Enterprises should keep an eye on managing smart-phone security in preparation for the arrival of the new iPhone.
With the new version of Apple's iPhone on the way, enterprises need to be
ready to deal with the security implications of employees' smart phones.
Whether IT organizations are ready or not, smart phones are a reality for
enterprises. Gartner analysts predicted in a January report that smart-phone
sales will reach about 173 million in 2008, a jump of 42 percent from last
year. The iPhone 3G, slated to be available July 11, is Apple's latest attempt
to capitalize on consumers' desire for Internet-enabled phones with more and
But with adoption of these devices increasing, organizations need to assess
their policies to control any potential threat to corporate data. For Rob
Israel, CIO of John C. Lincoln Health
Network, in Phoenix, that means
allowing only BlackBerry and GoodLink devices on the network.
"We like those because of the encryption capabilities as well as the
ability to wipe them remotely if anything happens," Israel
said. "We don't allow smart phones to sync to our network and actually
upload or download any information besides e-mail, calendaring and stuff like
that. We don't allow smart phones to be used to store clinical information or
full patient information."
The policy, although not technically part of HIPAA (Health Insurance
Portability and Accountability Act), is based off those guidelines to address
concerns about data loss and inappropriate use of the devices, he said.
As in all things security, a policy is only as effective as users' adherence
to it. IT organizations need to make sure mobile device security is automatic
and persistent, said Dan Dearing, vice president of marketing and product
management for Trust Digital.
"Data encryption should not require special behavior by the user, such
as placing sensitive data in special folders," Dearing said. "Many
users of smart phones are technically savvy enough to skirt around IT policies
by hard-resetting a device and removing the security software. The low cost of
the smart phone also makes it easy for users to replace a standard-issue or
lost smart phone with a new device and merely self-configure the device to sync
with IT servers."