Access your Pro+ Content below.
Apple security update: Is it ready for the enterprise?
This article is part of the May 2013 / Volume 15 / No. 4 issue of Information Security magazine
Apple, Inc.’s complex posture on security poses challenges for information security decision-makers charged with assessing the risks created by an influx of iPhones, iPads and Mac OS X devices. In the past year, security experts have proclaimed that Apple is simply not taking security as seriously as its major competitors. Apple’s security lags behind Microsoft Corp.’s by as much as 10 years, according to Kaspersky Lab CEO Eugene Kaspersky, who expressed concern in April 2012 about growing malware threats, after the company’s slow response to a critical Java update, made customers’ systems vulnerable to the Flashback Trojan. Apple has since been lauded for smart security decisions, such as eliminating the use of vulnerable Java versions on its devices, and adding support for two-step verification on Apple IDs in March 2013. Is Apple a model of solid security stewardship, or merely paying more attention to security to avoid backlash? Another criticism levied at Apple is its lack of transparency. The company is not upfront about ...
Access this Pro+ Content for Free!
Features in this issue
Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures.
Too many compliance programs miss the mark. Tony UcedaVelez explains how leveraging a threat model can re-energize your strategy.
It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?
Columns in this issue
Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with clean-slate luminary Peter G. Neumann of SRI International and formerly Bell Labs.
Managers need more training about technical security threats and input into IT policies that threaten productivity.