Risky Internet Links

By Lisa Vaas  |  Posted 2007-06-22 Print this article Print

"Because the phone sits in a closed environment, its uniquely different from PCs attached to the generic Internet," Dulaney said. "By definition it has security advantages a generic PC wouldnt have." That said, the smart phone can expose itself to the risky Internet through, for example, browsing, Dulaney said, and lacks a firewall.
The iPhone likely isnt going to have enterprise-class security anytime soon, either. Dulaney talked to Apple last week and said that he came away with the impression that the company isnt interested in selling to that audience; rather, its fixated on selling the iPhone to consumers.
Nonetheless, executives will "no doubt" bring the phones into their organizations, he said. Recognizing that inevitability, Gartner is reiterating to its clients its recommended three-level support policy: Platform, Appliance and Concierge. At the Platform level of support, an organizations IT group selects a device because its characteristics meet enterprise security policies. At the Appliance level of support, IT permits some degree of choice to its end users: IT asks users to narrow the functionality they deploy on a given device—say, limiting their use to browsing. In return they get more support. Read more here about the hurdles the iPhone faces in infiltrating the enterprise. If forced by executives to support the iPhone, Gartner suggests slotting the device under a Concierge level, where security is offered at a high price. In this level of support, an organization would apply bodies to the problem. If an executive insists on being supported with some device, the only thing the enterprise can do to safeguard its data assets is to hire college kids to look after the device. If its lost, a college kid would do nothing but try to find out where it is and to prevent loss of data, Dulaney said. Given that higher-level executives are the ones who can demand IT support, the risk of exposure is that much higher, he pointed out—i.e., a lost iPhone could very well have, for example, a companys financials on it. Mac OS X fans point to the fact that the operating system, considered by many to be far more secure than Windows, will ensure that the iPhone is secure. At this point, however, nobody knows what features have been removed from Mac OS X to fit it into a smart phone form factor. "To take a big operating system and shrink it down to a phone is a serious technical challenge, I dont care who you are," Dulaney said. "Who knows what Apples done here." For example, Apple could have gotten the operating system from a third party and just called it OS X, Dulaney said. An example is Java for servers and Java for phones; theyre both called Java but theyre "very different," Dulaney said. For all we know, Apple could have started from scratch to write the operating system for the iPhone, in spite of calling it Mac OS X. One indication that the operating system of the iPhone and the Mac desktop are sitting on different code bases is their UIs; each is very different from the other. "Its hard to say how much they put in there," vis-à-vis security, Dulaney said. Windows Mobile is another example of a mobile operating system being quite different from the desktop operating system from which it descended. The APIs between the UI on Windows for the desktop and Windows Mobile are common, but thats all the two share, Dulaney said. "[Microsoft calls] them both Windows, but they share very little in common," he said. Next Page: Microsoft answers security quiz.

Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel