Top tips for securing consumer technology in the workplace

1. Companies must decide what their workplace culture will be; for example, the use of personal technology is fine as long as the work gets done
2. Choosing to ban consumer devices outright may sound like the most direct option - but consider not just the impact on security, but the effect on the image of the company that such a ban creates both internally and externally
3. Choosing to allow employee-owned devices into the organisation must be a conscious decision, accepted and planned for by the company. Embrace the change; avoid the 'don't ask, don't tell' policy on consumer technology adopted by some employers
4. Assess how allowing staff to use their own consumer devices could actually improve productivity by making flexible working more efficient, for example
5. Make staff responsible for the repair of faulty devices by getting them to sign up to vendor warranty schemes when they purchase their own devices
6. Managers and supervisors must clarify their expectations, and develop clear written policies and guidelines which must then be enforced - an even bigger challenge
7. Work with employees to develop sensible and workable usage policies for consumer devices and make sure there is real input from staff to ensure their support
Making the iPhone business-friendly
When it was first launched in June 2007, the iPhone turned a lot of heads. Unfortunately for Apple, for many in the IT security community the head-turning was a vigorous horizontal shake. "An unproven device from a vendor that has never built an enterprise-class mobile device," IT analyst Gartner said of it after the official launch.
Gartner's reaction typified the view that any attempt by Apple to position the device as anything but a consumer toy was going to get short shrift from business experts. The analyst put out a whole list of shortcomings with the Apple handset, including: "Lack of support from major mobile device management suites and mobile-security suites" and "feature deficiencies that would increase support costs (for example, no removable battery)".
But with the release of the iPhone 3G in 2008, and some hard work by Apple on the technical and marketing front to try and position the iPhone as business-friendly, Gartner and other analysts appear to have softened their stance.
In particular, Apple gave developers access to the iPhone software developer kit (SDK), while also updating the iPhone firmware to version 2.0. Apple also licensed Microsoft ActiveSync protocol suite, as well as support for Cisco IPSEC, and the addition of WPA2 security for WiFi connections.
Kraft Foods, Oracle and Notify Technology have deployed the Apple handset; however, the report did point to some security shortcomings around matters such as password caching that could make it difficult to authenticate the device onto a company's VPN.
However despite these questions, according to Forrester and the customers it spoke to, the message is that the benefits of the iPhone in terms of user-friendliness and the myriad applications available from the App Store, outweigh the problems so far.