iPad data LP: Security savior or strong-arm tactic

It's a late night, and you've fired up Facebook on your ACME.com company-owned iPad to post some bad news. "A reduction in workforce is going to happen this week," you type into your update status field and tap the post button.

Instead of this status post, though, another post appears in plain view for all recipients to see:

"The web post you were intended to receive contained content that violated ACME.com confidential data security policy. The content has been removed to protect against data loss. If you have any questions, please contact the person intending to send you this information. Thanks."

Today, Symantec unveiled a data loss prevention solution on the iPad that will do exactly this. Called DLP for Tablets, the system forcibly routs all 3G and Wi-Fi outbound Web and email traffic on the iPad through a virtual private network and detection server. The traffic is monitored and inspected using keywords and other detection technologies.

If a user violates a data-handling policy, the DLP system will trigger an action depending on a company's configuration: block the email or Web post from going out, record the data breach, or notify the user and/or recipients. "People don't know what's confidential data," says Robert Hamilton, senior product marketing manager at Symantec. "If you have a system in place that can remind them... then they're going to start changing their behavior."

DLP for Tablets is the latest entry into Symantec's mobile security suite. This summer, Symantec announced its PGP Viewer for iOS that lets an iPad user receive and view encrypted email over the native Mail app and a sandbox viewer app. DLP for Tablets will be available on the iPad in the first half of next year; support for Android is slated for later in 2012.

But is DLP for Tablets too much of a strong-arm tactic? Symantec claims it is warranted. In its recent State of Security survey of 3,300 global organizations, nearly half of respondents said mobile computing is driving security challenges.

As Apple iOS market share rises, the iOS platform's allure as a target grows, says Jeff Schmidt, CEO of JAS Global Advisors LLC. "Apple's time is coming," Schmidt says, adding that managing human behavior for security reasons is a monumental challenge.

Pity the CIO who stands at the crossroads of corporate data security and employee freedoms. Given the iPad's emergence as a personal and business device, the iPad is a culture shock for IT, says Aaron Freimark, IT director at Apple services firm Tekserve, which helps Fortune 1000 companies adopt the iPad.

With DLP for Tablets, Symantec is basically tapping the iPad's existing ability to force all traffic through the VPN and then using this feature as a filter with a man-in-the-middle proxy server. "It sounds pretty innovative," Freimark says.

However, the idea that a company can actively inspect personal emails and post to an employee's Facebook account, albeit over a company-owned iPad, is somewhat disconcerting.

"The hallmark of these devices is that you're always checking email and Facebook, you're always on," says Freimark. "If you restrict that in some way, you're really fighting against the whole reason for their popularity."

Tom Kaneshige covers Apple and Networking for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Tom at tkanshige@cio.com

Read more about mobile security in CIO's Mobile security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecNetworkingsecuritymobile securityvpnhardware systemstabletsiPadSecurity | Mobile securityApple

More about AppleDLPetworkFacebookLPPGPSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tom Kaneshige

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts