F-Secure's vice-president, Maria Nordgren, is warning that Siri is a security nightmare and she's dead on. Siri doesn't store things "locally", but rather communicates with the Apple servers in Oregon. And let's take it a step further. Users who are allowed to use their personal devices at work could very well be a company's biggest security headache. IT departments cave to the wishes of CEOs and users and allow the latest gadgets on their networks. These users start working with company data on their personal devices, which normally aren't watched like company assets are watched. Sure, the company may have a policy of "no official business" on BYOD devices, but do you honestly think users follow it? Hell no! It's too convenient to copy information to the device so they can work at home. Of course, IT security has never been given the teeth to enforce policy, which is basically the root of the problem. In essence, if the CEO wants it, the CEO gets it, regardless of the impact on the company. And IT and the security folks are told to "make it work" even if the end result is detrimental to the security of the organization. From a security standpoint, especially for those companies that have sensitive information that competitors would love to get their hands on, BYOD shouldn't even be a consideration. If mobility is a requirement, the company needs to purchase the devices and set up the policies and restrictions that would allow them to be used as securely as possible. CEOs who push for a BYOD solution should be hauled before the board and be forced to explain why they feel corporate security should take a back seat to saving a buck. Because that's exactly what it boils down to. Let the worker pay for their own device instead of doing it right and purchasing a solution that works for the company, including setting the security options that work best for the corporation. Because we all know, users would never, ever compromise the security of a company. Right?
Holy crap! Here's an agency that falls under the HIPAA rules and they're allowing BYOD?!!!!! What on EARTH are they thinking?!
It's a governmental department in California. I expected no less. I work under HIPAA and the number of different logins and passwords I have to go through to get to customer data is enough to drive you to tears. Our IT people are on us like white on rice. They have recently started a program where they scan your company laptop for "non-approved software" like Firefox. If they find it, they pull it off and put your tit through the ringer for it.
Interesting piece on the coming end of the Blackberry in DC. http://mashable.com/2012/07/06/blackberry-washington-dc-government/ http://www.google.com/enterprise/apps/government/
Android makes sense for government issue, especially since the NSA is working on a hardened version. As a BYOD? Nope. If I were in an IT position within the government, I'd be screaming bloody blue murder if anyone even thought about the idea.
While the article itself doesn't deal with BYOD, there's a paragraph that should cause all CEOs to develop instant ulcers. Sorry. Countless idiots ignore corporate policy because they feel it's "their" device and they can do whatever they want on it.
This is why there's a quarterly test you have to take, sign millions of papers when you work for a firm like mine. They protect themselves via other means.
