With the plethora of Apple iPhones and iPads used for business, security solution providers may be considering expanding their Apple device security offerings. To address this strategy, SearchSecurityChannel.com interviewed Kevin Klein, president and CEO of Santa Monica, Calif.-based solution provider 318 Inc., which specializes in securing Apple devices in its customers' enterprises.
Klein talked about the training and support his company receives from Apple, the issue of using third-party products as part of his company's Apple management offerings, and how to respond to customers' questions about the security of Apple versus Droid or BlackBerry mobile devices.
In the past, security was not a major concern for Apple devices, compared to Windows-based devices, primarily because attackers were less interested in the relatively smaller population of Apple devices. Now that this is changing, with more iPhones and iPads being used for business applications and data, is this a good time for resellers to become an Apple reseller, consultant, or services provider?
This is a great time to consult on iPhone and iPad integration and to be providing outsourced services for the platform. The adoption rate is currently outpacing the supply chain of professionals who can service end users. As a result, many Fortune 2000 enterprise CIOs and SMB IT directors are caught reacting to the immediate need to integrate Apple iPads and iPhones for mobile executives and sales teams.
At 318, we've been making ourselves available as a referral agent or subcontractor on the Apple platform for organizations who specialize in other platforms. This part of our services portfolio has seen substantial growth this year.
For customers who feel overwhelmed by their employees' expectations to use personal iPhones and iPads for work, how much evangelism is required by the reseller to help the customer's executives realize they need good security for the data on those devices? Do you have any best practices on how to go about this?
Kevin Klein318 Inc.
Little evangelism has been required in our experience. A grassroots campaign to force the IT department to support them seems to be forming at every major corporation. Most of the executives will have an iPad or an iPhone themselves. They will want their own devices to be secure and the need for supporting all consumer devices is becoming self-evident. Luckily, with ActiveSync now supported on most mobile platforms and policies from Exchange also being supported, the variety of requirements per platform becomes less and less with every iOS release.
If a potential customer questions their solution provider on the relative security merits of iPhone vs. BlackBerry vs. Droid, what is the best way to respond if a) their business focuses exclusively on Apple, and b) if they currently support a variety of vendors?
The three platforms are very different in their approach to security. The iPhone operates in such a way that no application can talk to other applications except using APIs that have been specifically defined by Apple. This technology is called sandboxing and was heavily influenced by SecureBSD.p
The Droid is very open, architecturally. Applications themselves can define how they interact with other applications. This approach is heavily influenced by the Linux underpinnings of Google's Android.
The Blackberry is a fully end-to-end proprietary device, with all technology developed by Research In Motion (RIM) Ltd.
Therefore, comparing the devices becomes a conversation more about the methodology used and then the specifics behind how to manage policies, a process that is very similar with all three platforms.
Looking at the Apple partner program, how responsive is Apple in supporting its channel partners? In general, do they respond to questions and support requests in a timely fashion? What about Apple Specialists, who support small and midsized businesses and number in the hundreds?
In my experience, Apple, and in particular our account representatives within Apple, have always been extremely responsive and supported us in a timely and informative manner. As an Apple Specialist, we are assigned technical and sales contacts. They've always worked well together to make sure our needs are met.
Is it best to rely on Apple products entirely for iPhone and iPad security, or do you recommend third-party products? And what third-party products do you recommend?
The ecosystem around iPhone and iPad security is still forming. Our firm, 318, works with a number of third-party vendors, including Sybase Inc (Afaria), JAMF Software LLC (Casper 8) and AirWatch LLC, to provide mobile device management (MDM), encryption, mass deployment, patch management and multifactor authentication solutions.
If a solution provider installs a third-party security product on its customer's iPhones and iPads, how will that affect the support the reseller receives from Apple?
AppleCare handles all warranty and support for Apple products. Above and beyond being an Apple reseller, 318 is also an Apple Authorized Service Provider, allowing us to service the hardware for our customers. Unless the third-party product involves jailbreaking or altering the physical device, we can still provide support and warranty repair for devices.
What security training and certifications does Apple require and/or recommend for its resellers? Do you find this training and certification helpful?
More mobile security resources
This interview is a part of the SearchSecurityChannel.com resource guide,Securing mobile devices: A resource guide for solution providers.
Apple has a line of courseware and exams in the Apple Certified Server Administrator (ACSA) certification. This certification involves a number of exams, which can be taken at standard testing centers (including Prometric). This is basically the same as with certifications from Microsoft and other leading providers. Included in the track to attain an ACSA is the Mac OS X Security and Mobility course. This course is a survey of the security options available for the iOS-based devices. (iOS is Apple's operating system for iPhones, iPads, and iPod Touch.) While 318 recommends this course to anyone charged with supporting Apple devices (including resellers), it does not cover third-party products.