Corporations don't care about the devices per se - what they care about is the potentially valuable inside information that may be on that device. If a thief / corporate spy / whatever gets access to the phone, the data on it needs to be protected. To that end, the _minimum_ requirements to allow a phone to hold corporate data would be:
1) PIN or password protection that can reasonably expected to not be broken. Logical requirements for that are:
--PIN / password existence and complexity enforcement
--After a predefined number of failed attempts, the device either self-wipes or permanently locks.
2) Ability to remotely issue a remote wipe (in case an employee quits on bad terms / is fired but he doesn't know it yet / whatever)
3) Encryption of all data on the device, so that if it physically falls into the wrong hands, the thief(s) won't be able to access the data, even if given a long time to do so.
The new FroYo build is supposedly able to do all of these, except for the data encryption. If you were in charge of security for your enterprise, would you allow users to use a device with no encryption?
Blackberrys have supported all these for a long, long time. iPhone 3G supports it (although apparently not all that well), pretty much any new Windows Mobile smartphone supports it. There is currently no single Android model that supports it (AFAIK).
I find this really strange. Considering that plenty of enterprises would love to bring Android devices into the fold, it's weird that nobody yet makes a handset with hardware encryption. I still have no idea why this is.
No comments:
Post a Comment