The IT Outsourcing Model and Mobile Security Issues
In recent years, an IT outsourcing/managed program model for IT solutions and support has been adopted by increasing numbers of small and medium sized businesses. This model has many advantages over in-house staffing, including the vast array of expertise that visiting staff bring to the table - including the incorporation of mobile devices into the physical and virtual infrastructure of the networks companies use to handle their information needs.
With mobile devices releasing new apps and functionality all the time, the specialized knowledge and experience available through a managed program model may be more important than ever before. New functionality, of course, can also mean new security challenges that have to be addressed with such devices. The iPhone 4S application Siri is a case in point. Siri provides users with voice-control functionality so they can operate their cell phones hands-free, but a serious security flaw in the program has been identified: even when an iPhone has been locked, the Siri app remains active and can be used to operate the phone.
This represents a security breach that could allow an intruder to use a company iPhone to access proprietary information stored on the phone, such as customer contact information. If the phone is hooked into a business network, the security breach could be far more devastating.
In a managed program environment, staff employed by an IT company will visit on a regular basis to see to routine maintenance of systems and software. Companies that have integrated iPhones into its networks may not be aware of the risk that Siri represents, but managed programs personnel familiar with the infrastructure at a company can be a source of valuable information about evolving threats and how to combat them.