Even though the iPad is designed primarily as a consumer device, salespeople are increasingly adopting it because of its ease of use, convenience, and coolness factor.
Mobile security firm Good Technology Inc. reports that the iPad’s share of enterprise deployments went up 64 percent in the last quarter. According to Apple Inc. (Nasdaq: AAPL), more than 80 percent of the Fortune 100 have already deployed the iPad in the enterprise or are piloting it.
But iPads aren’t all fun and games — they’re attractive to thieves, and the wireless connections could potentially allow customer data to travel over public airwaves.
What can companies do to protect sensitive customer data from prying eyes?
The first step is locking down the iPad so that strangers can’t turn it on and get into your corporate networks. Login names and passwords are a good place to start, but adding a second authentication method is even better. Typical options for the iPad include one-time passwords delivered to a keychain fob or a cellphone; automated login confirmation calls or text messages; and even face recognition technology.
According to Jeff Kalwerisky, chief security evangelist for database firm Alpha Software, face recognition has historically had problems — people change hairstyles or get sick and are no longer recognizable. But the latest cameras and software are pretty good, he says. However, cellphone authentication may be most convenient since everyone carries their cellphones with them, and the thief who makes off with the iPad isn’t likely to get the phone as well.
Encrypt, encrypt, encrypt
It may sound like a no-brainer: All sensitive communications must be encrypted. But some applications, especially those written in-house and designed to run on older mobile devices, might be sending plain, unencrypted data over WiFi and 3G networks. The reason? Encrypting and decrypting messages takes too long on the old, slow devices.
Speed isn’t an issue on the iPad, which has plenty of power to handle encryption. And most popular enterprise applications, such as Salesforce.com or Google Apps, automatically encrypt all private traffic.
To access custom-built corporate applications, the standard SSL (Secure Sockets Layer) encryption built into the iPad’s browser is good enough security for just about anybody, and it is not difficult to set up.
Some vendors have already started offering enterprise-grade document management solutions for the iPad, where all stored data and documents are automatically encrypted — a boon for workaholics on long plane trips without Internet access.
Don’t save data
The iPad doesn’t have a built-in hard drive, but it does have plenty of memory — for music, videos, e-books, and sensitive corporate documents. To be on the safe side, get those documents off the device and into the cloud. Keep them on your company’s servers and have employees access them over a secure virtual private network, or use a trusted cloud-based hosting provider.
If a thief does steal the iPad and gets access to its internal memory, let him have the music and videos, but keep customer account information out of his hands — and the data breach report out of the news headlines.
Use cloud-based services like Salesforce.com for customer data and Web-based platforms for your presentations. There is no reason for the iPad not to be connected to the Internet at all times, either through WiFi, its 3G network, or a mobile WiFi hotspot from another carrier in areas where your primary carrier’s reception might be spotty.
Pay attention to provisioning
Historically, Apple’s biggest disadvantage with enterprise deployments was a lack of adequate management and provisioning tools. But last summer, the release of iOS 4 plugged many of these gaps. Now companies can centrally manage all employee iPads and iPhones and set security policies for the devices. Companies can even have their own corporate app stores
BlackBerry maker Research In Motion Ltd. (RIM) (Nasdaq: RIMM; Toronto: RIM) still offers more fine-grained controls than Apple, but the iPad now has most of the basics covered — and the BlackBerry PlayBook tablet still has no scheduled arrival date. In addition, a number of third-party vendors are offering additional management tools for the iPad. For example, if employees want to bring their personal devices to work, it’s possible to carve out secure areas on the iPads that can be centrally managed, and even wiped, by the company, while leaving the employee’s personal iTunes collection intact.