3466 Views 7 Replies Latest reply: Aug 13, 2008 12:16 PM by Frankns
Are you accessing an Exchange Account as an Exchange Account via ActiveSync with your iPhone?
If so, the Exchange Admin has the ability to remote wipe your iPhone from the Exchange Server if lost or stolen.
The iPhone also includes a PassCode lock feature along with an Auto-Lock setting.
The Auto-Lock option includes after
1,2,3,4, or 5 minutes along with Never.
I have mine set for after 2 minutes.
The require passcode options are as follows:
Immediately - if you put your iPhone to sleep, or after it auto-locks based on the chosen selection, the passcode is required to access anything on the iPhone.
After 1 minute
After 5 minutes
After 15 minutes
After 1 hour
After 4 hours
Shorter times are obviously more secure.
With the passcode lock enabled, it is also required when powering the iPhone on.
If you set your iPhone for require passcode immediately after it is asleep, and you have auto-lock after 1 minute when not being used, or you select the sleep button when you have stopped using it, the passcode will be required in order to access anything on the iPhone along when the iPhone is powered on.
Sounds like you need to get more specific information regarding the new Device Encryption policy. If your connecting via 802.11 to your corporate network your covered: WPA2 Enterprise with 802.1x AES and IPSEC VPN client for hotspots/edge/3G. My OWA uses SSL, yours probably does too. What resources will you be accessing once on the network; GUI, terminal client/SSH ? The third party developers will need to support the new policy, just like fips, hippa and the other acronyms I don't know how to spell. I think Apple has done a great job, I'm stoked and can't wait to show it off to those lame crackberry's with their proxy email and bad web-browsing!
I got on the phone to Apple last night and spoke to them about the problem. the following is what my IT dept is claiming.
"While the new Apple iPhone does support Exchange ActiveSync, it does not support all of the security requirements that will be enforced in the coming months. The Mobile Device policy requires that devices are encrypted, and the Apple iPhone does not support device encryption. Once this policy is enforced the Apple iPhone will no longer work with our Enterprise email systems."
The Help line was not able to answer the problem. I am hoping that the problem will be resolved at some point soon as I know there are lots of us in the company that want to buy the IPhone.
I would settle for straight answers on:
1 WHAT if ANY pieces are actually encrypted?
2 What algorythems are used for encryption? ( I can find out if they are FIPS compliant without their help)
3 Are the devicesw capable of remote wiping of missing devices?
Macs lack of candor and twisted answers are hurting them in getting into the federal market.
I am in a similar state of investigation, and it would be great to hear from apple about the ability of the devices to meet "Device Encryption" policies when set on the exchange server. I would expect that the code to support this is available within either the SQLite (for container encryption) or with porting the FileVault codebase from the Mac version of OS X to the iPhone version. If they can do this in an upcoming update, I could see the phone being embraced within Health, Gov, and large corporate areas where it now has no chance.
I'm guessing that your IT people want a handset that is fully encrypted, i.e. it is password protected and the contents are encrypted as well.
If you lose a handset that has password protection, but it contains unencrypted business data including "personally identifying information" (SSN, for example) or "personal healthcare information," you have what by law is a "notification event."
The organization must attempt to contact everyone whose personal information may have been compromised, issue a press release etc. etc. The typical cost of this kind of event starts around $20K and goes up from there.
IF the handset is password protected AND encrypted, by law, the organization is not required to do anything. It has "safe harbor."
We've experienced the pains of a "notification event" involving an unencrypted Treo containing PHI. It is very time consuming ... expensive ... and embarrassing.