Caution: iOS 5, iCloud and the iPhone 4S in the enterprise

Beware these security pitfalls

Apple's iOS 5 and the new iPhone 4S, which went on sale Friday, are packed with new features, many of which should boost the productivity and on-the-road capabilities of professional users. But, as with many consumer-oriented mobile platforms making their way into the workplace, iOS 5 and Apple's new iCloud service present some serious challenges in business environments.

Security issues involving iCloud and several other features will likely be the first things IT professionals weigh when it comes to iOS 5, which Apple rolled out last week. That's good, because even though Apple quietly provided some new enterprise features in iOS 5 that should make iPhones and iPads better corporate citizens, new concerns have emerged.

What to worry about

Out of the 200-plus new features in iOS 5, there are really just three that pose new security challenges: iCloud syncing and backup, location-based services like the new Find My Friends app, and the Siri virtual assistant in the iPhone 4S.

iCloud -- too much sharing?

Apple's iCloud is a unique brand of cloud services that's geared more toward personal use than professional. It allows users to sync all their personal data -- contacts, calendars, emails, notes, iTunes media, photos, documents and so on -- across all their iOS devices and Macs (and to some extent Windows PCs). Users can also back up their iOS device data wirelessly to Apple's iCloud storage or to their Mac or Windows computer using iTunes.

This is a rich set of features for consumers, as it ensures easy access to virtually all data that's supported by Apple's iOS 5 as well as the security of having a backup of core iOS information that can be restored anytime, anywhere.

While that ease of access is great for end users, it raises serious questions for iOS devices used for work, be those devices company-owned or, as is increasingly the case, employee-owned. Given that the service debuted only last week -- and had a problematic rollout at that -- there are now more questions than answers. If iPhone users in the workplace start asking about using iCloud, ask yourself these questions:

Will confidential corporate data such as documents, global contacts and emails be synced to a user's home computer? Might they reside on Apple's iCloud servers after a user has left a company? What if someone gains access to a user's iCloud account by stealing a device or through a phishing or social engineering attack? Could photos taken with an iOS device in the office be pushed across a range on devices and computers by iCloud's Photo Stream feature?

Even more concerning is the uncertainty about whether users are putting business information onto their device(s) and into iCloud. At this point, how would an IT shop know?

What appears to be a great consumer feature could turn out to be a professional minefield. Caution is warranted.

Find My Friends -- or my unsecured iOS device

One extension of iCloud is the new Find My Friends app, which functions very much like Google's Latitude. If your friends or other contacts give the OK, you can see their current whereabouts on a map -- and vice versa.

Find My Friends offers a lot of useful potential in a business context. It can ensure colleagues can easily locate each other at a conference or some other event. It can help managers monitor employees assigned to mobile tasks like deliveries.

Unfortunately, it also allows anyone who is designated as a "friend" to locate a user or his/her iPhone or iPad. That could be a prelude to theft. Find My Friends could also be used to covertly monitor a user during off hours, which -- beyond being an invasion of privacy -- could open someone up to blackmail or other forms of coercion.

On a personal level, if you download and set up Find My Friends on an iDevice, I suggest you be extremely cautious about who is allowed to follow you. More on what to do about Find My Friends in an enterprise environment in a moment.

Siri -- say what?

The iPhone 4S's virtual assistant feature poses it own set of concerns. Since Siri is integrated into iOS 5, it has at least some level of access to all of Apple's built-in iOS apps, including Mail, Messages, Calendar, Notes and so on.

Thus, it's conceivable that when a user asks Siri to read business content such as an email, others nearby might be able to overhear confidential information. Similarly, and perhaps more concerning, a user sending a text message, making an appointment or dictating into any app on the iPhone 4S could be overheard.

1 2 3 Page
FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies