IBM Bans Siri & Dropbox Over Security Concerns

| News

IBM CIO Jeanette HoranIBM CIO Jeanette Horan

Enterprise software and consulting firm IBM has banned the use of Apple’s Siri Personal Assistant feature on employees’ iPhones, IBM CIO Jeanette Horan revealed in an interview with MIT’s Technology Review. Siri, and other apps and services such as Dropbox, pose a security risk to IBM due to their requirement that user data be transmitted to and stored on third party servers. 

IBM’s restriction on services such as Siri follows the company’s 2010 adoption of a “bring your own device” policy, allowing employees to use personal devices to access IBM networks and data. The policy, which now sees 80,000 of the company’s 400,000 workers using their personal smartphones and tablets, has created security headaches for IBM’s IT and legal departments.

Apps and services such as Siri, Dropbox, and iCloud, as a necessary requirement of their functions, transmit and store user data on third party servers, where the use and security of that data is ambiguous and falls outside of a user’s control.

For example, according to Apple’s iPhone Software Licensing Agreement (PDF), “when you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” and “by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.” 

These terms, when applied to personally or professionally sensitive information, can be alarming to users and Ms. Horan found that many IBM employes were “blissfully unaware” of their implications.

“We found a tremendous lack of awareness as to what constitutes a risk,” Ms. Horan said. Through its new bans on certain applications and services, IBM is now “trying to make people aware.” 

Despite the security risks, apps like Dropbox and iCloud have extraordinarily useful applications, and denying access to them may limit employee productivity. Thankfully for IBM employees, the company is aware of this concern and has developed its own internally-hosted online backup and syncing solution called MyMobileHub.

“We’re just extraordinarily conservative,” Mrs. Horan said. “It’s the nature of our business.”

As more employees seek to use their increasingly capable mobile devices at work each year, and as services such as Siri and iCloud continue to offer greater functionality at the expense of data control, the challenges for companies such as IBM will only grow.

[Via Wired]

Popular TMO Stories



This is a pretty pointless article.  Tons of large companies do this because of the inability to protect intellectual property.  If an employee uses Dropbox to save files to, and somehow Dropbox is compromised, that company is pretty much screwed because of the lack of licensing and knowledge of security.

Texas Instruments, Microsoft, Raytheon, Lockheed Martin, and tons of other large companies block services like these (and many more) in an effort to contain intellectual property that might accidentally fall into the wrong hands.

You think blocking Dropbox is limiting employee productivity?  Try working there (I have…).  The sheer amount of meetings you are required to attend is absolutely ridiculous to the point where you have to make time in your calendar to actually get work done.  Not having Dropbox isn’t going to hurt anything.


Great article,

Its about time companies that aren’t meant for enterprise are identified. When DropBox’s director of Business Development comes forward to discuss how Dropbox isn’t intended for security sensitive industries:

“......says ChenLi Wang, the company’s head of business development. If you’re in a highly sensitive or regulated world like defense, banking, or healthcare, “our service as it stands today isn’t a good fit,” Wang acknowledges. “

So yes, this is a outstanding article and I would hope more companies would pay more attention to what they get with their cloud provider.


Protecting the data is definitely the biggest challenge most of the organizations are facing these days. It is perfectly fine to ban these services but at the same time find similar solutions that will offer them complete ownership to manage and monitor the entire service.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account