Re: Smartphone Policies.

[Chris Green <cmgreen () UAB EDU>]

I believe that the Harvard Medical Center supports the iPhone very well (per  http://geekdoctor.blogspot.com/.  The 
full exchange client on the iPhone can be an advantage.  Since the iPhone supports active sync, on Exchange 2007 the 
active sync “reset your phone” switch becomes an OWA accessible feature.   Lock your phone and if you lose it, go 
remotely wipe it yourself.

That’s a pretty sexy sales pitch to a clinician and it covers the lost device component.  Smartphones are in our sights 
as something we have to manage (and the AT&T isn’t our winning bidder) but it does seem to give a reasonable way to 
address some of the risks of the technology.  Change from saying no to saying “here’s the way to make it work and 
here’s the secret button to remember when you leave it in a cab”.    It also helps address the “work versus personal” 
phone thing because people do find ways to make their job doable or more productive.

Same line of thinking for BlackBerry but use the BES rather than the desktop connector so some of the risks can be 
managed.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Connie 
Sadler
Sent: Thursday, May 14, 2009 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Smartphone Policies.


We are developing a Smartphone policy. But I'll tell you, the iPhones are scary - we cannot technically do anything 
(that I am aware of) to stop people from connecting and syncing up their mail. In fact, there is an app for the full 
Exchange client now. There are also a lot of other apps that are being pulled down to personally-owned iPhones that are 
connected to our network. I have to say, I work in an academic medical center, so it's very difficult to tell 
clinicians what they can and cannot do with their personal devices on our network (trust me - it's not easy).

There are some new products working to address this risk. With more employees taking their iPhones to work, IT 
departments are scrambling to figure out a way to manage them. The iPhone, unlike the BlackBerry, started out as a 
consumer device and still lacks some management and security features that corporations have come to expect from other 
mobile devices. Now, a number of software companies including Good Technology<http://www.good.com/corp/index.php>, 
Sybase<http://www.sybase.com/> and Tangoe<http://www.tangoe.com/> are stepping in to fill that void. Is anyone looking 
at these solutions??

http://www.good.com/corp/int_products.php?id=good_mobile_control_iphone&pid=good_for_enterprise

http://www.sybase.com/ianywhere

http://www.tangoe.com/managed-services/mobile-services/mobile-device-management.html

We're also quickly moving to a more "blended" work/life environment - and people (like it or not) are going to expect 
to be able to get to personal data from work and they want to use personal devices for both - we're going to have to 
find ways to enable it.

--
Connie

Connie Sadler
CISO, LPCH at Stanford