iPad security and the cloud
February 8, 2011
I was at the airport, standing in line, when I struck up a conversation with a traveller about his iPhone. He discussed its features with me and its ability to harness the internet anytime and anywhere. He indicated that the phone’s simple, elegant, and intuitive interface is a joy.
I then focused the discussion on the iPad, which has a much larger user interface. I mentioned my desire for a larger screen. I want to be able to use it to replace my PC for all browser related work. So lets look at how the iPad moves the public closer towards cloud computing, what type of wireless security it uses, what advances are needed to protect browsers from common attacks, and why I like the use of wireless jump drives versus cloud storage for the iPad.
What does the explosion of sales growth of the iPad point to? The traveler I spoke with mentioned that many firms are lab testing the iPad for deployment as their corporate cloud portal. Thus, the push toward cloud computing continues. The use of the iPad’s web browser (portal) interface encourages the companies to create web applications like Google’s word processing or spreadsheet applications.
This paradigm shift toward web-only applications pressures companies like Microsoft and Intuit into deploying their applications within a web browser. A customized operating system could provide just wireless connectivity to connect to storage drives and printers along with the web-only iPad environment . This saves companies a bundle because they no longer have to supply full functional laptops running operating systems supporting a slew of critical applications. Only a browser with wireless connectivity networking is required.
What are the points within the iPad product that need a security focus? The iPad product obviously supports wireless communications anywhere. This communication must be encrypted with something like WPA2. Each website has its own communications criteria HTTP or HTTPS (which is encrypted and secure). But current browsers can be hacked and phished. What about being totally proactive and catching the enemy before they set the trap (phishing hole)?
What future security ideas would I suggest? I recommend creation of a next generation browser that is backward compatible or it could simulate prior browsers. The new browser would be hardened in such a way that it could not be attacked using OWASP listed techniques today. It may also require all new (not prior old browser) communication with it be encrypted maybe with a new secure well-known socket (not port 80 or 443). Users visiting websites supporting the new protocol could review that website’s software certificate to make sure it is who they expect it to be. A web site status and health bar could be displayed within the browser showing the strengths of the site.
Lets look at other iPad security concerns. What does one do with data that would be stored in the cloud? A wireless jump drive can communicate with the iPad so that documents, pictures, or other information can be stored on it. One of the jump drive vendors uses WPA2 to securely transfer information from the iPad browser to it. This type of product is an excellent way to appease users that are interested in protecting sensitive data such as: yearly tax data, credit card numbers, and social security numbers.
Im currently concerned about what the cloud providers do with my data while it is in their cloud. I think of email and how my major cloud email provider scans my mail and posts ads that show up on the edges of my browser screen related to my email content. I would like that to stop. So, I recommend use of the wireless jump drive until my data is properly encrypted by my provider and my email is not scanned by my provider for their benefits.