Don’t say you haven’t been warned. Whether or not you recognize or sanction the Apple iPad tablet device as a legitimate business tool, your employees will soon have them in hand and invade your business. Now is the time to begin considering how you plan to address assimilating the primarily consumer-oriented tablet into your business environment.
When the iPhone initially launched in 2007, it was understandable that businesses and IT administrators were caught off guard by the user demand to connect the smartphone with work. Businesses relied on professional smartphones built on the BlackBerry or Windows Mobile operating systems, not consumer gadgets from Apple–so it only made sense to simply ban the iPhone. Just curious–how did that plan work out for you?
The reality is that the iPhone upset the natural order and shifted the corporate culture. It didn’t hurt that the “users” demanding iPhone integration often had the word “chief” at the beginning of their title. The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased in many cases.
While the corporate technical environment has reluctantly accepted the iPhone, the relationship is not without its issues, and those issues foreshadow the issues you can expect with the iPad. iPhones present the greatest smartphone security risk to the enterprise, according to a recent survey from nCircle, a network security and compliance auditing firm.
The online survey of 257 security professionals, conducted between February 4 and March 12, 2010, found that 57 percent believe that the iPhone is the smartphone representing the greatest security risk. The survey also found that 42 percent have no corporate smartphone security policy, and that 35 percent of those that do have one don’t enforce it.
Apparently, the perception is valid. Just this week two security researchers succeeded in hacking and compromising a fully-updated iPhone 3GS in under two minutes to win the 2010 Pwn2Own contest and capture the $15,000 prize.
“The general consensus is that Apple continues to do only the absolute minimum to address enterprise security and supportability requirements,” noted Andrew Storms, Director of Security Operations for nCircle in an emailed statement. “We haven’t seen any new enterprise iPhone security features from Apple since the summer of 2009 when they introduced their new hardware level encryption, which was almost immediately subverted. This is not the kind of behavior security professionals want to see in vendors.”
That doesn’t bode well for the coming iPad invasion. While Apple has targeted the iPad primarily as a media consumption gadget, a recent survey shows that users have a different purpose in mind. A Zogby International poll commissioned by Sybase “uncovered that the number one reason U.S. consumers would use a device such as the Apple iPad is for working on the go.”
Another key finding of the survey is that “three-quarters of smartphone users surveyed believe that smartphones and forthcoming devices like the iPad make people more productive at work, with one-third of those feeling that the productivity impact is significant.”
Don’t make the mistake of thinking that you can simply ban the iPad from your business environment. Instead, develop policies and procedures that address the rules of engagement for integrating the iPad with your network resources.
As you develop the policies, keep in mind that the iPad is unique in that it delivers notebook-like functionality on a smartphone OS platform. That may confuse things as you determine whether it falls under the computer usage and security policies, or the smartphone usage and security policies.
Of course, if you don’t actually have any such established policies, now is your opportunity to create a policy that simply addresses mobile devices as a whole–regardless of whether it’s a notebook, netbook, smartbook, tablet, or smartphone.
Make sure that the policy accounts for allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.
And remember, the iPhone OS platform that the iPad runs on was just hacked in under two minutes.