Warning: Use of undefined constant localhost - assumed 'localhost' (this will throw an Error in a future version of PHP) in /home/customer/www/ipadincanada.ca/public_html/wp-config.php on line 7
iPad Security and Best Practices for Administrators - iPad in Canada Blog - Canada's #1 iPad Resource iPad in Canada Blog – Canada's #1 iPad Resource

iPad Security and Best Practices for Administrators

by on May 16th, 2011

For those of you who work with the iPad in a corporate environment, you may be interested to read the article that was recently published by the Communications Security Establishment Canada (CSEC). CSEC has produced an iPad Security and Best Practices publication to assist Government of Canada (GC) departments when implementing and using the iPad.

The article identifies iPad security deficiencies such as:

  • Jailbreaking;
  • Security assurance practices for third party applications;
  • Data on an iPad is encrypted using AES-256 hardware encryption (the article doesn’t go into detail as to why this is a security issue); and
  • The enforcement of security policies.

The article recommends the following best practices for securing the iPad:

  • Only devices with iOS 4.2.x be used;
  • The administrator should ensure that the full set of iOS policies is enforceable with the chosen Mobile Device Management (MDM) solution;
  • Use MDM solutions  to monitor for the installation of unauthorized third party applications;
  • Verify that installed third party applications do not introduce any security risks to the organization;
  • A higher level of security can be provided by use of a thin client solution;
  • Using and enforcing a password policy pertaining to length, complexity and allowable number of failed attempts in accordance with CSEC’s guidance;
  • The iPad’s hardware and firmware should not be modified in any way;
  • Corporate e-mail should be processed through a thin client solution, and the iPad’s native Mail application not be used to send and receive corporate e-mail;
  • GC departments perform procurement and activation of the iPad on behalf of each user; and
  • GC issued iPads should not be connected to a non-GC computer (e.g. user’s home computer) to avoid the compromise of the device’s configuration, security policies, and/or settings implemented to protect GC information.

For the complete article please refer to the CSEC article here. Let us know what you think of the article. Do you agree or disagree with what CSEC has documented and recommended?



**Want the BEST new iPad protection? Order your invisibleSHIELD by ZAGG, the strongest protection for your new iPad backed by a 30 day money back guarantee, lifetime replacement warranty, and FREE shipping! Use coupon code 'iphoneinca' for 20% off your purchase! Order today!**

Posted under: iPad News, Jailbreaking, Recommendations, Reviews