How Secure Is iPad? - InformationWeek
Mobile // Mobile Devices
09:50 PM
Kurt Marko
Kurt Marko
Connect Directly

How Secure Is iPad?

While the Apple tablet doesn't yet equal the BlackBerry in terms of enterprise-grade management tools, it sports a set of surprisingly robust security features.

In researching a forthcoming InformationWeek Analytics IT Impact Report on the iPad 2, I became much more familiar with features enterprise users and IT staffers fret about in a tablet--things like support for automated provisioning, centralized configuration management, network security, and local data protection. Just the things often lost in the noise of a consumer-oriented rollout blitz.

While the iPad (and sister iOS devices the iPhone and iPod Touch) doesn't yet equal the BlackBerry--every mobile IT administrator's best friend--and leaves a lot to be desired when it comes to enterprise-grade management tools, it does sport a set of surprisingly robust security features.

Of course, the iPad incorporates the latest Wi-Fi security standards such as WPA2 personal (preshared key) and enterprise (Radius). It also offers a host of VPN protocols, including Cisco IPSec, Layer 2 Tunneling Protocol, and Point-to-Point Tunneling Protocol, with third-party apps from the likes of Cisco, F5 Networks, and Juniper adding support for SSL VPNs.

So data in motion is well protected, while data at rest, the flash drive partition for user and application data, is encrypted with AES-256 using an embedded hardware key, which is strengthened by salting (much like Unix passwords) with the device's screen-lock passcode. Local data can be wiped either remotely--using a third-party mobile device management app, Exchange ActiveSync, or Apple's Find My iPad service--or locally after a set number of invalid passcode entries.

Here are some quick tips for tightening up security on your iPad:

– Use WPA2 on any networks you control, office and home.

– Use a VPN while on any public Wi-Fi network.

– If you don't have access to a corporate VPN, get an account on a public provider like WiTopia or Strong VPN.

-- Configure a passcode and set a short lock interval of 15 minutes or less. The basic level, four-digit PIN is OK, but the "enhanced" alphanumeric password is better.

-- Configure local wipe after 10 invalid passcode attempts.

-- If you're forgetful, store a copy of your passcode on another system, because without it, you'll have to restore the iPad from your last iTunes backup.

-- Set up the "Find my iPad" feature (requires a MobileMe account), which not only can locate the device but also remotely lock or wipe it.

Taking a few minutes to lock down your iPad configuration, along with practicing some basic mobile networking hygiene, could save you hours of grief.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll