Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iPad security case study: Are we there yet?

Tom Kaneshige | March 23, 2012
Six months ago, the first iPad landed at the Bank of the Ozarks. Now there are nearly 20 company-owned iPads in employees' hands, with plenty more on the way.

Six months ago, the first iPad landed at the Bank of the Ozarks. Now there are nearly 20 company-owned iPads in employees' hands, with plenty more on the way.

If Bank of the Ozarks, a 100-year-old community bank headquartered in Little Rock, Arkansas, decides to follow through on a bring-your-own-device program that will let personal iPads hook into the corporate network, the iPad floodgates will break wide open.

"This is just the tip of the iceberg," says CIO Ron Kuykendall at Bank of the Ozarks. "The proliferation of iPads within our organization will increase significantly."

While Bank of the Ozarks is in the early days of iPad adoption, the IS department has been working furiously for months behind the scenes to secure customer data on these mobile devices. Kuykendall and his team have run the gauntlet, from patching together temporary security solutions to drafting policies prohibiting certain consumer apps to even beta testing emerging security products.

Slideshow: 15 Ways iPad Goes to Work

Everyone frets about losing sensitive data on the iPad, but financial institutions built on consumer trust are especially worried. After all, customer data loss can quickly turn into customer dollar loss. If customer data on an iPad were to be compromised, and word of it got out, the bad press could ruin a bank's reputation.

"What keeps me up at night is loss of consumer data, whether intentional or inadvertent," Kuykendall says.

Kuykendall's sleepless nights are about to get a whole lot worse, as more iPads flood the consumer and enterprise markets. Apple claims a record-breaking 3 million new iPads were sold the first weekend of its debut. UBS analyst Maynard Um predicts 12 million new iPad sales this quarter, if supply can keep up with demand.

iPad Sighting in the Ozarks

On the edges of this iPad pandemic lies Bank of the Ozarks.

The IS department needed to get a handle on security before iPad adoption spiraled out of control. This meant securing documents, either at rest or in motion, on the iPad. Bank of the Ozarks used various products and methods, such as SFTP file transfers, to ensure sensitive information was managed and stored on its network and servers.

In the world of the iPad, though, end users are in charge. A handful of Bank of the Ozarks iPad users began storing data in consumer apps and services such as Dropbox. "We actually had some users that were, um, testing that out, you can say," says Steve Due, senior network engineer at Bank of the Ozarks. "We wanted to catch that up front and cut it off."

In order to blacklist a popular consumer app, Bank of the Ozarks needed to offer an alternative to Dropbox that was just as easy to use. If the enterprise alternative is more complicated, iPad users will simply default to the consumer app despite policies telling them not to do so. (Bank of the Ozarks has a user policy that prohibits the use of certain consumer apps on the iPad.)


1  2  Next Page 

Sign up for MIS Asia eNewsletters.