Apple gets serious about iPad security, is it enough?

Soon, SAP hopes to sew up a gaping security hole for its 7,000 iPad-toting employees. The Germany-based tech giant is beta testing a product that will allow it to send PGP-encrypted confidential email to employees. In turn, employees will be able to decrypt them using a Symantec viewer iPad app.

Just one problem: Employees won't be able to send encrypted email from their iPads, at least not yet. Blame Apple for an iPad email encryption capability that literally goes only half way--that is, to iPads but not from them.

"Symantec told us the problem is with Apple; they can't get the right interfaces into iOS," explains Wolfgang Krips, senior vice president of global IT infrastructure services at SAP. "It's not a deal killer but very serious, very frustrating."

So goes the love-hate relationship CIOs have with Apple. Now the stakes are higher with iPads invading the enterprise at a meteoric rate. To be fair, Apple has responded recently to security concerns about its iOS. But does the company's newfound interest in enterprise security go far enough?

Not so long ago, Apple would take its sweet time addressing enterprise security concerns to the chagrin of CIOs. Apple's thinking: Malicious attackers target Microsoft Windows machines that contain valuable--and profitable--data, not so much Apple consumer devices. So let Microsoft put out Patch Tuesdays (the second Tuesday of the month when Microsoft releases security patches).

But the tables have turned with iPads pouring into the enterprise. After only 18 months on the market, iPads are now being deployed or tested at 86 percent of Fortune 500 companies, Apple said during its most recent quarterly earnings call. Industries that traffic in highly confidential information, such as hospitals and law firms, have emerged as early adopters.

(Buying iPads? Check out these five price negotiation tactics, reports CIO.com.)

Making matters worse, iPads are becoming a kind of proxy for laptops, sending and receiving some of the most sensitive data on the network. "The security problem for iPads becomes even more burning," Krips says. "You're coming to the same situation you have with Windows on the laptops or desktops. It's becoming increasingly attractive to hack those devices."

And malware attackers are plying their nefarious trade with more frequency. The rate of malware attacks more than doubled in the second quarter this year to 287,298 unique instances in June, according to Cisco's quarterly threat report released this week. A company faces an average 335 encounters every month.

So will Apple step up its security practices?

Recent signs show Apple is getting the enterprise security message. For instance, Apple quickly released iOS 4.3.4 in July that patched a PDF vulnerability. Just a week and a half later, Apple released iOS 4.3.5 that fixes a certificate validation vulnerability.

"I was also very pleased to see that Apple released a kind of virus scanner for the devices," says Ralph Salomon, vice president of IT security and risk office at SAP. "We will be evaluating it to make sure we can bring it to the devices as soon as possible. Apple is working really hard to identify issues and close them as soon as possible. They are on the right track."

Yet Apple still has a ways to go, as evident by the iPad's inability to send encrypted emails.

Vendors have been trying to solve the problem of iOS email encryption in various ways. Some developed entirely new email apps, foregoing Apple's native Mail app. Others chose an online-only Web portal approach. With Symantec's PGP Viewer for iOS, an iPad user receives an email with an attachment over the native Mail app.

By tapping on the attachment and selecting the Symantec viewer, the user can decrypt and view the message. The data is kept inside the viewer app, which acts as a kind of sandbox. The viewer doesn't allow the user to forward, reply or even copy and paste the content of the message.

On the reply side, employees will have to send completely separate emails that merely reference the encrypted email but don't contain its details. For instance, back and forth cryptic emails might read, "I agree with step one but not step three " or "please give me feedback on the third slide."

There are workarounds to the Symantec PGP Viewer for iOS that can cause CIOs to lose their hair. A user can choose third-party apps to view decrypted documents in the viewer, for example, GoodReader for PDFs and Quickoffice for Microsoft Office documents. "With a helper app, the data moves out of the container," says Tim Matthews, director of product marketing at Symantec.

Corporate security policies are the only line of defense against this practice. Then again, employees have been using workarounds for sensitive emails since the early days of the iPad. Many would simply decrypt documents on their laptops and email them, unencrypted, to themselves on their iPads.

"Several state laws also require email encryption, so they were putting their companies at risk" by breaking the law, adds Brian Tokuyoshi, senior product marketing manager at Symantec's encryption group.

A recent Sybase-SAP survey of 500 workers found that a third of employees have put company data at risk by sending work-related emails or documents to their personal accounts and accessing the company intranet from remote locations. One in four has conducted work-related email exchanges on a personal mobile device.

Whether or not the Symantec Viewer will discourage people from breaking corporate policy is anyone's guess. One thing, though, is for certain: The inability to send encrypted emails from the iPad won't help matters.

"In doing business, there's always a balance in the risk you're introducing and the advantage you're getting" from the Apple iPad, Krips says. "That's what makes this so difficult."

Quips Salomon, "especially from a security perspective."

Tom Kaneshige covers Apple and Networking for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Tom at tkanshige@cio.com

Join the PC World newsletter!

Error: Please check your email address.

Tags Applesecurityhardware systemstabletsiPad

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Kaneshige

CIO (US)
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?