Apple’s Siri personal assistant in the iPhone and iPad remains a risk to businesses, despite the company’s disclosure that it anonymises voice clips and deletes the data within two years, experts say.
Without advocating a ban on the use of Siri for employees who bring their own mobile devices to work, experts say companies have to weigh the risks carefully.
“Organisations need to consider Siri within the broader context of their corporate security and compliance guidelines,” said Tyler Lessard, chief marketing officer for mobile security company Fixmo. “In short, there is no simple answer to suggest whether a company should, or should not, ban Siri.”
Apple did not respond to CSO’s request for comment.
Siri has always been a concern for organisations, because voice clips from employees using the service in business-related tasks would be stored on Apple’s servers. Organisations have no way on their own to track or archive the data or to ensure it remains private.
In 2012, IBM banned employees from using Siri as part of a new set of bring-your-own-device (BYOD) policies. The company feared that conversations with Siri could include confidential information that should not be forwarded to Apple.
While draconian, Dimitri Sirota, co-founder and chief strategy officer for Layer 7, said IBM’s approach was the right one, once the company decided that Siri was out. “In an age of BYOD, the only sure fire way companies will be able to prevent leakage of confidential information is through policy and some kind of liability in case of deliberate leakage,” Sirota said.
In some ways, Siri is similar to other cloud services that people use for work, often without the knowledge of their employers. Such services would include web mail, social networks, such as LinkedIn, and document-sharing services, including Box, Dropbox and SugarSync.
While mobile device management software can limit how corporate applications use cloud services, including Siri, a clever employee can always find ways to work around this.
“For integrated services like Siri, the best policy is to verify the security policies of the cloud provider, but there will be no way around some level of trust,” Sirota said.
The number of companies that allow employees to use their own devices has jumped from 10 percent in 2008 to 80 percent last year, according to a survey by Aberdeen. Companies like the productivity benefits of mobile technology and the reduced cost of not having to buy the hardware.
However, organisations today are increasingly placing limits on their use on corporate networks, and are deploying technology to separate business data from personal information.
by Antone Gonsalves, CSO (US)