iPhone’s and data security - SAS 70
Home > IT Blogs > SAS 70 > iPhone’s and data security
>>VIEW ALL POSTS  

SAS 70

« Exchange and Email
CIO - Are you sitting on your DataCenter assets or using them? »
Jun 12 2008   8:51PM GMT

iPhone’s and data security



Posted by: sas70expert
Networking, Security, Servers, Compliance, Viruses, Auditing, CIO, Mobile, DataManagement, Email, Exchange, SAS 70

What about the new iPhone? It has an abundance of new features and new headaches? With the latest push of emails to your iPhone, how many more network issues will this create? 

With the iPhone, you can download, pictures, music, and applications – how many of these will have undetected viruses or Trojan horses? As executives demand more technology, do you have enough security in place to prevent such disasters to your network? How much downtime can you afford? 

In a SAS70 audit, wireless networks and the related controls are normally tested. Testing of phone connectivity to internal networks and the related hazards are not normal considerations. 

I would recommend standardization of cell phones. Chose a cell phone that meets business needs and provides basic communication access for employees. Enact most security features to prevent rogue viruses from attacking your network. The phones should only sync with your business Exchange server and not the employee’s personal contacts or emails.

 

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Unixboy  |   Jun 28 2008   3:14AM GMT

I am very concerned. At my Company we have no standardization around what type of phone anyone can use. In addition, many find ways to sync up to their local Outlook or Lotus notes contacts database. When they do, it seems that they either have problems with their laptops, specifically corrupting their registry, which causes their laptop to crash; Or, their new phone’s operating system goes on the blink. I would highly suggest developing an internal policy and getting it approved by Management. Then only allow those approved phones to be used. Second, make sure you virus software is kept up to date. This will reduce some of the risk of downloading a virus onto their laptop or uploading one onto their phone.