Apple devices seeping into Corporate IT networks
Apple has quietly been releasing information on now to integrate its growing list of Smart devices with Enterprise IT.
While currently synonymous with consumers or perhaps less kindly termed "masses", the evidence is clear that Macs, iPads and iPhones are infiltrating corporate environments either knowingly or unknowingly.
The recent emergence of Apple’s iCloud via the Lion OS upgrades also allows consumers to synch their personal data including apps, music, videos and e-books to Apple's remote Datacentres. (Note: Many would argue that this is not a real cloud but merely a file synchronization service and represents Apple’s attempt to catch up somewhat with cloud technology).
"[However] they allow information about your company to be stored outside of your infrastructure and place control of that information under a user's personal Apple ID," said ComputerWorld.
Since these synching processes are largely automatic, there is a slight-to-medium risk that sensitive corporate IT information may end up in Apple’s cloud, especially via the growing list of Apple apps, including backup, which may be vulnerable to hacking or snooping.
According to Redmond Channel Partner, the IDC is forecasting 8% of iPad sales will come from commercial customers this year amounting to about 4.2 million devices.
At least one-in-five workers or 21% use at least one Apple product at work. And, it appears that Apple has approached channel partners such as Microsoft to help deploy these devices in corporate environments, especially Exchange and Windows Server.
Apple itself has released a number of documents outlining security and integration procedures for incorporating devices such as the iPad into enterprise networks.
One area of interest relates to using ActiveSync over port 443 (HTTPS) to connect Apple devices to Microsoft Exchange Server 2003, 2007 and 2010.
Apple also provides documentation regarding integration with standards-based protocols inside corporate networks.
“With support for the IMAP mail protocol, LDAP directory services, and CalDAV calendaring and CardDAV contacts protocols, iOS can integrate with just about any standards-based mail, calendar, and contacts environment,” said Apple.
Additional iOS options allow users to connect to networks via built-in VPN clients or through third party apps from Juniper, Cisco, and F5.
Apple states in its help docs that iOS supports industry-standard technologies such as IPv6, proxy servers and split-tunneling, which it said, “provides a rich VPN experience when connecting to corporate networks.”
“iOS works with a variety of authentication methods including password, two factor token, and digital certificates. To streamline the connection in environments where certificate-based authentication is used, iOS features VPN On Demand, which dynamically initiates a VPN session when connecting to specified domains.”
According to Apple, data stored on iPhone or iPad is hardware-encrypted using 256-bit AES protect data on the devices. Encryption is “always-on” and cannot be disabled by users.
"Additionally, data backed up in iTunes to a user’s computer can be encrypted. This can be enabled by the user, or enforced by using device restriction settings in Configuration Profiles," said Apple.
"iOS supports S/MIME in mail, enabling iPhone and iPad to view and send encrypted email messages. Restrictions can also be used to prevent mail messages from being moved between accounts or messages received in one account being forwarded from another."
Finally, said Apple, with support for IPSec and SSL VPN and WPA2 Enterprise Wi-Fi, users can also connect to private corporate networks.
- » How to avoid the big upcoming cloud storage problem – which could run you down
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security
- » Platform as a service solutions are secure – as long as they’re not misconfigured
- » A guide to enterprise cloud cost management – understanding and reducing costs
- » Why the future of data security in the cloud is programmable