What are the implications for enterprises and the security issues regarding fingerprint scanning? Anthony Tian, Regional Director, Asia Pacific, Good Technology, gives his thoughts.
The iPhone 5S fingerprint scanner is being seen as a mobile security game changer. What are the implications for enterprises?
While Apple's iPhone 5S Touch ID fingerprint scanning technology is a very slick addition for use by consumers, the fact that even Apple themselves didn't tout this as an MDM/business feature was a good indication that the enterprise should be leery to embrace it for use as 'true' data security tool. If Apple makes the Touch ID API available, it will allow developers to take advantage of the biometric features which provide an additional authentication layer to their application, thus creating a new frontier in app security.
However, like many new security features, Touch ID should not be considered a 'silver bullet', or convey a false sense of security. There is always a way to get access to mobile devices, especially when one considers that BYOD devices can have multiple fingerprints registered to the device. This is why corporations can't rely on hardware-based encryption alone. Instead, they need a secure container around the data and information on the device so that the information can't be extracted, even if a hacker gains access to the phone
Do you see this feature violating human privacy (in-built fingerprinting scanner just to operate the device)?
Consumers have the option to make use of this feature and they can always 'opt out' when it comes to its use on their personal device. However, if a company chooses to mandate use of biometric/fingerprint scanning capabilities on BYOD devices, it does raise some privacy questions when you consider there will then be a large database of biometric information that is potentially vulnerable to hacking.
Do you think fingerprinting scanning will go mainstream as a technology?
Apple has effectively introduced the concept of fingerprint scanning for consumer use, but there still remain a lot of questions around its effective use for securing devices. Therefore, it will likely still take some time before fingerprint scanning becomes a household feature.
Do you see any possible risks with the integration of biometrics in mobile security?
According to recent reports, a German biometrics hacking group has successfully demonstrated how they have bypassed the iPhone 5S' fingerprint scanner by taking a high-resolution photo of the users' fingerprint, which was then printed and used as a fingerprint to access the device.
While biometrics technology adds another layer of security to mobile devices, it should not be the only security feature used on corporate devices. You can't solely rely on operating system security because there are multiple things that users can do, outside of an organisation's control, to weaken it. If you're going to entrust your corporate data to a device, you need to provide a solution that protects the data, not just the device and gives you (the IT admin) control. It is critical for companies to secure both their mobile devices and their data with secure containerisation to protect sensitive data and corporate IP on those devices.
How can Good Technology help enterprises integrate iOS 7 into their mobilisation strategy? How beneficial will it prove to be for them?
Good Technology is the only secure mobility provider to offer full iOS 7 support across its entire suite of applications, including Good for Enterprise, Good Connect and Good Share, the day iOS 7 became available.
With Good, enterprises will be able to upgrade to iOS 7 without any delays in service, exposure of data or compromised security. Good has also rolled out iOS 7 support for its rich ecosystem of custom and partner applications built on the Good Dynamics Secure Mobility Platform.
In addition, Good has leveraged the extended set of Apple mobile device management (MDM) capabilities available in iOS 7 to enable functions such as extended restriction controls, enterprise SSO and configuration and policy management for MDM-managed apps. Good will also support the enhanced Volume Purchase Program (VPP) making it easy for businesses to deploy these iOS 7-compatible apps at enterprise scale while still retaining full ownership and control over app licences.
By securing entire workflows, facilitating the development of numerous iOS 7-compatible enterprise apps, and simplifying management of iOS 7 within the types of diverse mobile environments typical today, Good is uniquely enabling enterprises to truly embrace iOS 7 as part of their mobilisation strategy.