“Thinner. Lighter. Faster. Facetime. ” That is the catchphrase from the Apple page dedicated to the iPad. While Apple is known for its pithy titles for their amazing products, there is one thing that is oft ignored, but always important, and that is security. More and more people are adopting the iPad and some are using it to access business data but how can they do that securely? This article outlines the risk of using the iPad in the enterprise and some dos and don’ts for iPad security.
Consider this office scenario surrounding the iPad. The iPad 2 is just released and an executive is interested in one. Soon, with the help of a few tech savvy people in the office, he is connecting to the corporate network and accessing company data and systems. The thought of security never entered his mind. What can be done to protect this company from data loss?
While an iPad may provide a bump in productivity it also provides another portal for hackers and thieves. The problems range from a lack of uniformity in software to protect from hacking (see our LulzSec series) to general nonchalant behavior among employees about the protection of their iPads.
One of the major pitfalls of the iPad is the relative dearth of protective apps in Apple’s otherwise immense app store. Also, those apps that are available for protecting an iPad are not uniform. Apple does scrutinize apps that appear in the app store, but their net is not without holes, and an app that has malicious intent may slip through the cracks. See our article on malicious apps titled “does one bad app spoil the bunch?”
Even if there was uniformity within applications concerning security, there is not uniformity between users. Much of this has to do with the perception of the device. If users were to treat their iPads less like a magazine or a newspaper and more like a company computer, the need for more than the out-of-the-box security would be clear. Here are some simple dos and don’ts that users and administrators should be aware of that can increase the security of the iPad.
- Locking the device. The iPad can be configured to lock the screen at a predefined interval similar to the screensaver setting on a computer. When the device is locked a password is needed to unlock the device. The iPad can also be configured to delete all data if an incorrect password is entered too many times.
- Encryption. iPad data can be encrypted however the encryption used on the iPad is currently vulnerable to some attacks. Still, an encrypted iPad is better than an unencrypted one and we await patches from Apple to resolve the vulnerabilities.
- Virtual Private Network. Use a VPN when connecting to a corporate network. The iPad ships with Cisco VPN software so that a secure tunnel can be created for connecting to another network. The VPN works with common IPSec, PPTP, and L2TP VPNs.
- Jailbreaking. Some users desire features that are not included in the official iPad operating system so they go through a process called “jailbreaking” where a new operating system is loaded onto the device or the operating system is modified so that these features become available. In the process of jailbreaking the device, however, many new security holes can be created and it is difficult to update the device when newer versions or patches are released. Newer versions and patches often correct recently discovered vulnerabilities so those that have been jailbroken will be susceptible to these vulnerabilities.
- Sharing. The iPad is a single user device. It does not have the capability of letting multiple users log onto it so if the device is shared with someone else all the data will be available to them. If possible, do not share an iPad that is used for work purposes with others.
As the popularity of the iPad continues to increase more and more companies will be faced with the struggle to secure the data users access via iPads. Executives and employees need to think outside of just the productivity and the coolness appeal of the iPad and look at the security concerns of the device. The tips here can help. Consider educating your employees on iPad security best practices.
For more information