This is Brian Prince at eWeek. Does your organization do a good job of managing smart phone security?

My CIO doesn't use a smartphone: wants his phone as small as possible and doesn't see the need; can't quite accept that some of us want/need 24/7 access. Thus IT has no resourece or plan to manage smartphones, people just go out & do their own thing. My Treo is set up by me, so no push, only downloads when I want it to. I added my own "turn it into a brick" software. (The IT professionals think the CIO is the ostrich; some professionals are focused on the issue of customer service.)

SmartPhones are as secure as you allow them to be. With Exchange 2003 and Windows Mobile 5.0 you have the ability to require a pin, remotely wipe a smartphone, and only permit push email. That is that the Exchange Server when contacted by a smartphone will use the credentials to confirm the user and will then using push will send emails to the smartphone. The smartphone uses a SSL connection (port 443) to establish an initial session to make the server aware that the phone is available for push email. This is assuming that you use an SSL certificate. Unlike a BlackBerry or other devices that continously submit your network credentials to the server. If you don't have a BES server then you are allowing your corporate email to be stored on RIMs servers in Canada. That's not a great business decision.

Bottom line, Smartphones if deployed correctly are actually more secure than your non-microsoft devices.

RM, CISSP, CAP, CHS-III

It is the servers running Microsoft that have the security problems. If MS can not fix home versions of Windows so they can't be attacked by all kinds of malware, how could MS fix server software.

So what it it requires some passwords or other identity checks if there is a virus on the server that is ready to pounce?

I will never trust any MS OS until it's 100% Linux, and then it better be 100% free!

I rate this story's topic 6.2 on the FUD scale!

Security concerns are not any different than any other new SmartPhone, and are actually less for the phone with the remote-wipe capabilities.

-- IG

I agree with the FUD rating of 6.2 (or higher). Nothing new or more insecure about the iPhone specifically has been described - contrary to the title "New iPhone Raises Smart Phone Security Concerns". If anything, the impression I got from the actual contents of the article is that the iPhone is better at security because of signed certificates that can be revoked.

The title of the item caught my eye, the content of the item caught nothing. No-wheres in the content did I see anything that indicated the new iPhone was less secure than it's predecessor or most of it's competitors. Kindest phrase that comes to mind is "bait and switch".