* Notify IT at once if the device is lost or stolen, or the employee no longer needs company access.
* Codify the company's right to wipe the device, even an employee-owned device, if it's lost or stolen, or the employee leaves the company.
* Require users to back up their iOS device via iTunes.
* Reimbursement policies, if any, are clearly stated.
For companies that need higher level of security, IT can require stronger unlock passcodes, mandate the iOS hardware encryption feature be turned on, make use of certificated-based authentication for e-mail, VPN or Wi-Fi access, via Simple Certificate Enrollment Protocol (supported by Apple) and a PKI and SCEP server; application encryption, via new APIs for this purpose in iOS 4 (Jaquith notes that the iPad won't support iOS 4 until some time later in 2010).
Two other options to consider are: the company's right to confiscated even an employee-owned iPhone or iPad in the event of an emergency (a standard practice in the Department of Defense, according to Forrester); and require nonpublic Personally Identifiable Information (PII) and Protected Health Information (PHI) to be removed from the employee's device, a requirement of some federal and state laws.
For company-owned iOS devices, there are yet more restrictive security options, though, "Forrester regards these policy options as excessive for personally owned devices, and we recommend that you implement these policies only sparingly," according to the report.
These additional steps include banning access to Apple's App Store, or the installation of apps, or both; blocking use of the iPhone camera; turning off the iPhone and iPad screen-capture feature (activated by pressing and holding the Home key); and block use of the apps such as the YouTube app, or even the Safari Web browser.
There are still weak points in implementing security for iOS devices, according to Jaquith. Apple's iPhone Configuration Utility, for example, generates the configuration profiles, but lags in automating various installation steps. This slack is being picked up now by third parties such as Sybase and Trust Digital, Jaquith says.
High-end device management tools are only now starting to become available, with new APIs in iOS 4. Several companies, including Sybase and MobileIron are working with the new APIs to eventually deliver centralized platforms for much more robust iOS device management.
Also missing are support for smart card authentication; compliance with FIPS 140-2 (the iPhone crypto software hasn't yet been certified); end-to-end e-mail encryption; SMS logging and archiving; and the ability to segregate work and personal user environments, data and applications.
John Cox covers wireless networking and mobile computing for "Network World."
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts