Nonprofit releases security configuration standards for iPhone

Share this article:
For the first time, enterprises can apply security configuration best practices to Apple iPhones being used by their employees.

The nonprofit Center for Internet Security (CIS) this week released free guidelines that can help organizations develop custom policies related to use of the increasingly popular mobile device, said Blake Frantz, CTO of the CIS. The benchmarks inform users about the security configuration settings available to them on the iPhone. For example, the standards explain how to make adjustments to protect data and deter potential attacks, such as disabling Bluetooth or JavaScript, or creating a strong password policy.

Frantz told on Friday that feedback from the CIS' 150 members showed that there was a need for iPhone security standards.

"It's going to have your organization's confidential information on it," he said. "We want to equip organizations with some best practices that that information remains confidential."

The guidance arrive at a time when businesses are facing increased pressure to manage their employees' smartphones. A recent Osterman Research study, sponsored by Zenprise, provider of mobile management solutions, reported that the percentage of North American workers issued mobile devices by their employers will double from 23 percent last year to 46 percent in 2011. Other studies have said the number of iPhones in use in the enterprise will triple between now and 2011.

CIS this week also released "agnostic" configuration standards around securing multifunction devices, such as printers, fax machines, scanners and copiers. Frantz said these devices, which contain operating systems and often connect to the company's network, are becoming more frequently targeted.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.