When Brenton Hush, CIO of HSBC Australia, let slip that his team was reviewing the Apple iPhone as a potential replacement for the multitudinous BlackBerrys that are deployed worldwide at the world’s largest bank, a bead of sweat must have appeared on the forehead of Research in Motion CEO at its
If such an option was acted upon (and HSBC has since said, “It’s simply not going to happen”) it would be an indication that HSBC wants to join an elite group of early adopters who are taking advantage of the mobile Internet applications that such devices support today and the thousands that will be available in the future. It would also suggest that the company wants to recruit and engage with the Net Generation, those aged 30 and under who see mobile email (and indeed email per se) as pointlessly asynchronous.
But iPhones and other Internet phones such as the Samsung Omnia and the LG Vu also represent a looming security threat. The BlackBerry has hundreds of configurable security policies – the iPhone has two. As our cover story this month highlights, the new wave of Internet phones that are going to become part of the workplace need to managed, secured and controlled just as much as any corporate laptop or PC.
The potential risks are threefold – firstly, the amount of storage on these devices is beginning to rival that of a small PC. Given the kinds of data being stored – sensitive documents, spreadsheets, presentations – such devices can quickly become a headline-grabbing liability if lost or stolen.
Secondly, many smart phones have few of the defences against rogue networks that years of trench warfare on the Net have given PCs. There is little to stop a miscreant in an airport with a WiFi router, a packet sniffer and an ounce of cunning from harvesting data to their heart’s content.
Encryption may counter some of those threats, but users of Internet phones are already running shy from it because mobile encryption cannibalises precious battery life.
Finally, the rise of home-grown and unsupported applications available for mobile platforms could herald the arrival of a new wave of malware, preying on the vulnerabilities of the most popular apps.
Many IT managers have stories from the early days of WiFi and the discovery that the mysterious wireless signal broadcasting the corporate network was emanating from a £30 router plugged into a socket under the CEO’s desk. This first generation of Internet phones looks set to put similar pressure on IT departments, who are faced with the unenviable choice of banning the devices or finding the means of locking them down. Leaving a gaping hole in corporate data security is not an option.
As Dave Hansen, former CIO of Computer Associates, tells us, “being able to watch video sideways is not a compelling argument” for corporate mobile Internet capabilities. No matter how cool the viewer looks.
Is the new wave of Internet-connected mobile devices carving out a gaping hole in enterprise security?