Like email itself, the value proposition of a BlackBerry or similar device to enterprise executives is huge. The president of any country is a special exception, so setting corporate security policies by President Obama's necessarily extreme security requirements is quite likely a mistake. In fact, in some ways it's more secure for executives to use a BlackBerry-type device instead of a traditional email client on a laptop. Why? Well, it's far easier to remotely wipe a handheld device, and PDAs tend to have less information on them then the typical executive laptop does. So the organizational risk posed by a lost or stolen BlackBerry is much lower than the risk of a lost or stolen laptop.
The real questions a security team must ask are:
- What sort of data is being sent to those executives?
- What sort of policies are appropriate to secure the data on the devices?
- Are screen-lock times and password-complexity policies appropriate?
- Is remote wipe enabled?
- Is the device being backed up?
These are all good places to start your security inquiry, and the answers should be used to dictate security policy for the devices, including who gets to have one.
For more information:
- How secure are iPhone mobile applications? Read more.
- Check out these best practices for keeping spyware off of mobile devices.
This was first published in February 2009