called it OS X, Dulaney said. An example is Java for servers and Java for phones; theyre both called Java but theyre "very different," Dulaney said. For all we know, Apple could have started from scratch to write the operating system for the iPhone, in spite of calling it Mac OS X. One indication that the operating system of the iPhone and the Mac desktop are sitting on different code bases is their UIs; each is very different from the other. "Its hard to say how much they put in there," vis-à-vis security, Dulaney said. Windows Mobile is another example of a mobile operating system being quite different from the desktop operating system from which it descended. The APIs between the UI on Windows for the desktop and Windows Mobile are common, but thats all the two share, Dulaney said. "[Microsoft calls] them both Windows, but they share very little in common," he said. Next Page: Microsoft answers security quiz.
The iPhone likely isnt going to have enterprise-class security anytime soon, either. Dulaney talked to Apple last week and said that he came away with the impression that the company isnt interested in selling to that audience; rather, its fixated on selling the iPhone to consumers.