Modernizing Authentication — What It Takes to Transform Secure Access
Editor's Note: Don't miss our new Guide to iPad Security in the Enterprise, What Star Wars Teaches Us About BYOD and IT Security, and 4 Steps to Securing Mobile Devices and Apps in the Workplace.
Search the Apple Apps Store for broad gauge iPad antivirus software, or malware killers, and you won’t find much. What you willl find are a few apps, two of which (freebies from McAfee) are created to serve as news alerts about virus threats. A third, Anti-Virus Detective from radius180, is a $.99 purported “malware decision tree” for helping identify malware.
Does this paucity of security apps mean the iPad is at terrible risk?
Take a deep breath, and read on for the top 10 facts about iPad security:
No. 1 - The most shocking fact (as you just read): There are few third-party security apps for the iPad. The Apps Store shelves are barren.
No. 2 - There’s a reason for that lack of security. Apple’s iPad memory design is cleverly crafted to dramatically minimize the damage that could be done by viruses or malware, said Brian Reed, CMO at security company BoxTone. The Apple structure effectively contains any app in its own sandbox.
“It is not possible for one app to speak to another," said Reed. "There is inherent app isolation.”
The exception is Apple’s own apps can talk to other Apple apps and that raises the possibility that a malware author will concoct a scheme to fool Apple apps into misidentifying a threat. (See No. 10 below.)
No. 3 - Apple also sifts apps before serving them up to the public. Apple genuinely has done a very good, meticulous job of inspecting apps for toxic payloads before allowing them into the Apps Store, said Reed. (Android, by contrast, has had well-publicized problems with bad apps in its Marketplace.)
No. 4 - Apple keeps upping the security ante. In contrast to historic Cupertino indifference to security, Apple signaled it was serious about security when it updated the iPad OS many months ago with a range of built-in enterprise-level security tools such as remote management and remote data wipes.
iPad also allows for device-level encryption and password protection. Out of the box, the iPad offers robust security that is dramatically higher than anything presently offered by Android tablets, say the experts.
No. 5 - Apple even has tackled the location info scandal. Yes, the iPad notes a user’s location data (a story that created headlines the world over), but the latest OS update (iOS 4.3.3) addresses these issues. It stores less user info to begin with, and it lets the user turn off tracking (go into Location Services ). The bad news: as with other major iOS upgrades, over the air device updating is not offered. The device has to be connected to iTunes on a computer, and the process takes upwards of an hour.
No. 6 - Cherry pick among the (very few) security related apps available for iPad and there are good choices. Proofpoint, for instance, offers a mobile archive app that lets a mobile user search through all the email he has back on the Proofpoint enterprise server, said Rami Habal, director of product marketing at Proofpoint. That’s important because this safely brings all the info available in that archive to the mobile user. Proofpoint is not alone; other developers have similar tool kits. The takeaway is that data that is deemed safe on the enterprise server can be safely accessed by the iPad.
No. 7 - Another plus, say the experts, is that virtualization apps that let an iPad access industrial-grade enterprise servers do not leave trace data on the iPad. When a session ends, poof, the data vanishes.
No. 8 - Beware the Unique Device Identifier (UDID), which is stored on every iPad. The danger, as documented by security researcher Aldo Cortesi is that, in some cases, some apps can link the owner’s identity to his or her Facebook profile. Cortesi has published detailed instructions on the how-to of disconnecting the UDID from personally identifying details. Every security pro has to make his own call on the value of pursuing those sanitizing steps.
No. 9 - Also beware of jailbreak codes. Of course, you know to avoid this but do your users? The appeal of an iPad jailbreak is the promise of running unapproved apps (possibly even Flash) but know that jailbreaks, aside from invalidating warranties, often do not work as promised and they may also deliver a malware payload.
No. 10 - Safety is an illusion. Whatever you do, don’t lull yourself with the notion that somehow an iPad is "safe." It is not. Case in point: posts on hacker sites are talking about Weyland-Yutani Bot, a Zeus-like malware injection kit, with an iPad-specific version supposedly about to go on sale to cyber creeps (for amounts in the vicinity of $1,000 U.S.). With so many tens of millions of iPads out there, the plain fact is that the target it tempting -- and it will only get more tempting.
Robert McGarvey - As a busy freelance writer for more than 30 years, Rob McGarvey has written over 1500 articles for many of the nation's leading publications -- from Reader's Digest to Playboy and from the NY Times to Harvard Business Review. McGarvey covers CEOs, business, high tech, human resources, real estate, and the energy sector. A particular specialty is advertorial sections for many top outlets including the New York Times, Crain's New York, and Fortune Magazine.