Pandora’s IPhone

A few years ago, the pressure was to allow iPhone access to corporate EMAIL.  In spite of security concerns, no one could resist the latest toys.  We re-implmented a Good server (left over from the Treo days) to allow iOS access in a semi-secure fashion.  Now a year later many companies are considering allowing personal iOS devices access to corporate e-mail.  The iPhone it is a very expensive device.  Many users already have their own phone and don’t like carrying two.  It is no surprise then when management wants to allow personal iOS devices.  This shifts the cost to the employee while allowing to any employee willing to foot the bill.

It is argued that Good is a secure container.  We use Good with corporate iOS devices.  We don’t trust the inherent security of IOS itself.  Therefore the executive concludes that if Good is a secure container, it would be equally secure with a personal device.

Welcome to pandora’s iPhone.

The assumption that Good is secure may not be correct.   If the iPhone is found unlocked could an attacker access the memory and find the password for the Good app?   Could the password be in the iPhone autocorrect typing cache?   Who knows.   Once you’ve given in to not requiring a pin for both the phone and for the device, you are in a less secure place in my opinion.

Actually it’s not just IOS Devices such as iPhone, iPad and iTouch.  Anything Good supports would be fair game including Android, Symbian and Windows Mobile.  It’s a burden to stay on top of IOS patching and security concerns. Now we’re going to throw in every possible operating system for mobile phones!

When I look at how other companies addressed personal phones the main concern is legal.  If you have to perform a discovery on a mobile phone provided by the company, it is rather simple.  You take it.  What happens when it’s a personal phone?  Sure you can make the employee sign their rights away as a condition of access to corporate email, but it can be harder to put into practice.

Is it enough to merely wipe that Good application from the IOS device?  It may be desirable to wipe the entire phone.  Once again much more difficult when personal devices are in use.

There are also process problems.  Currently the phone is returned as part of the termination procedures.  We have it.  When it’s a personal phone, this will not occur.  Does disabling the email account necessarily prevent mail from being forwarded to the personal device in Good?  I don’t know.  What if the account is merely expired by date rather than disabled?  This would need to be tested.  At worst, the help desk would need to remember to disable the phone registration in Good at the time of the employee’s termination.  Risk is introduced where none was there before.  Additional work occurs where none was there before

We may not be able to create enforce our own policy any longer, but we’re often under strict customer requirements as they each interpret FISMA in wacky ways.  How does the customer feel about their corporate data being on a personal iPhone?  Are we going to have to create spreadsheet recording customer preferences?  How will we be notified is the employee changes projects?  Sounds like a management nightmare to me.

What about IOS upgrades?  If we force the users to update the IOS on their personal phone and that is bricked whose responsibility is it?  Sure we could have them sign an indemnification before they have access to corporate email but when it gets bricked and they lose data who are they yelling at?  It needs to be clear ultimately they are responsible.  They need to go to the genius bar at the apple store. If they don’t like it, they don’t need to have access to our data.

Even if we assume that Good is a perfectly secure envelope, how much data ends up on the rest of the phone?  Employees use other apps.  Employees may use evernote and sinc confidential data to the cloud.  Ultimately arent we encouraging the use of a wildcard?

While the company may save some costs by shifting that IOS hardware costs and data plan subscription to the End-user.  Ultimately we may have higher fees.  By opening the good server it to anybody with and IOS device we now have substantially higher fees for good licensing.  Who is paying that?  This is often shunted onto the IT departments in an unbudgeted fashion.   Upstairs gives themselves an award for saving money when really they just shifted it off of their budget to someone else.

Another concern that should be looked at is the enterprise e-mail fees on some carriers.  Purportedly Sprint has a $20.00 monthly fee for personal accounts to use corporate email services like Good.  I guess it’s OK as all the cool people are using a AT&T.  What about overage costs?  Is there any liability if the personal iPhone suddenly has a large data bill due to roaming on that trip to Canada?  This needs to be put into that the user agreements for personal devices.

What about the precedent?  It seems that were just a hop skip and a jump away from personal computers on the corporate network.  It’s difficult enough securing corporate devices that are supposed to be somewhat homogenous.