A reporter recently sent me an e-mail asking the following question: What advice do you have for another company trying to rollout iPhone support in an enterprise — specifically related to data center issues? What steps should they take?
As I hit send on my message back to him, that included the response below, I realized it would be great content to share here. Read on for my security recommendations to IT leaders who are considering bringing the iPhone into the enterprise.
Policy and compliance are important to consider when introducing any new technology into the enterprise, and the iPhone would be no exception.
Assuming you’ve already been using smartphone technology, it would still be prudent to review your policies and any agreements you have with employees on the proper use of smartphones, the iPhone included. The user community needs to be educated on the power of those devices and the risk that they can inadvertently introduce to the company.
The other strong recommendation is to pilot with a small user base and then grow your deployment. Without a well-planned deployment, you’re destined for failure or even a data breach.
Enterprise deployment will impact your joint operations centers. You will have to integrate security monitoring of the new wireless management center with the system you use to detect vulnerability and anomalous behavior on your network.
These services provided by your security operations center or joint network operations center will require detailed architectural changes which you should include in your cost, schedule, and performance planning.
Develop a hardened or secure image for your iPhone, and make sure it meets security policies and compliance standards with a security package for anti-virus, patching, and other safeguards. Don’t forget to collect log data on transactions involving these devices.
Many organizations are dealing with employees who want to use their own personal devices instead of the one provided by the company. At first, the company might think this would save money. However, a strong agreement between the employee and company is needed to spell out what happens if the device is lost, how the data is protected on the device, and what happens when the employee leaves the company. Your legal counsel and human resources department should be involved in the early stages of this project.