Skip to main content

Apple iPad Security: Jury Out

Whether Apple's iPad will pose a big enterprise security challenge remains to be seen.



) --


(AAPL) - Get Apple Inc. Report


may be the hottest thing in consumer technology, but corporate America could be the next frontier for

much-hyped tablet device


"Inclusion of the iPad into enterprise client workstations will be driven by the users," explained Wolfgang Kandek, CTO of security specialist


, in an email to


. "It will be hard for IT administrators to resist

the demand from users."

The big question, though, is whether this will mean a big security headache for businesses.

Scroll to Continue

TheStreet Recommends

Steve Jobs unveils the new Apple iPad

It took just 24 hours for

reports of the first iPad hack to emerge

, and attackers will inevitably seek out other security flaws.

The Price for a Digital Fake Passport (Forbes)

"Most of the attacks that we have seen against the iPhone have exploited vulnerabilities in the Safari browser, and we would anticipate that to be a point of weakness on the iPad, too," explained Graham Cluley, senior technology consultant at


, also in an email. "Targeting browser vulnerabilities would be the obvious way to try and infect and steal information from users."

Cluley told


that it will be interesting to see how quickly Apple patches iPads when vulnerabilities are found. "In the past, it has been accused of being much slower to patch the iPhone OS, than say, Mac OS X."

Apple CEO Steve Jobs recently said that the company had

sold more than 450,000 iPads

since its launch earlier this month, and the turtle-necked tech guru has described the tablet as the "third category" of mobile devices.

Like other handheld devices, though,


could pose challenges for enterprise IT departments, according to Chris Hazelton, a research director at The 451 Group.

"The main issue for iPad is similar for any employee-owned wireless device," he wrote in an email. "It is that many companies don't realize or care that these devices are connecting to (and storing) corporate data."

Set against this backdrop, Hazelton urges firms to focus on tracking and controlling



"Companies need to know that an iPad is being used by employees, and if so, lock them down with passwords, and ensure that they can be remotely wiped if locked down or stolen," he added. "A lot of companies use Exchange, which can natively manage iPads, but it is not easy to detect an iPad using just Exchange - several third-party device management companies are stepping in to solve this issue."

Apple has not yet responded to


request for comment on this article, although the company's Web site touts the iPad's many "layers of security."

"You can require complex passcodes to access important information securely, encrypt data over the air and at rest, and even remotely wipe everything from your iPad instantly in the event of theft or loss," it said.

Apple, for example,

extended its MobileMe software

to the iPad earlier this month, which lets users remotely lock, wipe and locate the devices. In a clear nod to corporate security, Apple also supports


(CSCO) - Get Cisco Systems, Inc. Report

virtual private network (VPN)

technology on the iPad.

Apple's iPad

"IT departments can enforce complex passcodes and other policies on iPad to protect corporate data," explains the Apple Web site. "And certificate-based authentication enables iPad to securely connect with corporate data via Exchange and VPN."

However, Jack Gold of analyst firm J.Gold Associates, says that the iPad still has some way to go before it is a bona fide business tool.

"It might be ok for thin client applications where no data gets transferred to the device and accesses the device via a VPN," he wrote, in an email. "

But there is no way to monitor the device at this time for regulatory compliance, so a company might not even know if the data is lost, and be out of compliance if they allow its use for business purposes."

Other experts, however, are more positive on the iPad, such as Qualys' Kandek, who says that the device has been built "from the ground up" with integrated security.

"Applications are tightly controlled by Apple, as are updates to the OS itself," he explained. "Apple is

also working on better management tools that cater for enterprise administrators in the coming versions of the OS, which will help its acceptance a tremendous amount."

"Apple has been aggressive about adding features to products if it believes they are being held back," adds Charles King, president of research firm Pund-IT. "If the company is serious about driving iPad use among companies, I expect more business-friendly features will appear in next generation releases and updates."

The iPad, of course, shares an

operating system

with the

popular iPhone

, something which could help boost its corporate presence.

"iPad is just as secure as the iPhone for the enterprise," said 451 Group analyst Chris Hazelton. "Both are not the Blackberry, for which you can control pretty much every enterprise setting on the device, but they address the big issues such as enforcing the use of passwords and remote wipe."

"The iPad uses the same security model as the iPhone and iPod Touch, so there's a lot available on it," added Ted Schadler, a principal analyst at Forrester, who describes the device as an "attractive business tool."

A recent survey by Zogby International, commissioned by


(SY) - Get So-Young International Inc. Report

, even cited mobile working as the No. 1 reason that U.S. consumers would use a tablet device. Not everyone, though, is convinced that iPads will become a feature of corporate America in the near future.

"Apple is focusing the iPad at consumers, not enterprises," wrote Ken Dulaney, a vice president at tech research firm Gartner, in an email. "Few customers have or intend to pay for these products for employees at this point."

-- Reported by James Rogers in New York

Follow James Rogers on


and become a fan of