But what about the security of my information?
All right, its no secret Ive become an ardent Apple supportersome might even say fanboy. But lets get past that and take a real look at just how secure this iPhone gizmo is.
My reasons for going through all the hassle associated with switching mobile phone carriers are varied, and Im completely happy with the choice I made.
Lets explore some of those a bit here. But first, lets look at some of the bigger security exposures from using the iPhone.
From a stand-alone sense, many of the security issues are similar to what Blackberry owners and administrators face daily. Youre probably concerned with locking down the device itself, along with its data, in case you lose it or the phone gets physically stolen, for example.
That is, youre concerned about the sensitive data that sits at rest on your device. Thats a fair concern.
Next, youre probably concerned about your sensitive data in transit between the device and the server-side applications youre using. Again, a very fair concern. You certainly dont want to fall prey to what I call a coffee shop attack where an attacker with a Wi-Fi network sniffer captures your sensitive data, such as login credentials, documents, emails, etc.
For much mobile business dataemail, calendars, contacts, and suchthere are three modes of connections that are common for iPhones.
You can tether the device to an enterprise email server, such as a Microsoft Exchange server. You can use Apples own MobileMe service to deliver and synchronize the data. Or, you can simply run the iPhone as a stand-alone mobile device, where you synchronize your data with a regular Windows or Mac computer via a USB cable.
Most enterprise users will use a Virtual Private Network (VPN) to connect their iPhones to their corporate networks, and from there to their companys Exchange server. That combination goes a long way to protecting sensitive company data in transit between the iPhone and the companys infrastructure. It pretty much makes you immune to the coffee shop attack, for example, since all the data in transit is likely to be encrypted via the IPsec-compatible VPN.
Similarly, from what I can gather, connections to MobileMe are encrypted to protect the sensitive data in transit. By default, for example, incoming emails are encrypted using SSL between MobileMes email servers and the iPhone.
But if youre not using Exchange or MobileMe, email is a little different.
Say, for example, youre using your standard ISP for email via IMAP or POP3, and SMTP for outgoing messages. There are definitely some things you need to consider for securing those connections so your sensitive data cant easily be captured while its in transit.
Many ISPs, for example, support SSL-encrypted email connections via IMAPS, POP3S, and SMTPS. If your ISP supports these, use them!
Sure, Internet email isnt private by even the wildest stretch of imagination. But with IMAP, POP3, and authenticated SMTP, its quite likely that your login credentials are being sent to the remote server during each transaction. Although there are plenty of other options for protecting those credentials from disclosure in transit, SSL is quick and simple.
Theres good news on this front, though. If your Mac email is already set up with secure email settings like Ive described, your iPhone will automatically get those same settings the first time you set it up via an iTunes synchronization.
Nonetheless, spend the time to step through the iPhones email settings and verify this is the case. Its no guarantee, but it will provide pretty good protection against that coffee shop attack.
Next, how about the device itself? What if you lose it or it gets stolen? Can someone get to your data? Of course they can.
Heres some things to consider to consider:
This one is really easy to do. Turn on the devices screen lock, and enforce a PIN to log in to the device. Sure, a 4-digit PIN isnt going to do much to protect your data from a determined adversary, but it may well keep the data away from an amateur say, the guy who finds your device in on a train or taxi seat after you lost it.
All current iPhones use a SIM card to identify and authenticate you to your mobile carrier. SIMs can easily be locked, and the locking function is on the smart SIM card itself. They can be a bit of a hassle, but this will help protect your phone account from being defrauded if someone finds or steals your phone. Locking the SIM will force you to enter another PIN (dont use the same one ) whenever you restart the device, but thats not so tough.
If someone really steals your device, or you lose it, it would be a good thing if the device were smart enough to wipe out all your sensitive data, right? Well, theres a couple mechanisms for doing just that on an iPhone. First, the screen lock I mentioned can do it. You can instruct the device to delete its data after N failed attemptsthe number is configurableto unlock it. Enterprise Exchange administrators can also remotely wipe out the data on a stolen (and reported) device.
Be cognizant of what data youre putting on the device and where that data is going. If you have truly sensitive company information, perhaps it just shouldnt be on any mobile device.
Were starting to see some data encryption products that work on the iPhone, although here were at a disadvantage compared to whats already available on other smart phone platforms. Still, there are apps that can store passwords, notes, etc., in encrypted vaults. For some small amounts of relatively sensitive stuff, these are good options.
All of these steps can help protect your sensitive data while it is at rest on your device, but theres no substitute for vigilance. Keep your iPhone with you at all times. If youre like me, that shouldnt be much of a problem.
ALSO SEE: 64 Seriously Cool iPhone Applications