iPad – Security good or bad?

Isn’t the iPad phenomenon interesting! I’m firmly in the camp that it’s a “good thing”, and having played with one I think it’s wrong to compare it with a laptop – the whole concept is different. It’s not about having a small form factor fully functional computer – it’s about having a small device that is instant on and gives you access to web/cloud services and media.

I find the instant on is important. In the house I tend to avoid turning on the computer if I have to look up something quickly. It’s too much hassle. The iPad/iPhone (or similar devices) are instant on – net access conveniently and quickly.

From a security perspective I find the iPad/iPhone fascinating. On one hand the in built security functions are ordinary. Device lock is a 4 digit PIN, there is no automatic encryption of flash and if you’ve tried to program one (I have) things like the cryptographic libraries are somewhat hard to find any information on.

On the other hand, the construction of the application environment is great. I love the fact that each application is sandboxed from the others. I think in version 4 of the OS there will be shared data of some kind – but I’ve not got my head around that yet. It starts to make the perfect access device.

I’m using my iPhone now for all my banking needs. Why?

  • The only virus I’ve seen was the the Rick Astley concept virus. I’m sure there will be others, but at the moment there is less of a focus on the iPhone for malware. (And I’m not planning to jailbreak any time soon.)
  • The sandbox environment makes it less likely a badly behaved/insecure application can undermine the entire phone. Not by any means infallible, but not a bad start.
  • The device is simpler than a computer running a full operating system. Simpler = less to go wrong = easier to secure.

So on one hand you have a device that has little in the way of enterprise security features you might expect in a laptop (full disk encryption, password management etc.). But on the other you have a simple device that for accessing cloud or web type services – where the data is not stored on the device – which is perfect.

So all in all – I’m in favour. I like the whole concept and I think the more iPad like devices we see, the better it’s going to be for security – with the caveat that the device is about access not storage. So to sum it up:

  • If your need is access to sensitive information/data/applications without local data – the iPad is a great device.
  • If your need is storage and local handling of sensitive data/applications – stick with a laptop for now!

Leave a Reply