[it wire] Letting staff choose their own preferred mobile platform is "a catastrophe waiting to happen" and will ultimately restrict the ability of businesses to exploit mobile platforms, the security chief at BlackBerry manufacturer Research In Motion has said.
The notion that CIOs should accommodate whatever mobile phones and other devices their staff choose to use has gained increasing currency in recent years. While that attitude might help attract some staff in the short term, it isn't a sensible strategy from a security perspective, Scott Totzke, Research In Motion's vice president of security, told a media luncheon in Sydney this week.
Having workers pay for their own phones could seem to be "a compelling economic argument," Totzke said, but could ultimately lead to much worse problems. "The platforms are not all created equal. It's probably a catastrophe waiting to happen. There will be a big privacy breach and somebody's going to be on the hook for millions of dollars".
Device-based anti-malware solutions were not likely to be helpful, Totzke said. "The mobile context is completely different to a PC; you've only got so much CPU, computing power, and network capacity. It's really an exercise in managing scarcity. If you spend all the time managing security by adding on products, you end up with a device where security is the thirsty elephant around the watering hole."
Developing those policies can be complicated. Totzke noted that the US Department of Defence's guidelines to securely configuring the BlackBerry run to some 150 pages. Market watchers say it may be some time before that approach is reflected more broadly.
Device choice is a "catastrophe waiting to happen": BlackBerry security chief