IBM: Sorry, Siri. You're Not Welcome Here

New iPad Teardown: Inside Apple's New Tabletr

IBM takes security seriously enough to kick Apple's Siri software to the curb. The voice-controlled iPhone assistant poses too great a risk, claims IBM, and it has been banned from use across IBM's network.

IBM CIO Jeanette Horan, speaking to the MIT Technology Review, said the action came after the company conducted an internal survey regarding smartphones and IBM's "bring your own device" policies. The results weren't all that pleasing to IBM's tech overlords, who discovered that employees were "blissfully unaware" about the security risks posed by certain applications.

"We found a tremendous lack of awareness as to what constitutes a risk," said Horan. "We're trying to make people aware."

IBM started allowing employees to bring their own devices in 2010. Though it still distributes some 40,000 corporate-owned BlackBerries to its employees, more than twice that number--80,000--access IBM's network through employee-owned devices. This number includes smartphones and tablets that employees paid for themselves.

[ Read Why Apple's Siri Will Change Everything. ]

Why target Siri? IBM worries about where the spoken queries are stored.

Siri listens to spoken requests, sends the queries to Apple's servers in Maiden, N.C., where they are deciphered into text. The text and the request contained therein is then acted upon by Siri on the handset. Further, Siri can be used to dictate text messages and emails. Some of those messages could contain sensitive, proprietary information.

What IBM is concerned with is what happens to the original queries. Are they stored on Apple's servers? If so, are they protected? Can anyone access them? And what about the messages? Does Apple's servers hold onto those, as well?

Without answers to those concerns, IBM has turned off the Siri application on its employees' iPhones. "We're just extraordinarily conservative. It's the nature of our business," said Horan.

Google offers a voice-action tool in Android 4.0 Ice Cream Sandwich. It is available on the Samsung Galaxy Nexus, which is surely being used by a few of those 80,000 BYOD employees within IBM. However, to date IBM has not banned Google's apps or services from its employee devices.

One of the developers of the Siri app, Edward Wrenbeck, said in an interview with CNN, "Just having it known that you're at a certain customer's location might be in violation of a non-disclosure agreement." But it's possible IBM is overreacting. "I really don't think it's something to worry about. People are already doing things on these mobile devices. Maybe Siri makes their life a little bit easier, but it's not exactly opening up a new avenue that wasn't there before."

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity Dark Reading supplement shows how to strengthen them. (Free registration required.)