OK, execs. You want Apple kit. And Windows Phone, too? Really? A “circle of despair” is causing CIOs to abandon BlackBerry, it's reported. The head IT honchos of Blighty's union Unite, and the Formula 1 team and sports car producer Caterham, said the cost of the devices and issues with BlackBerry's mobe management tool, BES10, had been a contributory factors to the switch. The financial …
Putting your faith in the manufacturer/developer/operator or local Govt Security Agency that is behind any/all of the current common platforms is at the very least naive.
At the end of every telephone/smartphone there is something much less secure than the platform, it is called the user.
Last weeks hack on TruCrypt has really shown how much even the trusted platforms are fragile.
This is a bit like saying that airbags are a waste of time because some drivers are clueless.
And the upcoming BBM where each message has its own crypto key is surely a step forward.
I'd like to have Unite's cost comparison, though. How much are they paying for their phones?
The problem Blackberry faces is in terms of perception. When a company makes a decision like this, the first question they ask is: will they be around in five years. Five years ago, the answer was obvious. There's a lot of doubt about whether that's true now though, regardless of whatever features may be getting added to BBM.
No, I am not advocating that people throw their hands up. I am advocating that users need proper training, they need to understand that sensitive information must be handled "very carefully" and that relying on technology is potential faux pas.
Personally when I read these kinds of articles I feel that too many people have come to rely on technology rather than relying on common sense.
Yes, user training helps, but it goes hand in hand with technology. Users can be trained but use an insecure device, or users can be untrained but use a secure device, but it both cases security problems may result.
You can't rely only on technology, but it has to take up most of the slack from the fact people generally don't recall or care about the training approximately 30 seconds after it is over.
So they should just throw up their hands and not care about security, because perfect security is impossible?
True that you can't trust the manufacturer of the phone, or your carrier. True that government certification is doesn't prove anything about the security of the device, only that the manufacturer has the patience to piss about for months filling out forms and answering objections. True that open source doesn't mean you can trust the security, as TruCrypt and Heartbleed have demonstrated.
So perhaps the best option is to pick the one you think has the best support. That used to be Blackberry, but this article is telling us people no longer believe that is the case. Between Microsoft, Apple and Android, well, say what you will about Apple's support (especially their nearly non-existent enterprise support) it is at least better than Android OEMs in that the phones are fully supported/updated for years after purchased. To wit: the five year old 3gs just had another update a few months ago, and if you are dumb enough to want to do so, Apple will even fix a broken 3gs for you! Between Apple and Microsoft? I suspect there may be some of the "we already depend on Microsoft way too much, no need to put more eggs in that basket" going on.
Are iPhones "secure", problem-free, or require no compromises of stuff you can get with other types? Of course not, but neither are the alternatives. So you choose your criteria and go from there. You are free to use different criteria than they did.
...unfortunately every vendor, including Blackberry seems to ignore that.
It would be comparatively simple. Design an open "smart terminal" protocol where the terminal takes care of the GUI stuff while a user selectable server takes care of the logic. If it has caches make them independent for every server. Authenticate servers via user/customer managed PKIs, don't rely on foreign root-CAs. And most important, allow open source implementations for the servers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
