iPhone 5 dream a BYO security nightmare

Mark October 5 on your calendar: With the date now confirmed as the debut of Apple's latest smartphone, it also marks the countdown to a major new security threat as employees drag your company into new network demands and all the threats of a new and untested cloud service.

If your company is like most, you've been wrestling carefully with the security protections necessary to manage demand for bring-your-own (BYO) computing policies. You may even work at Suncorp or one of the other organisations, that have embraced the idea as a way to reduce IT costs and boost employee satisfaction.

No matter how prepared you think you are, odds are that you aren't ready for the iPhone 5. But you need to be. Figures out today suggest that fully 51% of current iPhone users will buy the iPhone 5 sight unseen, but other numbers are even more worrying for the corporate security manager: 52% of current Blackberry users will be biting Apples instead, and 27% of Android users will be making the jump.

Clearly, you're going to be seeing the iPhone 5 on desks before you know it. The iPhone 5 probably won't ship for several weeks, but expect a spike in sick days as employees sleep out to be the first to get one. And once they bring it to work, your security profile is going to take an instant and painful hit as your corporate network is laid open for its potential depredations.

Your security perimeters will face the inevitable potential security bugs of the substantially overhauled iOS 5, the unpredictable network-bandwidth demands of a new platform with which users will be playing extensively, and the sheer force of a wave of adopters that will bring this new platform into your business at a rate of knots. Worst of all, the iPhone 5 will drag you, with whiplash-inducing speed, into the cloud; without proper controls, your company data could end up there too. This is because iOS 5 and its companion iCloud service represent a significant shift in direction for Apple by not only supporting cloud services for a few key functions – but integrating cloud services into the very core of many common activities.

Streaming iTunes music will have your employees sucking down network bandwidth continuously while they're listening to their music. The Photo Stream feature will instantly upload every photo taken with the camera to Apple's iCloud service; it seems purpose-built for corporate snoops who can now publish sensitive documents online in the time it takes them to push the Home button. Adding even more to the fun, document files will be automatically synchronised between a number of devices and can be stored in the cloud by third-party apps.

If this feature alone sends shivers of 'concurrency nightmare' down your spine, you're thinking along the right track. Many companies have so far kept their sensitive documents out of cloud productivity suites like Google Docs for a reason, but heavy use of the iPhone 5 to review and collaborate on documents will mean this is no longer entirely possible.

The problem isn't that iCloud in itself is inherently dangerous, although there's no question that hackers will be looking for ways to break into it. The problem is that employees, empowered with a self-publishing platform that not only relies on your network bandwidth but now extends straight past your organisation's security perimeter, will intentionally or accidentally be opening up any number of new avenues for data exchange – and right now, almost none of them are managed appropriately.

This is particularly worrying for companies that have methodically standardised on the BlackBerry for its perceived stronger corporate security and controls over messaging and corporate data. Research In Motion's determination to preserve this security – even at the risk of alienating customers that don't have BlackBerry handsets and actually want to access other email services – earned it the thumbs-up from Australia's DSD and the US Department of Defence – but surveys suggest the iPhone 5 will be the thing that convinces even BlackBerry stalwarts to compost their phones.

Are you prepared for a quantum shift in your BYO and mobile strategy? You'd better be: Citrix Systems BYO Index, a survey of 700 IT decision-makers, found that just 44% of organisations have a BYO policy in place today, but this will grow to 94% as pervasive use of the iPhone 5 and similar devices forces companies to get on top of their security ramifications.

Surely, you've already been working hard to make sure you're not part of that 6%. Most certainly, you've already worked to do a formal audit of your network environment, and prepared a comprehensive vulnerability report that has helped you instantly predict and manage the data flow of any new mobile device brought into your company.

Surely, you've engaged a white-hat security vendor to push early betas of Apple's iOS 5 to their limit, revealing any intrinsic security shortcomings in its code or created through its judicious use of public-discovery protocols like Bonjour. Surely, you've reviewed your printing infrastructure to accommodate the way iPhones, iPads and other devices' AirPrint-like capabilities now let them output content anywhere in your organisation, with impunity.

And surely, you have already implemented a comprehensive mobile device management platform that can not only track and control the smartphones your staff already have, but can easily be updated to track new devices such as the iPhone 5. Because you have, of course, moved proactively to implement a comprehensive data classification and management environment that allows to you control the kinds of leaks that the iPhone 5 will enable.

Haven't you?

In many ways, the iPhone 5 is simply another confounding factor in the BYO debate. Whatever mobile management you have in place, whatever policies you have already established – the sheer pervasiveness and leakiness of the iPhone 5's design mean you have to be ready for whatever security compromises it introduces. See you in the queue.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags smartphonesmobile phonesiPhone 5BYOApple iPhone 5BYO security

More about BlackBerryCitrix Systems Asia PacificCitrix Systems Asia PacificDepartment of DefenceetworkGoogleMotionResearch In MotionSuncorp Group

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts