While industry observers on the whole have been largely underwhelmed by Apple's latest smartphone offerings, the tech giant's new Touch ID technology has become a talking point among security and research specialists.
Touch ID - a fingerprint scanner embedded in the new iPhone 5S's home button - has been touted as a significant security plus, but some say it is being given too much homage, and is a step, rather than a solution.
Justin Lee, country manager at Blue Coat Systems in SA, says it is dangerous to think iPhones are now more secure because of Touch ID. "For cyber criminals, it's all about the data behind the applications on the device. Fingerprint scans can protect the device, but don't protect the users while they are using it from data loss or malware attacks."
Mobile vulnerability
Lee notes that phishing attacks - online scams used to steal money and personal information - are the most efficient type of attack on mobile users, as a small screen does not offer typical context clues to determine if an e-mail or Web page is suspicious or not.
Recent research by Blue Coat Systems shows the top three apps used by UK employees in the execution of their jobs are messaging, office apps (like Google Docs) and finance apps. "These apps contain important personal and corporate data that can be unintentionally shared or leaked," says Lee.
"The trick is making sure employees can safely use these devices for work without creating a security vulnerability."
And enterprises want to embrace new technologies and devices - they see the benefits - but Lee says they need to go one step further in protecting devices if they want to empower employees to use them on the job. "That means extending traditional corporate security to the devices.
"While the fingerprint scan is great device-level protection that will hopefully help reduce device theft, it isn't the answer for enterprise-level security."
The BYOD bomb
Enterprise manager at Citrix SA, Michael Church, says a bring-your-own-device (BYOD) strategy should be a priority for organisations looking to merge with the digital era that is synonymous with smart devices at work.
"As 'consumerisation' continues to transform IT, organisations are moving quickly to design strategies to allow and embrace BYOD. However, the underlying question of securing of corporate data is always top of mind for IT."
Church notes that, with the recent launch of Apple's Touch ID technology, questions around the effectiveness of this technology as a truly secure method to protect corporate data are being raised. He says security goes beyond the device and the user's ability to interact with it.
"The iPhone 5S could potentially change the way enterprises incorporate smart devices at work and in particular how they will view the use of iPhones at work. Many organisations may decide to include the iPhone 5S as part of an existing, limited BYOD programme or as a standard, corporate-issued device due to the new fingerprint technology."
That said, he notes that solutions such as mobile device management, mobile app management and follow me data will still play a key role in securing data.
Paving the way
A Reuters report outlining how biometrics has been "fired into the mainstream" says Apple - through its initially limited Touch ID technology ? is offering a glimpse of the future, where gadgets might become a biometric pass to the workplace.
"Apple's move may not have an immediate impact beyond improving the way users unlock their devices and interact with Apple services like iTunes and its App Store and reducing the appeal of stealing an iPhone. But that is itself a significant step."
Reuters notes Apple and other manufacturers have come under pressure to add more security features to their mobile devices in the face of growing theft. "In the first nine months of 2012, the New York Police Department reported nearly 11 500 iPhones and iPads had been stolen."
The news agency cites industry insiders as tagging biometric security as a significant appeal to enterprises nervous about allowing employees' personal devices on the office network.
However, it notes that fingerprint scanners have already found their way into a number of devices, including mobile phones, but have not taken off because of the cost and the fact that there have not been adequate ecosystems to build support for the products to date.
Church says, on mobile devices, access to apps and data should be controlled, secured and managed with policies based on device ownership, status or location.
"IT can enrol and manage any device, detect jail-broken devices and perform a full or selective wipe of a device that is out of compliance, lost, stolen or belongs to a departed employee or contractor. Application security is ensured through secure application access via app tunnels, blacklisting, whitelisting and dynamic, context-aware policies."
The latest advance in iPhone security is welcome, he concludes, "but only part of the corporate data security battle has been won".
Share