The iPad in the workplace: is it secure?

The Wall Street Journal  reported that 65 percent of the Fortune 100 have either deployed or have pilots running with the iPad. Meanwhile, Network World puts the number in the Fortune 100 as 80 percent.

The iPad has great strengths in the areas of electronic media consumption and sharing of content. It makes rich content and consumer applications usable both at home and away.

Originally targeted towards the consumer market and not the enterprise, the question arises, is the iPad safe to use in a security-sensitive corporate environment?

In the workplace we observe the iPad being used to access complex applications that host customer, patient, sales, product, logistics, and order information. Good Technology, which provides tools for IT to manage mobile environments, published this chart of industry deployments of the iPad in Q4 2010.

iPad in industry resized 600

 The good

Many IT managers like the increased security that comes with the iPad’s operating system, iOS4, especially the application level encryption. This capability encrypts the content of each application’s data with a unique key, separating out each application’s data on the device. So when you need to access your CRM application while sipping on a latte at Starbucks, the iPad’s built-in encryption makes these communications as secure as those from laptops or desktops. In addition encryption is built into the hardware, making it easy to erase all data if your iPad is lost or stolen.  

The iPad OS, iOS 4 also allows enterprises to impose security policies on their mobile devices. These include setting a password lock, requiring a device to automatically erase company data after a certain number of failed logins, blocking camera access, or locking down the device to prevent users from installing unauthorized applications.

In addition to enabling secure access to existing VPN environments, iPad offers proven methods for user authentication. Authentication via standard x.509 digital certificates provides users with streamlined access to company resources and a viable alternative to using hardware-based tokens. Additionally, certificate authentication enables iPad to take advantage of VPN On Demand, making the VPN authentication process transparent while still providing strong, credentialed access to network services.

The ugly

If you have NSA-level, top secret applications that require separate levels of biometric authentication, the iPad isn’t the tablet of choice. Also while iPad e-mail can be funneled through a company network – with all the monitoring, archiving and auditing already built into the enterprise gateways – text messages go out over less secure telephone networks.

“To keep customer data safe, experts say, enterprises should encrypt all sensitive communications in and out of the device, encrypt customer data and important documents that are stored on the device itself, use the strongest practical authentication mechanisms, and opt for cloud delivery of content rather than local storage, when available.”

The iPad is here to stay, so it means security professionals will have to figure out how to make it and other “consumer” devices work in the enterprise. Especially when the CEO shows up at work toting one under his arm.