• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Questions for Exchange admins with mobile clients

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Mobility >> Questions for Exchange admins with mobile clients Page: [1]
Login
Message << Older Topic   Newer Topic >>
Questions for Exchange admins with mobile clients - 28.Nov.2007 7:26:07 PM   
jassyca

 

Posts: 232
Joined: 20.Jul.2006
Status: offline
I've have a couple of users who would like to read their email using their phone. To be honest, I don't want any of them to be able to do that. I mean, yes, I totally understand how convenient it would be. But we're in the "health" business so we have to make sure that we don't violate any stupid HIPAA security requirements. (Which is a bloody joke and a half since 'HIPAA' doesn't set any worthwhile specifics about their silly "security requirements". You can interpret the same "requirement" 8 million different ways but I'll bet if there's ever a lawsuit, the lawyers suing your company would happily "prove" that the method your company picked was "wrong".)

Anyway, I figure some day, I will be reluctantly forced enable mobile access. So I've got questions.

First, the data connection to the phone. I remember the old "Bearcat scanner" days where you could listen in to one side of the conversation to a mobile phone. (It was amazing yet disturbing how often you'd hear people setting up illicit liasons while their spouse was away too.) Does anyone know if the communication that takes place between the phone and the cell tower is encrypted in anyway?

Second, email messages on the phone. Is there a way to force the user to enter a password before he/she is allowed to view their messages? If so, how often do they have to enter their password? For each message or just once per "session", something like that? If they lose their phone, can just anyone pick it up and start reading previously read messages or is there a way to force the person to enter a password? Also, supposeI have a user who is pretty "cell phone" saavy but security stupid, is there a way they can save their password so they don't have to re-enter it? Is there a way I can prevent that? How are the messages stored on the phone? If someone had physical access to the phone and a USB data cable that would fit the phone, could that someone download the messages from the phone to their computer?

I'm not worried about the Exchange server configuration or certificates or what not. It's all the stuff that's beyond the control of the Exchange server that has me worried. Doctor Joe Dumbo who uses his phone exclusively to read his email in which, of course, he has discussions that include the patient's name, their birth date, their medications, their social security number (or, for our UK friends, their HMRC info), God-only-knows-what-else info, blah blah blah..
and, oopsie, Dr. Joe left his phone at a restaurant (he thinks.. maybe..) Or, um, oh, maybe it fell off at the golf course? Or, umm, hmm, maybe it rolled under the seat of his H3? Or (insert a hundred other scenarios here) whatever..
leaving us wide open for a nice fat lawsuit.

That type of thing.
Post #: 1
RE: Questions for Exchange admins with mobile clients - 29.Nov.2007 12:27:18 AM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
If you force your users to get a WM6 device (i personally like the HTC S710 or S730) than you can control the encryption from your server to the phone (over the GPRS/3G connection). Look at my tips and tricks to change from simple HTTPS to more powerfull TLS encryption over the air.

Also you can enforce password policies and you can do remote wipes if the phone is lost and you can also force after how many incorrect authentications does the phone wipe, ect.

Your best bet is to go down the route of WM6 devices.

You can also switch on the IIS logging which you can than use to find out exactly what users did through that connection.

< Message edited by rishishah -- 29.Nov.2007 1:21:22 AM >


_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to jassyca)
Post #: 2
RE: Questions for Exchange admins with mobile clients - 29.Nov.2007 12:26:00 PM   
jassyca

 

Posts: 232
Joined: 20.Jul.2006
Status: offline
You are absolutely wonderful! Thank you for all the advice. 

(in reply to rishishah)
Post #: 3
RE: Questions for Exchange admins with mobile clients - 29.Nov.2007 2:37:28 PM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
No worries...happy to help

_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to jassyca)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Mobility >> Questions for Exchange admins with mobile clients Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter