2

Some of our more technical users are arguing to use Activesync for their phones, while the corporate standard is limited to Blackberry and any device that supports Goodlink.

One argument is the theoretical exploit where someone extracts the Goodlink blob via JuiceJacking and decrypt the data from there. Is this possibility?

  1. How difficult would this be considering a user's PIN code is usually short and subject to brute force?

  2. How does Goodlink security compare to Activesync?

  3. Would APNS or 3LM help in this case?

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536

2 Answers2

1

I do not have answers to your specific questions but I can lend a hand in defending the use of Good.

  1. Activesync requires an exposed server, Good does not.

  2. Activesync depends on a username/password for authentication and the username/password is stored on the device. In the case of android phones there is potential for malware to access this information.

  3. Wiping company data is much cleaner with Good as I can wipe just the good app and leave your personal data. With Activesync I have to wipe your entire device using the Exchange tools.

That being said, I also use the Good app on my iPhone and I have to say it could be improved. I do not think Good offers a good user experience when compared to the default iPhone capabilities for email/calendar/contacts.

securityishard
  • 731
  • 5
  • 3
  • I spoke to the Good iPhone PM last year and he said they they were making strides in performance. Have you noticed this? What kind of phone do you have? Mind if I ask what industry? My Goodlink client is in finance – makerofthings7 Oct 05 '11 at 00:53
0

The best security approach is not to let the data leave the organization if not needed. I have not tried to decrypte the Goodlink blob, but in general data stored on the device is always subjected to hacking and decrypting- specifically if the device can read the data - it means that the private key is some where there.

You can consider another approach of securing ActiveSync using a product like ActiveSync Protector.

The Protector can add content rulles controlling data leaving the network to the device (by Exchange types, AD membership and more) + offers access control options to verify that user and phone match.

This solution is server side so it supports all devices and not only corporate standard .

Bernard
  • 1