iPad Data Loss Prevention: Security Savior or Strong-Arm Tactic?

It’s a late night, and you’ve fired up Facebook on your ACME.com company-owned iPad to post some bad news. “A reduction in workforce is going to happen this week,” you type into your update status field and tap the post button.

Instead of this status post, though, another post appears in plain view for all recipients to see:

“The web post you were intended to receive contained content that violated ACME.com confidential data security policy. The content has been removed to protect against data loss. If you have any questions, please contact the person intending to send you this information. Thanks.”

Today, Symantec unveiled a data loss prevention solution on the iPad that will do exactly this. Called DLP for Tablets, the system forcibly routs all 3G and Wi-Fi outbound Web and email traffic on the iPad through a virtual private network and detection server. The traffic is monitored and inspected using keywords and other detection technologies.

If a user violates a data-handling policy, the DLP system will trigger an action depending on a company’s configuration: block the email or Web post from going out, record the data breach, or notify the user and/or recipients. “People don’t know what’s confidential data,” says Robert Hamilton, senior product marketing manager at Symantec. “If you have a system in place that can remind them… then they’re going to start changing their behavior.”

DLP for Tablets is the latest entry into Symantec’s mobile security suite. This summer, Symantec announced its PGP Viewer for iOS that lets an iPad user receive and view encrypted email over the native Mail app and a sandbox viewer app. DLP for Tablets will be available on the iPad in the first half of next year; support for Android is slated for later in 2012.

But is DLP for Tablets too much of a strong-arm tactic? Symantec claims it is warranted. In its recent State of Security survey of 3,300 global organizations, nearly half of respondents said mobile computing is driving security challenges.

As Apple iOS market share rises, the iOS platform’s allure as a target grows, says Jeff Schmidt, CEO of JAS Global Advisors LLC. “Apple’s time is coming,” Schmidt says, adding that managing human behavior for security reasons is a monumental challenge.

Pity the CIO who stands at the crossroads of corporate data security and employee freedoms. Given the iPad’s emergence as a personal and business device, the iPad is a culture shock for IT, says Aaron Freimark, IT director at Apple services firm Tekserve, which helps Fortune 1000 companies adopt the iPad.

With DLP for Tablets, Symantec is basically tapping the iPad’s existing ability to force all traffic through the VPN and then using this feature as a filter with a man-in-the-middle proxy server. “It sounds pretty innovative,” Freimark says.

However, the idea that a company can actively inspect personal emails and post to an employee’s Facebook account, albeit over a company-owned iPad, is somewhat disconcerting.

“The hallmark of these devices is that you’re always checking email and Facebook, you’re always on,” says Freimark. “If you restrict that in some way, you’re really fighting against the whole reason for their popularity.”

Tom Kaneshige covers Apple and Networking for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Tom at tkanshige@cio.com