Microsoft is widely expected to announce Office for iPad tomorrow, which could have both positive and negative security implications for businesses that use it, experts say.
The downside is that the popular apps such as Word, for example, will encourage iPad users to use the devices for more word processing overall, says Michael Silver, an analyst with Gartner. There’s less chance that formatting and layouts will break if documents are created in Word than if they are converted to Word from some other app, so users may write more on the iPad than before, he says.
This improved reliability means more business documents are likely to be stored on these devices and perhaps stored in consumer cloud storage services such as Box and Dropbox, he says, despite corporate policies to the contrary. This is especially true if the iPads are part of BYOD programs and not corporate issued and managed, he says.
If devices are lost or stolen, or the cloud service accounts are compromised, so will the corporate documents stored within them, he says.
On the other hand, if businesses are customers of Microsoft OneDrive for Business – Microsoft’s cloud storage service - security could improve, he says. Microsoft might choose to restrict storage of Word for iPad documents to OneDrive only. That would give businesses with a OneDrive for Business account more control, Silver says. “I give it a 90% chance that [Microsoft is] only going to support their own service,” he says. “They’re looking for anything that makes their service stickier.”
There’s even the chance businesses will be prompted to sign up for OneDrive for Business because of use of Office on the tablets, he says.
Encouraging greater use of iPads for word processing, spreadsheets and email could tighten security because iPads are more secure than corporate laptops, says Wolfgang Kandek, CTO of Qualys. “They’re much safer than your average PC. If you use the PC for fewer office tasks it’s better,” he says.
The device has compartmentalized processes, he says (“You can’t steal data from one part of an iPad to another.”) and since the only apps that run on iPads have been vetted by Apple, there’s less chance of them exposing the device to attack. That doesn’t mean they can’t be hacked, he says, but when it comes to inherent security, “Hands down tablets are better than PCs.”
That doesn’t mean PCs can’t be made as secure, but in his experience most businesses don’t do three key things that would make the difference: updating apps and operating systems quickly and regularly; restricting the number of privileged user; white listing apps that the machines can run.
Giving iPad users full access to file stores can improve security, he says. “If you give people (using iPads) full access you’re in a good position to control what they’re accessing. Otherwise they’ll email documents to themselves in outside accounts.”
“It’s better to embrace iPads and support them as long as they make business sense.”
Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at firstname.lastname@example.org and follow him on Twitter @Tim_Greene.