There s great enthusiasm for using iPhones and iPads in theworkplace, but experts say Apple s limited transparency aboutsecurity issues can make enterprise adoption problematic. IBM s Chief Information Officer Jeanette Horan recently struck anerve when she said Big Blue regards Siri on employee iPhones a sensitive securityissue and disables it because the voice interactions are uploadedto Apple computers in the cloud. Already, there had been suspicion as well as curiosity about whatApple might be doing in the background with Siri. Apple doesbriefly note in its legal licensing terms it will do this Siriuploading. But despite calls for more information about how Applestores and analyzes the voice data it may be collecting this way,Apple hasn t offered any explanation, which only heightens the illease for some. It s not surprising that Apple needs to process human speech andcomplex speech responses in the cloud, says Chris Eng, vicepresident of research at Veracode. It takes computationalpower, he says. The phone may not have the power to do that. But what he finds troubling is that so little is known about whatApple might be doing with the Siri-based voice data it collects. Are they warehousing it? If I m making an effort to purgeinformation, I m probably going to come out and say that thisisn t being stored. They should come out and say it isn t beingstored. But since Apple hasn t shown an inclination to discuss this indepth, despite repeated inquiries from Network World and others,there s no way to understand what s going on in that Apple cloud. You can see why IBM is concerned, Eng says. Siri is more of a novelty now, an infant technology, saysDaniel Ford, chief security officer at Sterling, Va.-based mobilerisk management vendor Fixmo. It s gathering data about you,digitizing it, and sending it to Apple s cloud. He said hethinks Apple doesn t share the information with anyone else, buthe acknowledges, We don t know how Apple is parsing it. Hesays it s not surprising enterprises would want to turn it off. Siri scares the hell out of me, to be honest, says Paul Henry,security and forensic analyst at Lumension, adding that Apple hasprovided no explanation about what it s mining the Siri data for,if anything. He points out Apple has incited privacy and securityconcerns before, when it was recognized that Apple was sendinglocation data back to Apple, purportedly to use for targeted ads. Apple is going to find it hard to win the confidence of theenterprise security manager without addressing Siri, Henry says.Google and Microsoft, as well as VMware, have all been better thanApple in disclosures related to security in their products. ButApple, which is consumer-focused, hasn t yet reached the level ofresponse that IT security managers traditionally expect, he notes. But Henry also notes that Apple shows definite signs of change inwanting to be more responsive about security in order to have itsApple iOS smartphones and tablets adopted in the enterprise andgovernment sectors where strict security and detailed technicalunderstanding may be demanded. For one thing, Apple quietly in the last week or so released iOS Security, May 2012 that for the first time puts into a simple document anexplanation about security in iOS devices, says Henry. He notesit s not as though no one knew anything about them at all before,with the research community probing Apple mobile devices for years,but the new document represents Apple s attempt to finallyformally explain to the enterprise what s going on under thecovers. The Apple iOS Security, May 2012 document is a simple technicalexplanation of how file-data protection, encryption, passcodesystem, certificate-signing process, secure boot chain, VPN use,network security, Wi-Fi and device access are all intended tofunction securely. Many are certain to want to hear more. In addition, Apple in the past few months worked with theAustralian government s Department of Defence to issue a guide for hardening iOS devices, Henry points out. This all clearlyshows that Apple is trying to embrace the enterprise system, heconcludes, though many will still question if the iPhone and iPadare enterprise-ready at this point. He adds he does like Apple sbasic security model, though, which works to prevent unauthorizedapps from devices, much like a whitelisting function. [ Ellen Messmer is senior editor at Network World, an IDG publicationand website, where she covers news and technology trends related toinformation security. ]. I am an expert from ppbattery.com, while we provides the quality product, such as China Button Cell Batteries , High Power Led Flashlights Manufacturer, Rechargeable Nimh Batteries,and more.
Related Articles -
China Button Cell Batteries, High Power Led Flashlights Manufacturer,
|