Considering iPhone, iPad adoption? Take cybersecurity seriously

If you go with an Apple mobile device in a government enterprise you've got fewer cybersecurity worries, right? Contributor Richard W. Walker investigates.

You're thinking about migrating to an Apple Inc. mobile device — say the iPad tablet computer — to support mission-critical operations at your agency. They're easy to use, versatile, highly portable and loaded with all those fantastic apps. And they're said to be more secure — you've heard that hackers don't write much malware for Apple machines.

While Apple's products are designed from the bottom up to be highly secure, no self-respecting enterprise information system designer or manager would rely only on that.


Tim Hoechst
chief technology officerAgilex Technologies Inc.

"The interesting thing with Apple is that it is a Unix operating system [iOS], so we don't deal as much with all the viruses and the patching that needs to happen on the PC side of the house," said a federal information technology executive recently.

So if you go with an Apple mobile device in a government enterprise, you've got fewer cybersecurity worries, right?

Only up to a point. Security experts do note that Apple has incorporated technologies into its mobile devices that help enhance security.

Apple "did a few things that make it more difficult to write malware for any iOS device," said Tim Hoechst, chief technology officer at Agilex Technologies Inc. of Chantilly, Va., a systems integrator for Apple. "Every application … has to be digitally signed by somebody, and for it to run, Apple has to validate that signature. So you can't just write an app and put it on the device without it being digitally signed and verified by Apple."

But Hoechst also cautioned that when it comes to keeping critical government data safe, you've got to take all of the measures that are standard for enterprise security, mandated by the Office of Management and Budget and statutorily required — no matter what OS a device runs. Users can still lose the devices, wireless hackers can still compromise them, and, as they proliferate, the probability of malware is likely to rise.

At a time when Apple is making a major push to penetrate the government space, an increasing number of federal agencies are testing Apple mobile devices for mission-support operations. One example is the U.S. Marshals Service, an agency in the Justice Department. The Marshals Service has just launched a pilot program to test the practicability of replacing laptop computers used in agency vehicles with iPads. The agency expects to review lessons learned from the pilot in about six months, according to a spokeswoman in the office of Lisa Davis, assistant director of IT for the Marshals Service.

Apple recently started a program to formalize relationships with systems integrators and sell its products, primarily the iPad and the iPhone, on an enterprise level in the government and commercial sectors. Apple officials call it their Authorized Systems Integrator Program.

Agilex, Apple's first government-focused systems integrator, is working with several federal agencies on proof of concept and prototype programs that involve building mission-driven applications for Apple mobile devices to increase iPhone and iPad adoption. One of those agencies, for instance, is exploring the feasibility of deploying iPads to provide information to health care organizations, according to Hoechst.

In developing pilots for Apple devices, managers should make sure from the outset that they take security seriously, Hoechst said. "While Apple's products are designed from the bottom up to be highly secure, no self-respecting enterprise information system designer or manager would just rely only on that," he said. "They would leverage that [secure design] as well as the other kinds of security defense mechanisms that are required for any information distribution platform."

About the author:
Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 10 years.

Dig Deeper on Government information security management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.