Few corporations are likely to ban iPods in the workplace, but whether Apple and other manufacturers of MP3 players shoulder some responsibility to add security to their devices -- and how effective that security would be – is a growing debate.

Apple didn’t return multiple inquiries asking about its stance on iPod security, but plenty of others are talking about what the company should or should not do to prevent its widely popular music player from being used as a data-transfer device for stealing sensitive corporate information. While this unintended use of the iPod is not exclusive to Apple’s device – employees with malicious intent could steal data using any MP3 player, or any removable media for that matter – Apple has sold more than 100 million iPods, making it the obvious choice.

“My initial reaction was that Apple should have as much responsibility as SanDisk has for securing its USB thumb drives,” says Kurt Tappe, Apple certified engineer with JP Morgan Chase, in an e-mail. “But then I remembered that iPods do not come out of their shipping containers with the ability to be used as data drives. The user must explicitly turn that function on in iTunes. To that end, it seems to me that Apple has already gone one step beyond other drive manufacturers.”

An extensive search of the iPod and iTunes sections of Apple’s Web site turned up no information about setting the devices for data transfer, but also did not warn against the potential for misuse when iPods are set as such. However, in Apple's support section, there is an entry explaining how to enable an iPod as a storage device.

Others say Apple may not be responsible for securing its device beyond the basic lock function that it comes with, but offering such features couldn’t hurt. This could become particularly important as corporate IT departments begin to consider purchasing other Apple products, such as Mac desktops and servers, in helping Apple build confidence among security-conscious enterprises.

“I wouldn’t put this responsibility on [Apple] as mandatory; I would prefer to see Apple offer it as an add-on feature and let the market dictate its usefulness,” wrote Louis Tinto, risk manager and director of technology risk assessment with a large financial-services company, in an e-mail. He stresses that educating employees about corporate policies regarding use of such devices and having workers regularly attest to their understanding of such policies is the best first step to take in protecting against data theft via iPods.

Whitepapers

• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users
• IT Departments on Data Security: A Research Concepts Survey

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports