iPad security for the enterprise still subject to debate
Wednesday, April 7, 2010 8:18Whether the iPad is secure enough for enterprise uses is debatable, based on a survey of several analysts and experts.
Some analysts say that with tougher data protection laws, such as one that recently took effect in Massachusetts, the iPad deserves an “F” for security readiness for financial services companies and other federally regulated industries.
[ Check out InfoWorld's review: "Apple iPad surprises, disappoints." | InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]
But that view contrasts with the opinion of other security professionals who give the iPad a “B” grade for overall enterprise readiness. One of them, Wolfgang Kandek, CTO for security firm Qualys, predicted today that “the iPad will make its inroad into the enterprise just by force of users, and it’s going to be a really interesting conundrum for IT managers. I don’t think the iPad is ready today, but it will make it’s way into the enterprise even as it clashes with the typical enterprise IT mentality.”
The iPad will come crashing into the enterprise on the hands of average workers , the same way the iPhone did, Forrester Research analyst Ted Schadler said in a earlier blog.
Some information about iPad’s security features is apparently not well-known, leading to more suspicions than the device deserves. Some industry analysts interviewed today were unaware that the iPad ships with a native IPSec VPN from Cisco Systems. One analyst said there is wide speculation on the Web that a third-party VPN would not be supported, calling into question whether data transmissions would be secure.
However, the Cisco IPSec VPN can be found in the iPad, along with a section to make settings for other L2TP and PPTP VPNs. All three are located under the setting icon and then under “networks” and likely require information from system administrators to be fully configured.
Even with the VPN for creating a tunnel to send data securely from place to place, analyst Jack Gold of J. Gold Associates questioned whether encryption of data stored on the iPad would be protected from from hackers.
Gold said some experts have demonstrated the ability to hack certain versions of the iPhone, which contains earlier versions of the OS used in the iPad, and also provides data encryption.
“Some of that encryption can be worked around, which means the iPad gets an ‘F’ from any regulated corporation that must protect data,” Gold said.
Gold said IT managers may be unaware of the stiff new Massachusetts data protection law that affects businesses working in the state and requires encryption of data on all kinds of devices.
Perhaps the iPad’s encryption would be sufficient to meet the conditions of the new law, but Gold said the iPad’s vulnerability to the same kind of hacks used to penetrate the iPhone suggests otherwise.
