Identifying iPhone security risks and preventing breaches can be a great deal of work for IT administrators.
More employees want the option of using their personal iPhones for work, and some companies are even deploying iPhones to workers. But personal phones in the corporate world and corporate phones in the public world can open up the door to a host of security risks.
The struggle for IT comes in making iPhones secure enough to handle corporate data while still retaining their user-friendliness. It’s also important that IT has the capability to manage a potentially large number of iPhones. Settings and policies need to be distributable, and users need to be aware of how to keep corporate data private. The answers in this iPhone security FAQ will help administrators assess the pros and cons of using the
What are the major iPhone security risks for enterprises?
Despite Apple’s strong security reputation, there are some enterprise iPhone security risks. Hackers carrying out malicious attacks on iPhones can gain access to enterprise data, and although iPhones have been immune to malware for now, experts believe it’s only a matter of time before coders make viruses to attack iOS security. And users can put their phones at risk by syncing an unsecure computer or cloud service, which can result in unauthorized access to corporate resources.
What specific iPhone security risks does Siri pose?
It’s a great feature for users, but the voice-recognition assistant Siri bypasses some security features, making confidential data available to anyone who gets his or her hands on an iPhone. For this reason, the iPhone’s Siri security issues should be of concern for IT professionals. For example, anyone can use Siri to circumvent a locked iPhone screen and send text messages and emails in the phone owner’s name. The worst part is, there isn’t much IT can do to address these risks.
How can the iPhone Configuration Utility help IT improve iPhone security?
Apple’s iPhone Configuration Utility (iCU) gives IT admins centralized administration over corporate iPhones. These advanced iPhone security settings let admins set and enforce password requirements, prohibit the installation of unauthorized apps and restrict use of the camera and screen-capture feature. The iCU also lets admins preload iPhones with approved certificates and preconfigure email accounts. Additionally, the iCU offers a number of secure ways to deliver user profiles and enforce iPhone security policies, and it allows for enterprise-specific application deployment without going through Apple’s App Store.
What’s next for iPhone security?
To improve iPad and iPhone security, Apple has submitted three cryptographic modules for testing and certification under the Federal Information Security Management Act of 2002 (FISMA). These requirements, as outlined in the National Institute of Standards and Technology’s Federal Information Processing Standard Publication (FIPS) 140-2, are designed to ensure confidentiality and data security on both hardware and software. If approved, these modules could help iPad and iPhone adoption grow in government agencies.
This was first published in December 2011