Technology Consultants
Related Service:
Collaboration

02.18.09

President Obama’s BlackBerry is secure. Is your smartphone or iPhone3G?

Barack Obama won the Secret Service tussle over his beloved BlackBerry, with the proviso that security on it would be enhanced even over Research in Motion’s vaunted, built-in e-mail encryption service.

obama blackberry

With what C/D/H consultant Jason Cooper calls “security beyond a level which most people are concerned about,” BlackBerry Enterprise Server (BES) has set the standard in mobile security, with:

  • A remote-wipe function that allows you to remotely erase all non-factory data if the device is lost or stolen.
  • Encryption heavy enough for the U.S. Department of Defense, which uses BlackBerry.
  • Hundreds of policies that enhance BlackBerry device security.

But do you really need the pricier BlackBerry, or will a Windows-based smartphone or iPhone 3G suffice for your business?

Cooper said recent development cycles have brought security for smartphones and 3Gs into their own.

If there is a hole in their security, he says, it’s that they, unlike BlackBerries, communicate directly with your mail server, protected in most cases only by your username and password.

But that is easily remedied, he said, with one or more of the following:

  • A moderately complex password. Note that does not mean the password must be hard to remember -- a written-down complex password is worse than no password. Simply avoid birth dates, anniversaries, or any other easily guessed password. The Conficker worm used a list of only 200 passwords, such as “password,” and “123456,” to crack Windows-based systems last fall. A moderately complex password, with letters, numbers and a special character, such as !@#$*%^&, would have stopped the worm in its tracks, Cooper said. And it can still be easy to remember: the name of your childhood Teddy bear, the year you bought your first car, and an exclamation mark, for example.
  • Using SSL encryption protocols to protect sensitive transactions, especially communications with mail servers, in combination with complex passwords.
  • Two-factor authentication, with something like RSA’s SecureID, a small keychain fob with a randomly generated password.
  • Use of up-to-date, licensed anti-viral programs.
  • Installation of after-market remote-wipe programs on devices not managed with Exchange or BES.

The biggest downside of a BlackBerry Enterprise Server is cost. A business with fewer than 30 users can use the free BlackBerry Professional Software Express, but more can run into the thousands.

The upside to smartphones in small- and medium-sized businesses is that any upgrade built into the company server is available on employees’ mobile devices, and those devices have other useful applications that BlackBerry lacks, such as full-featured PDF readers and Flash player. And any business that chooses to may still install additional security with savings from not buying BlackBerries, Cooper notes.

Bottom line: For small-to-medium businesses, a Windows-based or 3G device is likely to be more than secure enough, when used with a complex password, anti-viral software and secure transaction sites.