Sunday, 5 April 2009

What message media do you trust?

If your a large enterprise then you undoubtedly have need of a mobile solution for email and contact solution, now one of the first thing I hear when I say this is Blackberry.

It it really a good idea to have a blackberry in your enterprise ?

Well I'm still undecided, but lets ask some question first do you allow business critical files to be sent to your customer over the internet unencrypted ?

Would you worry that someone could read them ?

Imagine for a moment that you have all of your email in a pop account and that your ISP could read it, are you happy to live with this?

Because blackberry is kind of the same its another middle man between your servers and the mobile device your using, now of most business they don't consider this to be a mission critical thing to secure there mobile devices but I am under the opinion that is another security hole.

Not to mention something that your administrator team have yet another program to look after, the simpler solution would be to use the extension of the messaging platform you have already.

Such as Microsoft Exchange Direct Push (was added to 2003 SP2) or IBM Lotus iNotes Ultra-light depending on your environment.

If on the other hand you need more than Microsoft Windows Mobile and Apple iphones for email then you could look at Intellisync from Nokia it again acts as a direct link and allow you to bring the wide range of Nokia phones into you list of enabled devices.

There are other products that offer these function as well but remember make sure the device is talking to the server directly, going thought a provider give you just another weakness in your network and this one is outside of your control.

Frankly I have allot of problem believing in most products out there as they do not ISO 27001 some have passed ISO 9001 but this is a very basic check.

So some simple rules for you messaging administrators out there use SSL with all devices no exceptions.

Make sure the product your using connect directly from device to server, not thought some third party infrastructure.

And finally ask the provider about what security standard the product has passed and if they can't tell you don't use it.

No comments: