IPad Security and the Cloud
I was at the airport, standing in line, when I struck up a conversation with a traveler about his iPhone. He discussed its features with me and its ability to harness the internet anytime and anywhere. He indicated that the phone's simple, elegant, and intuitive interface is a joy.
Mon, February 07, 2011
CSO — I was at the airport, standing in line, when I struck up a conversation with a traveler about his iPhone. He discussed its features with me and its ability to harness the internet anytime and anywhere. He indicated that the phone's simple, elegant, and intuitive interface is a joy.
I then focused the discussion on the iPad, which has a much larger user interface. I mentioned my desire for a larger screen. I want to be able to use it to replace my PC for all browser related work. So lets look at how the iPad moves the public closer towards cloud computing, what type of wireless security it uses, what advances are needed to protect browsers from common attacks, and why I like the use of wireless jump drives versus cloud storage for the iPad.
Also see: 5 cloud security trends for 2011
What does the explosion of sales growth of the iPad point to? The traveler I spoke with mentioned that many firms are lab testing the iPad for deployment as their corporate cloud portal. Thus, the push toward cloud computing continues. The use of the iPad's web browser (portal) interface encourages the companies to create web applications like Google's (GOOG) word processing or spreadsheet applications.
This paradigm shift toward web-only applications pressures companies like Microsoft (MSFT) and Intuit (INTU) into deploying their applications within a web browser. A customized operating system could provide just wireless connectivity to connect to storage drives and printers along with the web-only iPad environment . This saves companies a bundle because they no longer have to supply full functional laptops running operating systems supporting a slew of critical applications. Only a browser with wireless connectivity networking is required.
What are the points within the iPad product that need a security focus? The iPad product obviously supports wireless communications anywhere. This communication must be encrypted with something like WPA2. Each website has its own communications criteria HTTP or HTTPS (which is encrypted and secure). But current browsers can be hacked and phished. What about being totally proactive and catching the enemy before they set the trap (phishing hole)?
What future security ideas would I suggest? I recommend creation of a next generation browser that is backward compatible or it could simulate prior browsers. The new browser would be hardened in such a way that it could not be attacked using OWASP listed techniques today. It may also require all new (not prior old browser) communication with it be encrypted maybe with a new secure well-known socket (not port 80 or 443). Users visiting websites supporting the new protocol could review that website's software certificate to make sure it is who they expect it to be. A web site status and health bar could be displayed within the browser showing the strengths of the site.