The rush is on. With more than 75,000 applications and counting, the iPhone serves as a new frontier for business development.

Thousands of these apps promise to transform the way small and mid-sized businesses operate, allowing for convenience, streamlining operations, improving customer satisfaction, cutting costs, and much more. But the apps are developing so rapidly and the market is evolving so swiftly that businesses aren't often taking proper security measures into consideration before they move operations to the iPhone.

'I worry that more and more people are rushing off to use the wealth of applications that are out there,'' says Mark Kadrich, CEO of The Security Consortium, which advises companies about security. 'I just don't think people have taken the time to ensure that those applications are secure, trustworthy and reliable.… Some of this stuff is two to three guys banging out code in a garage somewhere.'

Evaluating your risk

In general, says Kadrich, small businesses don't take adequate security measures. 'If you look at most large organizations, most have a business continuity plan or disaster plan in place to deal with something catastrophic happening,'' he says.  'Small businesses don't tend to have the IT depth they need to do those kinds of things.'

Couple a lack of attention to security with what Kadrich sees as the risky nature of the iPhone platform, and some caution is in order when moving business functions to the iPhone. 'It's a constant balance. Is the benefit a business owner sees on a day-to-day basis, the financial returns, worth it to the point if something happens and the business is off line for several days?' asks Kadrich, author of Endpoint Security (Addison-Wesley Professional 2007).

Understanding what's at stake

Consider what would happen if the data you've moved to iPhones is breached or lost. What sort of liability do you have if you compromise a client's confidential information? What happens if you submit a legal bid, only to have the information altered somewhere in the process? Even the smallest business needs to understand the risk and build a continuity plan, says Kadrich.

Like other hand-held devices, the iPhone can be easily lost, stolen or misplaced. 'Small business owners with sensitive information on their iPhone, especially customer information, should be very cautious,'' warns Alex Moazed, CEO  of Applico, which has developed Aurkon, a backup application for Blackberry smartphones. 'If lost or stolen, it is relatively easy to hack into the iPhone and break security protocols.'

Mitigating risk

If you're going to operate on the cutting edge of iPhone development, it makes sense to minimize your exposure.  Taking these precautions can help:

  • Vet your vendor-- Ask plenty of questions. Just because an app is available doesn't mean it is secure. 'Any developer should provide a detailed abstract of the project, outlining the exact functionality of the application, features, as well as a plan for ongoing development of new features and maintenance,'' says Tony Nestor, CEO of Progress Technologies, Inc., and a software developer. A single fixed quote with a brief sketch of the proposed project is a sure warning sign, Nestor says.
  • Understand contingencies -- What happens to your data if the developer goes out of business or the business is acquired by another company? An app developer should have data retention and privacy policies.
  • Make backup plans-- Ask if your data is backed up on a daily basis or on a real-time basis. Test whether your data can be reconstructed from a backup. Ask developers how they back up their servers. 'Missing the backup routine in a scope of work is a huge indicator that the project has not been fully put to concept,'' Nestor warns. 'This is the equivalent of building a house without any plans to refer to.' It's also critical to sync and back up information such as contacts or documents. MobileMe's iDisk, from Apple, lets you access, store, and share files online or through the iDisk app for iPhones. Data is synchronized daily using iTunes. 'You can drop the phone in a swimming pool, get a new one and sync it with the computer,'' says Michael Miora, founder of ContingenZ, which offers companies training and management for disaster recovery and security threats. The DataViz Documents to Go app offers two-way file synchronization, says Miora. Kadrich has found the MobileMe backup buggy, so he now resorts to syncing his contacts by returning his iPhone to the cradle each day.
  • Get the patches-- Stay current on security patches and software updates from Apple.
  • Use the remote wipe -- For iPhone 3.0 users with MobileMe accounts, Find My iPhone's Remote Wipe lets you issue a remote command to erase the phone's data if the phone is lost or stolen. This isn't fool-proof. For instance, a data thief could keep the phone from connecting to the Internet, thus not allowing the data removal.

Recognizing the potential of the iPhone as a business tool means acknowledging there can be downsides too, says Kadrich. 'For whatever reason, people have gotten it into their heads that because the format of the device has changed, the underlying care you should take isn't there.'

Published on: Oct 1, 2009