Forrester Research recently issued a report stating that Apple’s iOS has reached the point where iPhones and iPads can be safely deployed for most enterprises. The report should spark great interest among enterprises caught up in the consumerization trend. But a more basic question should be asked. Why are people so interested in the iPhone and iPad?
The obvious answer is: because of the volume of free or cheap apps that help users do their jobs more efficiently. Consequently, the real value of the devices is largely driven by the apps users download. Why even have an iPhone if you can’t have the freedom of download?
However, I would offer a word of caution to those exuberant users. What wasn’t really covered in the Forrester report was the security of the iOS applications available for download. Enterprise users of iPhones and iPads should ask some important questions about the apps. Who developed them? Were they tested for back doors? And how are unsuspecting consumers supposed to protect themselves?
With regard to adequately addressing these questions, even the apps from major financial institutions are coming up short. For example, A recent article in The Wall Street Journal reported on an iPhone app flaw that exposed Citigroup data.
What is important in any mobile device is recognizing the need for additional security technologies to protect data. You cannot throw up your arms and give up on your defense-in-depth approach simply because you are dealing with a mobile device. Rather, you have to become even more diligent.
I do agree with Forrester that iPhones and iPads are ready for the enterprise, and security officers should recognize that these devices should be covered by the enterprise’s existing mobile device security policy. It’s ultimately a matter of enforcing existing security policies and educating users.