Caution: iOS 5, iCloud and the iPhone 4S in the enterprise
Beware these security pitfalls
Computerworld - Apple's iOS 5 and the new iPhone 4S, which went on sale Friday, are packed with new features, many of which should boost the productivity and on-the-road capabilities of professional users. But, as with many consumer-oriented mobile platforms making their way into the workplace, iOS 5 and Apple's new iCloud service present some serious challenges in business environments.
Security issues involving iCloud and several other features will likely be the first things IT professionals weigh when it comes to iOS 5, which Apple rolled out last week. That's good, because even though Apple quietly provided some new enterprise features in iOS 5 that should make iPhones and iPads better corporate citizens, new concerns have emerged.
What to worry about
Out of the 200-plus new features in iOS 5, there are really just three that pose new security challenges: iCloud syncing and backup, location-based services like the new Find My Friends app, and the Siri virtual assistant in the iPhone 4S.
iCloud -- too much sharing?
Apple's iCloud is a unique brand of cloud services that's geared more toward personal use than professional. It allows users to sync all their personal data -- contacts, calendars, emails, notes, iTunes media, photos, documents and so on -- across all their iOS devices and Macs (and to some extent Windows PCs). Users can also back up their iOS device data wirelessly to Apple's iCloud storage or to their Mac or Windows computer using iTunes.
This is a rich set of features for consumers, as it ensures easy access to virtually all data that's supported by Apple's iOS 5 as well as the security of having a backup of core iOS information that can be restored anytime, anywhere.
While that ease of access is great for end users, it raises serious questions for iOS devices used for work, be those devices company-owned or, as is increasingly the case, employee-owned. Given that the service debuted only last week -- and had a problematic rollout at that -- there are now more questions than answers. If iPhone users in the workplace start asking about using iCloud, ask yourself these questions:
Will confidential corporate data such as documents, global contacts and emails be synced to a user's home computer? Might they reside on Apple's iCloud servers after a user has left a company? What if someone gains access to a user's iCloud account by stealing a device or through a phishing or social engineering attack? Could photos taken with an iOS device in the office be pushed across a range on devices and computers by iCloud's Photo Stream feature?
Even more concerning is the uncertainty about whether users are putting business information onto their device(s) and into iCloud. At this point, how would an IT shop know?
What appears to be a great consumer feature could turn out to be a professional minefield. Caution is warranted.
Find My Friends -- or my unsecured iOS device
One extension of iCloud is the new Find My Friends app, which functions very much like Google's Latitude. If your friends or other contacts give the OK, you can see their current whereabouts on a map -- and vice versa.
Find My Friends offers a lot of useful potential in a business context. It can ensure colleagues can easily locate each other at a conference or some other event. It can help managers monitor employees assigned to mobile tasks like deliveries.
Unfortunately, it also allows anyone who is designated as a "friend" to locate a user or his/her iPhone or iPad. That could be a prelude to theft. Find My Friends could also be used to covertly monitor a user during off hours, which -- beyond being an invasion of privacy -- could open someone up to blackmail or other forms of coercion.
On a personal level, if you download and set up Find My Friends on an iDevice, I suggest you be extremely cautious about who is allowed to follow you. More on what to do about Find My Friends in an enterprise environment in a moment.
Siri -- say what?
The iPhone 4S's virtual assistant feature poses it own set of concerns. Since Siri is integrated into iOS 5, it has at least some level of access to all of Apple's built-in iOS apps, including Mail, Messages, Calendar, Notes and so on.
Thus, it's conceivable that when a user asks Siri to read business content such as an email, others nearby might be able to overhear confidential information. Similarly, and perhaps more concerning, a user sending a text message, making an appointment or dictating into any app on the iPhone 4S could be overheard.
- China calls the iPhone and iOS 7 threats to national security
- Dev interest in OS X Yosemite is 4X what it was for Mavericks in '13
- The Pangu jailbreak for iOS could turn into a sinister attack
- Apple nails Health timing as fitness app usage soars
- Developer demos iPad split-screen in photos, video
- Microsoft should grab Apple's 'Handoff' for Office
- Developer discovers split screen in iOS 8 code
- Apple opens up iOS, struts Mac-iPhone-iPad integration
- iOS 8 split-screen hints at iPad's enterprise ambition
- Heartbleed flaw affects mobile apps, too
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- SBIC: Transforming Information Security This report combines perspectives on technologies with experience in strategy to help security teams navigate complex decisions regarding technology deployments while maximizing investments.
- InfoTech: Cloud File Sharing Organizations are increasingly turning to cloud file sharing solutions to meet end-user's needs for a lightweight and effective collaboration tool. In this report,...
- Rethinking Backup and Recovery As enterprises continue to transform their data centers, and virtualization plays an increasing role in their IT infrastructures, the way data is backed...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed in recent years, and it continues to escalate. All iOS White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!