Should Apple secure its iPods?

Does the popular MP3 player have inherent security risks?

Few corporations are likely to ban iPods in the workplace, but whether Apple and other manufacturers of MP3 players shoulder some responsibility to add security to their devices -- and how effective that security would be -- is a growing debate.

Apple didn't return multiple inquiries asking about its stance on iPod security, but plenty of others are talking about what the company should or should not do to prevent its widely popular music player from being used as a data-transfer device for stealing sensitive corporate information. While this unintended use of the iPod is not exclusive to Apple's device -- employees with malicious intent could steal data using any MP3 player, or any removable media for that matter -- Apple has sold more than 100 million iPods, making it the obvious choice.

"My initial reaction was that Apple should have as much responsibility as SanDisk has for securing its USB thumb drives," says Kurt Tappe, Apple certified engineer with JP Morgan Chase, in an e-mail. "But then I remembered that iPods do not come out of their shipping containers with the ability to be used as data drives. The user must explicitly turn that function on in iTunes. To that end, it seems to me that Apple has already gone one step beyond other drive manufacturers."

An extensive search of the iPod and iTunes sections of Apple's Web site turned up no information about setting the devices for data transfer, but also did not warn against the potential for misuse when iPods are set as such.

Others say Apple may not be responsible for securing its device beyond the basic lock function that it comes with, but offering such features couldn't hurt. This could become particularly important as corporate IT departments begin to consider purchasing other Apple products, such as Mac desktops and servers, in helping Apple build confidence among security-conscious enterprises.

"I wouldn't put this responsibility on [Apple] as mandatory; I would prefer to see Apple offer it as an add-on feature and let the market dictate its usefulness," wrote Louis Tinto, risk manager and director of technology risk assessment with a large financial-services company, in an e-mail. He stresses that educating employees about corporate policies regarding use of such devices and having workers regularly attest to their understanding of such policies is the best first step to take in protecting against data theft via iPods.

Another important consideration for Apple is that some enterprises are beginning to use iPods as corporate devices and will want to integrate them into their security plans, so offering such protection could become a make-or-break issue for selling into these accounts.

According to a press release issued by NextSentry, which makes desktop software that prevents unauthorized copying of data to removable media and which issued the warning of iPods in the workplace, these devices have been purchased by the thousands by manufacturing companies, financial-services firms and healthcare suppliers as a means to train, educate and inform their employees.

While he believes Apple shouldn't be held responsible for how an iPod is used, one analyst says security should be an element of these types of devices.

"Smart, portable devices need protection from malware and misuse just as much as workstations, particularly as they are trusted to perform critical work-related functions," says Trent Henry, a senior Burton Group analyst, in an e-mail exchange. "Even the iPod can hold contacts as part of the operating system features. That's sensitive data that needs protection."

Still others say it's not Apple's place to provide enterprise-level security with a consumer device. Given the product's popularity in its current unsecured state, the company may not need to.

"There's no way Apple can anticipate the specific security needs of every Fortune 1000 company out there," says Tom Bennett, vice president of marketing with Oakley Networks, makers of data-leak prevention technology.

"I don't believe it is Apple's responsibility to ensure iPods are used for good any more than I believe it is Honda's responsibility to ensure a Civic is never used as a getaway car," agrees Brent Smithurst, vice president of technical operations with Faronics, which makes endpoint-security software for Macs to prevent unauthorized data transfer to devices. Smithurst wrote about the issue in a blog posting Wednesday . "In both cases, the product is only a means of potentially enabling a type of behavior, but is not intended to encourage that behavior."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cara Garretson

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?