After I wrote about the Sidekick data loss catastrophe a couple of days ago, one of the first questions I got was whether smartphones were safe at all. The reader who e-mailed me wondered if he should do something about the number of employees who wanted to use their iPhones on the corporate e-mail system.
I suppose I can understand his concern about the iPhone. After all, his first impression was that the iPhone was too much of a consumer device to be taken seriously. How could it possibly be safe to use on his company's network? I explained to the reader that getting rid of the iPhone would make no more sense than getting rid of any other smartphone. It's just as secure as other smart phones, and you can set the policy on your Exchange server so that the iPhone will require a password just to use it. This will do a pretty good job of keeping corporate information out of the hands of someone who might find it, or steal it, for that matter.
But the problem with the Sidekick data loss isn't that it's a wireless smartphone. The problem isn't that it stores its data in the cloud. The problem really is that the service provider didn't have a good continuity plan and it didn't have an adequate backup plan. I don't know why T-Mobile didn't insist on such things, but most likely it's because the Sidekick is perceived as a consumer item and wasn't taken seriously. No doubt, considering the amount of money that must have been spent on the data recovery effort, they'll rethink whatever assumptions they made.
Fortunately for those Sidekick users who lost their data, T-Mobile and Microsoft have now said that they've now determined that they can recover most if not all of the personal data that was eaten by the Microsoft subsidiary that lost it. This is a good thing, although if you're one of those customers who lost their information, it's not as good has not having lost it in the first place. Considering the time and expense involved in this recovery, I suspect that a more reliable means of data protection will be developed for this information, even if it is just consumer stuff.
But unless you're storing your corporate data with an unreliable cloud services provider that doesn't do backups, your smartphones, iPhones or otherwise, are in no more danger than any other device in your enterprise. The smartphone users' e-mail, contact lists, appointments and the like are just as safe-or just as unsafe-as with any other user in your enterprise.
This, of course, means that the fear expressed by my reader is misplaced. He should be worrying about something that's really a LOT more scary. Does he really know how safe his critical information is? Can he prove it to an auditor? Can he prove it to his board?
It's bad enough to have your data eaten by some faceless entity out there in the cloud. But if you're the one who put it out there, and you didn't make sure it would be safe, secure and recoverable, then your fears should be a lot closer to home.
Now for the full-disclosure part. I don't have an iPhone. In fact, I use a BlackBerry. Why? T-Mobile is the only carrier that actually penetrates far enough into the wild, uncivilized depths of the DC suburbs that I can get a signal. T-Mobile's only real business smartphones come from RIM. And as we all know by now, you can only get an iPhone from AT&T.