Six
months ago, the first iPad landed at the Bank of the Ozarks. Now there are
nearly 20 company-owned iPads in employees' hands, with plenty more on the way.
"This
is just the tip of the iceberg," says CIO Ron Kuykendall at Bank of the
Ozarks. "The proliferation of iPads within our organization will increase
significantly."If Bank of the Ozarks, a 100-year-old community bank
headquartered in Little Rock, Arkansas, decides to follow through on a bring-your-own-device
program that will let personal iPads hook into the corporate network, the iPad
floodgates will break wide open.
While
Bank of the Ozarks is in the early days of iPad adoption, the IS department has
been working furiously for months behind the scenes to secure customer data on
these mobile devices. Kuykendall and his team have run the gauntlet, from
patching together temporary security solutions to drafting policies prohibiting
certain consumer apps to even beta testing emerging security products.
Everyone
frets about losing sensitive data on the iPad, but financial institutions built
on consumer trust are especially worried. After all, customer data loss can
quickly turn into customer dollar loss. If customer data on an iPad were to be
compromised, and word of it got out, the bad press could ruin a bank's
reputation.
"What
keeps me up at night is loss of consumer data, whether intentional or
inadvertent," Kuykendall says.
Kuykendall's
sleepless nights are about to get a whole lot worse, as more iPads flood the
consumer and enterprise markets. Apple claims a record-breaking 3 million new
iPads were sold the first weekend of its debut. UBS analyst Maynard Um predicts
12 million new iPad sales this quarter, if supply can keep up with demand.
iPad
Sighting in the Ozarks
On
the edges of this iPad pandemic lies Bank of the Ozarks.
The
IS department needed to get a handle on security before iPad adoption spiraled
out of control. This meant securing documents, either at rest or in motion, on
the iPad. Bank of the Ozarks used various products and methods, such as SFTP
file transfers, to ensure sensitive information was managed and stored on its
network and servers.
In
the world of the iPad, though, end users are in charge. A handful of Bank of
the Ozarks iPad users began storing data in consumer apps and services such as
Dropbox. "We actually had some users that were, um, testing that out, you
can say," says Steve Due, senior network engineer at Bank of the Ozarks.
"We wanted to catch that up front and cut it off."
In
order to blacklist a popular consumer app, Bank of the Ozarks needed to offer
an alternative to Dropbox that was just as easy to use. If the enterprise
alternative is more complicated, iPad users will simply default to the consumer
app despite policies telling them not to do so. (Bank of the Ozarks has a user
policy that prohibits the use of certain consumer apps on the iPad.)
Bank
of the Ozarks looked to an emerging app from GroupLogic, called activEcho, to
be the alternative storage app on the iPad. It's an enterprise file sharing
product that integrates with Active Directory and supports secure file
transfers, thus keeping data on Bank of the Ozarks servers and network.
But
activEcho was still in beta, and CIOs traditionally shun new products and
startups. In the fast-moving world of tablets and mobile computing, CIOs have
to shed some of this thinking in order to keep up. Bank of the Ozarks spent
three months as a beta tester.
A
Sandbox Approach to Security
GroupLogic
unveiled activEcho last week on the same day Quickoffice launched Quickoffice
ProSelect HD, an iPad app that lets users work with Word documents, Excel
spreadsheets and PowerPoint slides. The two apps are important because they
work together to prevent data leakage on the iPad.
From
the end user perspective, here's how it works: A Bank of the Ozarks employee
can launch activEcho on the iPad and gain access to, say, a Word document
residing on the corporate network. But the only option to open the Word
document is in Quickoffice, not any of the other Office-like iPad apps such as
Pages, Office2 HD and Docs to Go.
Once
inside Quickoffice, the employee can view and edit the document. When it comes
time to save the document, the employee simply has the SaveBack Only option,
whereby the file saves back to the original source, such as a Sharepoint access
point behind the firewall. (Quickoffice ProSelect also doesn't allow users to
copy and paste outside the Quickoffice app.)
"We're
creating a virtual sandbox between cooperating vendors," says Derick Naef,
CTO of GroupLogic.
source
pcworld
Tag :
iPad
0 Comments for "Latest,iPad Security Case Study: Are We There Yet?"