“Siri, where’s the nearest Italian restaurant?” “Siri, please remind me to call Tom.” “Siri, I need to send an email.”
For those who own an Apple iPhone, Siri has become an indispensable tool, providing everything from directions to personal schedule management. However, for IT security professionals, Siri is more than just a useful tool – it’s actually a cause for justifiable concern, particularly in fields such as healthcare, where maintaining privacy is a matter of federal law.
The problem arises whenever someone uses Siri, a record of the transmission is stored in Apple’s servers – creating the potential for the information to fall into the wrong hands. In fact, concern over the security and privacy of Siri has led some organizations, including IBM, to ban employees from using it on their company-issued iPhones or on devices that are part of the company’s BYOD program.
While some experts believe that IBM’s decision to ban Siri is a bit heavy-handed, it does bring to light some of the issues that companies face when using the cloud, in addition to when employees are allowed to use their own mobile devices.
BYOD – Bring Your Own Disaster?
For many companies, moving to a Bring Your Own Device model offers a number of benefits. Employees can stay connected 24/7, accessing the data they need at a moment’s notice, thereby increasing productivity. The fact that employees can use devices that they like and are familiar with can also increase productivity and satisfaction. When employees supply their own smartphones and tablets, companies can save money, as well.
However, with the benefits come some drawbacks, primarily security risks. Employees are often used to using their devices however they want, and many common features and programs have the potential to create security breaches in company networks – potentially causing data loss. As a result, companies have placed restrictions, such as banning Siri, to protect the data and company privacy.
For Example, Companies Have Taken Steps Such As:
1. Prohibiting the use of online file transfer programs, such as Dropbox. These cloud-based services are convenient, but do not offer adequate security to protect sensitive and confidential files.
2. Discouraging employees from sending company emails to unsecured web email addresses; most of the popular online mail services do not offer encryption and mail can be intercepted.
3. Employees with devices governed by BYOD policies are often prohibited, or strongly discouraged, from using their devices to open Wi-Fi hotspots, which can create vulnerabilities in the network.
4. Banning downloads of unapproved applications; for example, employees may only be allowed to use applications purchased from approved vendors, or they must seek approval for new app purchases.
5. Some companies with BYOD policies require employees to give their devices to IT to be installed to a mobile device management program, and have certain features installed or disabled. For example, employees at IBM cannot use Apple’s file transfer service iCloud; instead, they are required to use an IBM-hosted cloud service, which meets the company’s security requirements.
6. A number of experts believe that instituting protocols (such as those mentioned above) are the foundation of a solid BYOD policy. When they are combined with proper security and management strategy, the consumerization of IT does not have to be disastrous for your company.
BYOD Drawbacks for Employees
While placing restrictions on how mobile devices can be used to access company data does protect the organization from costly security breaches, it does raise concerns for employees. Those who spend hundreds of dollars on an iPhone, for example, may not be pleased to discover that they are forbidden from using some of the most useful features of the device.
That is why a strong MDM program is a necessity, as well as a clear BYOD policy and communication about what employees can expect with the program. In fact, restricting Siri and programs like it may not be necessary in all fields – and if you have a strong BYOD security protocol in place, BYOD is a perfectly safe choice.
And as the need for employees to have access to corporate networks and data from wherever they happen to be continues to grow, the need for effective security solutions is also growing. The good news is that in the ever-changing world of cloud computing, BYOD and mobile security, IT professionals have more solutions to navigate this complex environment.
About the Author: Rod Weaver covers issues related to internet security and web development for several online publications. He has reported on such topics for the past five years. Having experienced nearly every aspect of the internet security universe, he finds Trend Micro to be one of the most reliable of solutions. He lives in San Francisco with his family.
