Enterprise Security Features of the iPad

So you ran out and bought  new iPad and you would like to use it at work. Your office may already be using Blackberries or even iPhones, but you're in love with your iPad and you would like to use it for keeping in touch and staying up to date. You may even want to access company resources on your iPad or do some work from home.

If you have read my previous posts, you already know how versatile the iPad is for all of your office tasks from checking e-mail to maintaining your contacts and calendars. It can even receive push notifications from Microsoft ActiveSync and access company VPNs. But the main concern from your boss and your IT department is whether your iPad is secure.

Well, not to worry. Apple has taken a layered approach to security on the iPad (and the iPhone as well).

Layer 1

The first layer is the security of the device itself. This is the level of security that keeps the iPad safe from unauthorized use of the device. You probably know that the iPad comes with a pass-code feature, but did you know that with the Apple iPhone configuration utility this pass-code feature can be tweaked?

• The iPad pass-code can be set to a minimum length
• The iPad pass-code can be set to require complex characters.
• The iPad pass-code can be set to expire so that pass-codes must be changed and can also prevent passwords from being re-used too often.
• The iPad can also be set to automatically wipe its data after a set number of unsuccessful log in attempts.

That is good but your IT guy will not usually trust you to set your pass-code policy. Just let him know that pass-code polices can be enforced by configuration profiles that can be distributed via e-mail or remotely pushed to the device. The iPad even supports digital signing and encryption for configuration profiles. In addition, the iPad can be configured to prevent the use of certain apps like YouTube or Safari.

Layer 2

The second layer of security is at the data level. How safe is the data on your iPad?

• Digital signatures insure that all of the data on your iPad has been transmitted without alteration. Every time an App launches on the iPad, it checks with a certificate authority online to ensure that the app has not been tampered with by a third party or altered with malicious code. This is a safe and secure way of ensuring the integrity of your data.
• In addition to digital signatures, your data is protected by AES-256 bit hardware encryption. This layer of security is transparent to the user and does not affect performance or battery life.
• Data protection is also enhanced by setting a pass-code on the device. This provides an extra level of data security if the device is lost or stolen. The iPad can also be remotely wiped from a central location by your IT department. And, as stated earlier, the iPad can be set to wipe it's data locally after a set number of failed log-in attempts.

These features keep all of the information stored on your iPad safe from prying eyes.

Layer 3

The third layer of security on the iPad is the Network level. It is at this level that network protocols come into play. The iPad is set up to comply with most industry standard security protocols right out of the box.

• The first of these is authentication. The iPad implements several leading industry standard authentication methods including Password (MS-CHAPv2), X.509 digital certificates, and Shared secret.
• Once the connection has been authenticated, the data is protected in transit using SSL (Secure Socket Layer) public-private encryption.
• The iPad also supports the latest secure Wi-Fi standards such as WPA2 personal and WPA2 enterprise. The iPad also supports the new 802.1X authentication methods knows as RADIUS (Remote Authentication Dial-In User Service) which supports Automatic Wi-Fi Login and Persistent Wi-Fi. RADIUS support allows the iPad to take advantage of several wireless authentication environments such as EAP-TLS, EAP-FAST, PEAP v0, v1, and LEAP.
• The iPad supports certificate-based authentication procedures which allow the iPad to interface with a whole host of networks including Microsoft Exchange ActiveSync and Cisco IPSec virtual Private networks. Digital certificates make it possible for users to connect to resources automatically and securely.
• The iPad has built-in support for several VPN (Virtual Private Network) protocols which allow an iPad to access internal company resources. The iPad can connect to VPNs using Cisco IPSec, L2TP/IPSec, and PPTP.

These features ensure that the information that flows to and from your iPad is safe from snoopers and hackers.

Layer 4

The final layer of security is provided by the iOS platform itself. The system software of the iPad (or iOS) was designed with security in mind. It provides several features which guarantee data integrity and prevent malicious code from running.

• Sandboxing applications is a method which ensures that each application occupies it's own "space" within the operating system. This prevents applications from altering or over-writing data in other applications or interfering with any of the system functions.
• The iOS also requires mandatory code signing which ensures that applications have not been tampered with or altered. A signed application can be checked online to confirm that it is the authentic version from the developer. Signing also aids in checking that any updates are authentic as well.
• Keychain services provide an encrypted method for storing and retrieving multiple user passwords for various services and websites. This makes connecting to password protected services quick and efficient without requiring the user to re-enter log in information repeatedly.
• The iOS supports cryptographic architecture such as MD5 from RSA Data Security. The iPad even has built-in hardware acceleration for AES and SHA-1 encryption.

The iOS security features preserve the integrity of your data and your Apps.

All of this adds up to a full featured set of security features that will keep any IT guy happy and help your boss sleep better at night after he or she OK's your iPad for use on the company network.