Well, you're right about one thing: the sorry state of wireless in the US. However, just because SyncML (though, out-of-date, bloated, inefficient, and not used by many sync vendors anymore) can sync PIM data to your device over-the air doesn't make it useful in the enterprise. Does your closed operating system phone have a keyboard? If not, there's just no way that enterprises are going to use them for their mobile workers. Have you tried responding to 200 e-mails a day without a keyboard? I have, and it 7777-88-222-55-7777. Enterprises have, and they think it sucks too. I've worked with hundreds of companies over the past two years on this issue and not *one* company chose the phones you mention as theit mobile PIM platforms. Please understand - I'm not arguing with you about how nice and fancy the closed OS "feature phones" are. There are some really nice phones out there. I'm simply saying that they are never used as enterprise mobile work platforms and therefore have little to do with the article.
- N
...which is not only wrong, but concerning as well. The cell phones that they are talking about as "closed systems" are almost *never* used in enterprise deployments where over-the-air sync of email, calendar, and contacts are used for corporate purposes. In those cases, the devices that are used are Treos, PocketPC devices, Mobile 5 devices, Symbian devices, and a mix of Blackberries - which are the devices and operating platforms that suffer from the most security vulnerabilities. It is these devices that are the focus of the entire article, because they now carry the same sensitive data that laptops do but with almost none of the same security functionality. The feature phones that are the focus of so many of the postings here are of almost no concern whatsoever.
If you're like me, you've been reading these responses and thinking to yourself, "Whoa, there's another guy that needs a security awareness lesson."
-N
Ha haha, great point. You are not a stickler for semantics - you're right. I'll keep that in mind next time I write a title:)
Thanks for the input,
Norm
Please. The only important propagation step from an enterprise standpoint is Phone --> Enterprise. No one cares about, or will even spend 3 minutes coding for, a propagation method that spans cell phone operating platforms. Who cares how hard it is - it's not the point of the article. The next Code Red or Nimda style front page news article is going to be for the guy that figures out how to write a crossover virus that spreads from a PocketPC, Mobile 5, Symbian, or Palm OS to the juicy Win32 insides of the corporate world. OH WAIT, SILLY ME, THAT'S ALREADY HAPPENED. The point is that there are vulnerable mobile platforms running around these days that already have a direct, unsecured, unfirewalled, and unmonitored connection right to the enterprise Exchange server. Forget the fact that it also is CARRYING around sync'ed data with very little security functionality to protect it.
That, is a serious problem.
You said:
> The vast, vast majority of consumer phones are not the so-
> called "smartphones" that run traditional operating systems like
> Symbian or Windows, they run proprietary operating systems that have no
> publically known names and do not export any APIs, except for J2ME or
> possibly BREW.
And, not surprisingly, you have missed the entire point of the article. The cell phones you mention are almost *never* used in enterprise deployments where over-the-air sync of email, calendar, and contacts are used for corporate purposes. In those cases, the devices chosen are Treos, PocketPCs, Mobile 5 devices, Symbian devices, and a mix of RIM devices. The very devices and operating platforms that suffer from the most security vulnerabilities - NOT the J2ME phones that you mention. You may love your phone and think it's the greatest thing on earth, but that doesn't change the fact that it's just not useful as a mobile work platform.
It's the devices I mention above that are the focus of the article, because they carry the same sensitive data that laptops do but with almost none of the same security functionality. The feature phones you mention are of almost no concern whatsoever. The point is that we now have vulnerable devices walking around with sensitive data on them that ALSO have a direct, unfirewalled, completely unmonitored connection directly back to your enterprise Exchange server. These devices are vulnerable to all kinds of attacks, and it would be trivial for an attack to traverse back into the enterprise. Furthermore, these devices are 12 times more likely to be lost or stolen than a laptop and the data they hold is almost never properly protected.
N
You completely miss the point. The cell phones you mention are almost *never* used in enterprise deployments where over-the-air sync of email, calendar, and contacts are used for corporate purposes. In those cases, the devices that are used are Treos, PocketPC devices, Mobile 5 devices, Symbian devices, and a mix of Blackberries - which are the devices and operating platforms that suffer from the most security vulnerabilities. It is these devices that are the focus of the entire article, because they now carry the same sensitive data that laptops do but with almost none of the same security functionality. The feature phones you mention are of almost no concern whatsoever.
Slashdot Mirror
Well, you're right about one thing: the sorry state of wireless in the US. However, just because SyncML (though, out-of-date, bloated, inefficient, and not used by many sync vendors anymore) can sync PIM data to your device over-the air doesn't make it useful in the enterprise. Does your closed operating system phone have a keyboard? If not, there's just no way that enterprises are going to use them for their mobile workers. Have you tried responding to 200 e-mails a day without a keyboard? I have, and it 7777-88-222-55-7777. Enterprises have, and they think it sucks too. I've worked with hundreds of companies over the past two years on this issue and not *one* company chose the phones you mention as theit mobile PIM platforms. Please understand - I'm not arguing with you about how nice and fancy the closed OS "feature phones" are. There are some really nice phones out there. I'm simply saying that they are never used as enterprise mobile work platforms and therefore have little to do with the article. - N
...which is not only wrong, but concerning as well. The cell phones that they are talking about as "closed systems" are almost *never* used in enterprise deployments where over-the-air sync of email, calendar, and contacts are used for corporate purposes. In those cases, the devices that are used are Treos, PocketPC devices, Mobile 5 devices, Symbian devices, and a mix of Blackberries - which are the devices and operating platforms that suffer from the most security vulnerabilities. It is these devices that are the focus of the entire article, because they now carry the same sensitive data that laptops do but with almost none of the same security functionality. The feature phones that are the focus of so many of the postings here are of almost no concern whatsoever. If you're like me, you've been reading these responses and thinking to yourself, "Whoa, there's another guy that needs a security awareness lesson." -N
Ha haha, great point. You are not a stickler for semantics - you're right. I'll keep that in mind next time I write a title :)
Thanks for the input,
Norm
Please. The only important propagation step from an enterprise standpoint is Phone --> Enterprise. No one cares about, or will even spend 3 minutes coding for, a propagation method that spans cell phone operating platforms. Who cares how hard it is - it's not the point of the article. The next Code Red or Nimda style front page news article is going to be for the guy that figures out how to write a crossover virus that spreads from a PocketPC, Mobile 5, Symbian, or Palm OS to the juicy Win32 insides of the corporate world. OH WAIT, SILLY ME, THAT'S ALREADY HAPPENED. The point is that there are vulnerable mobile platforms running around these days that already have a direct, unsecured, unfirewalled, and unmonitored connection right to the enterprise Exchange server. Forget the fact that it also is CARRYING around sync'ed data with very little security functionality to protect it. That, is a serious problem.
You said: > The vast, vast majority of consumer phones are not the so- > called "smartphones" that run traditional operating systems like > Symbian or Windows, they run proprietary operating systems that have no > publically known names and do not export any APIs, except for J2ME or > possibly BREW. And, not surprisingly, you have missed the entire point of the article. The cell phones you mention are almost *never* used in enterprise deployments where over-the-air sync of email, calendar, and contacts are used for corporate purposes. In those cases, the devices chosen are Treos, PocketPCs, Mobile 5 devices, Symbian devices, and a mix of RIM devices. The very devices and operating platforms that suffer from the most security vulnerabilities - NOT the J2ME phones that you mention. You may love your phone and think it's the greatest thing on earth, but that doesn't change the fact that it's just not useful as a mobile work platform. It's the devices I mention above that are the focus of the article, because they carry the same sensitive data that laptops do but with almost none of the same security functionality. The feature phones you mention are of almost no concern whatsoever. The point is that we now have vulnerable devices walking around with sensitive data on them that ALSO have a direct, unfirewalled, completely unmonitored connection directly back to your enterprise Exchange server. These devices are vulnerable to all kinds of attacks, and it would be trivial for an attack to traverse back into the enterprise. Furthermore, these devices are 12 times more likely to be lost or stolen than a laptop and the data they hold is almost never properly protected. N
You completely miss the point. The cell phones you mention are almost *never* used in enterprise deployments where over-the-air sync of email, calendar, and contacts are used for corporate purposes. In those cases, the devices that are used are Treos, PocketPC devices, Mobile 5 devices, Symbian devices, and a mix of Blackberries - which are the devices and operating platforms that suffer from the most security vulnerabilities. It is these devices that are the focus of the entire article, because they now carry the same sensitive data that laptops do but with almost none of the same security functionality. The feature phones you mention are of almost no concern whatsoever.