IBM Bans Siri & Dropbox Over Security Concerns

IBM CIO Jeanette HoranIBM CIO Jeanette Horan

Enterprise software and consulting firm IBM has banned the use of Apple’s Siri Personal Assistant feature on employees’ iPhones, IBM CIO Jeanette Horan revealed in an interview with MIT’s Technology Review. Siri, and other apps and services such as Dropbox, pose a security risk to IBM due to their requirement that user data be transmitted to and stored on third party servers. 

IBM’s restriction on services such as Siri follows the company’s 2010 adoption of a “bring your own device” policy, allowing employees to use personal devices to access IBM networks and data. The policy, which now sees 80,000 of the company’s 400,000 workers using their personal smartphones and tablets, has created security headaches for IBM’s IT and legal departments.

Apps and services such as Siri, Dropbox, and iCloud, as a necessary requirement of their functions, transmit and store user data on third party servers, where the use and security of that data is ambiguous and falls outside of a user’s control.

For example, according to Apple’s iPhone Software Licensing Agreement (PDF), “when you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” and “by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.” 

These terms, when applied to personally or professionally sensitive information, can be alarming to users and Ms. Horan found that many IBM employes were “blissfully unaware” of their implications.

“We found a tremendous lack of awareness as to what constitutes a risk,” Ms. Horan said. Through its new bans on certain applications and services, IBM is now “trying to make people aware.” 

Despite the security risks, apps like Dropbox and iCloud have extraordinarily useful applications, and denying access to them may limit employee productivity. Thankfully for IBM employees, the company is aware of this concern and has developed its own internally-hosted online backup and syncing solution called MyMobileHub.

“We’re just extraordinarily conservative,” Mrs. Horan said. “It’s the nature of our business.”

As more employees seek to use their increasingly capable mobile devices at work each year, and as services such as Siri and iCloud continue to offer greater functionality at the expense of data control, the challenges for companies such as IBM will only grow.

[Via Wired]