Wat zijn de security risico’s bij iPhones?

Basically, the biggest enterprise risk in smartphone use is physical loss of the device. Malware is really not a meaningful risk yet on smartphones, and may never be. However, the little toys are constantly left behind in movie theaters, airplane seat pockets, rental cars, airport lounges, etc – and often are never found again. A related problem is that when smartphones break, the are sent out for repair to places to just reach in one box and send back a refurbished unit and throw your employee’s smartphone into a different box that often ends up for sale on eBay.

Just like with laptops, this means the major security controls needed are:

1.Mandatory password entry to enable device access 2.Mandatory activity time out timer to require reentry of the password 3.Encryption of the contents of the device

If you manage the iPhone via ActiveSynch and Exchange 2007, you can implement the first two policies. However, there are many reports of ways to get around these controls, but it is really no worse than on a Windows Mobile device (though on an iPhone you can only enforce 4 of the 46 Exchange security policies on Windows Mobile). On the third point, the latest iPhone 3GS models do include an encryption chip, but it has not been FIPS 140-2 certified and there were implementation vulnerabilities reported immediately.

The bottom line is there is increased risk (compared to a Blackberry) that if an iPhone is lost or stolen, information on the device will be accessible by the person finding the device. Right now, given the iPhone’s architecture which makes it difficult to install third party security software, that is the residual risk that the business side will have to accept if they want to allow iPhone use.

bron:Gartner

Tags: Gartner, iPhone