With the current security fervor over President Obama's BlackBerry and its potential to compromise information, do you think it's a good idea for any enterprise CEO or vice president to have such a device?
Keep in mind that the issue of President Barack Obama having a BlackBerry goes beyond the device itself; it extends to whether the risk of the president having mobile email is greater then the value it provides. Also, keep in mind that this isn't just a risk of sensitive information being hacked, but also the risk that any emails are eventually a matter of public record, and the president hears and sees many things the government would prefer to keep off the record.
Like email itself, the value proposition of a BlackBerry or similar device to enterprise executives is huge. The president of any country is a special exception, so setting corporate security policies by President Obama's necessarily extreme security requirements is quite likely a mistake. In fact, in some ways it's more secure for executives to use a BlackBerry-type device instead of a traditional email client on a laptop. Why? Well, it's far easier to remotely wipe a handheld device, and PDAs tend to have less information on them then the typical executive laptop does. So the organizational risk posed by a lost or stolen BlackBerry is much lower than the risk of a lost or stolen laptop.
The real questions a security team must ask are:
- What sort of data is being sent to those executives?
- What sort of policies are appropriate to secure the data on the devices?
- Are screen-lock times and password-complexity policies appropriate?
- Is remote wipe enabled?
- Is the device being backed up?
These are all good places to start your security inquiry, and the answers should be used to dictate security policy for the devices, including who gets to have one.
How secure are iPhone mobile applications? Read more.
Check out these best practices for keeping spyware off of mobile devices.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from David Mortman
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ... Continue Reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security... Continue Reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ... Continue Reading