Skip Links

Can Apple iOS devices gain confidence of IT security pros?

Apple not open enough on security issues, though some see clear signs it's improving

By , Network World
June 01, 2012 04:10 PM ET

Network World - There's great enthusiasm for using iPhones and iPads in the workplace, but experts say Apple's limited transparency about security issues can make enterprise adoption problematic.

IBM's Chief Information Officer Jeanette Horan recently struck a nerve when she said Big Blue regards Siri on employee iPhones a sensitive security issue and disables it because the voice interactions are uploaded to Apple computers in the cloud.

RELATED: With Steve Jobs gone, Tim Cook is putting his own stamp on Apple

Already, there had been suspicion as well as curiosity about what Apple might be doing in the background with Siri. Apple does briefly note in its legal licensing terms it will do this Siri uploading. But despite calls for more information about how Apple stores and analyzes the voice data it may be collecting this way, Apple hasn't offered any explanation, which only heightens the ill ease for some.

It's not surprising that Apple needs to process human speech and complex speech responses in the cloud, says Chris Eng, vice president of research at Veracode. "It takes computational power," he says. "The phone may not have the power to do that."

But what he finds troubling is that so little is known about what Apple might be doing with the Siri-based voice data it collects. "Are they warehousing it? If I'm making an effort to purge information, I'm probably going to come out and say that this isn't being stored. They should come out and say it isn't being stored."

But since Apple hasn't shown an inclination to discuss this in depth, despite repeated inquiries from Network World and others, there's no way to understand what's going on in that Apple cloud.

"You can see why IBM is concerned," Eng says.

"Siri is more of a novelty now, an infant technology," says Daniel Ford, chief security officer at Sterling, Va.-based mobile risk management vendor Fixmo. "It's gathering data about you, digitizing it, and sending it to Apple's cloud." He said he thinks Apple doesn't share the information with anyone else, but he acknowledges, "We don't know how Apple is parsing it." He says it's not surprising enterprises would want to turn it off.

"Siri scares the hell out of me, to be honest," says Paul Henry, security and forensic analyst at Lumension, adding that Apple has provided no explanation about what it's mining the Siri data for, if anything. He points out Apple has incited privacy and security concerns before, when it was recognized that Apple was sending location data back to Apple, purportedly to use for targeted ads.

Apple is going to find it hard to win the confidence of the enterprise security manager without addressing Siri, Henry says. Google and Microsoft, as well as VMware, have all been better than Apple in disclosures related to security in their products. But Apple, which is consumer-focused, hasn't yet reached the level of response that IT security managers traditionally expect, he notes.

But Henry also notes that Apple shows definite signs of change in wanting to be more responsive about security in order to have its Apple iOS smartphones and tablets adopted in the enterprise and government sectors where strict security and detailed technical understanding may be demanded.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News