Share this article

print logo

Personal devices can pose corporate risk

Siri has had her visitor badge revoked at IBM. Apparently she can't keep quiet about what she hears.

Though IBM has allowed the iPhone 4S and other employee-owned consumer smartphones and tablets, like so many other companies barraged by their smartphone-toting workers, company Chief Information Officer Jeanette Horan has said it's been more of a migraine than a cost-saving solution.

"We found a tremendous lack of awareness as to what constitutes a risk," Horan recently told MIT's Technology Review. Now they're trying to educate their employees.

Many voice-recognition services such as Siri transmit the words spoken to them to a database, so they can get smarter, grow their vocabulary and learn different accents. But loose lips, however seemingly benign or even academic in nature, are counter to the secretive and competitive nature of business.

For decades, corporate information technology departments held the keys to mobile communication. They portioned out the devices that they configured with approved software and, to that end, controlled what got in and out of the company.

But now there's a bit of a pot-luck approach to communications, with everyone from the CEO down bringing in their own devices, whether smartphone or tablet.

"It's the consumerization of IT," said Vincent Schiavo, chief executive of DeviceLock.

There's an overall mingling of personal and professional in terms of content stored on employee-bought devices. "Inevitably stuff ends merging and leaking out," Schiavo said. "The problem is that you don't always have access to a person's individual device."

To that end, IBM requires a bit of an examination and detox, if you will, before an outside device can be used on its network. The IT department sets it up to be able to remotely erase its memory if it's lost or stolen, Technology Review said.

Though they disable external file-storage programs such as iCloud, employees instead use an IBM-hosted cloud service called MyMobileHub.

The company has established some guidelines, complete with banned services, according to the story. No file-storage cloud services; somehow the idea of having proprietary company documents sitting on someone else's server doesn't sit well with IBM. No using your smartphone as a hotspot. And no forwarding company email to public Web mail services.

"We're just extraordinarily conservative," Horan told Technology Review. "It's the nature of our business."