Apple has unveiled the latest iPhone and the latest enhancements, including a new biometric security offering called Touch ID. In addition, Apple confirmed that iOS 7 will be released later this month. So will Apple's newest offerings have any impact to corporate security?
On Tuesday, Apple announced the iPhone 5S and the iPhone 5C, two devices that will replace the iPhone 5. However, while the consumer market will have their own opinions and thoughts on the latest Apple offering, the IT community is paying attention for different reasons. Tuesday's announcement from Apple's HQ in Cupertino, California also discussed iOS 7 and the biometric security offering, Touch ID.
During Apple's launch event, Phil Schiller, the senior vice president of worldwide marketing, said that passcodes were too cumbersome for some people. "In our research about half of smartphone customers do not set up a passcode on their device, and they really, really should," he remarked.
One of the largest risks in a BYOD program is the lack of overall management and data protection; this is why passcodes are the default security setting applied to most devices. It isn't full proof, but passcode enforcement is a solid building block. Yet, without enforcement, most device users skip the passcode, for the same reasons Schiller mentioned.
In order to address this issue, Apple used the technology acquired when they paid for $356 million for AuthenTec (a company that focused on identity management and fingerprint sensors) last July, to offer consumers a "key you have wherever you go. Your fingerprint," Schiller said.
The fact that Touch ID will do more than just unlock the device, as it can act as a secure authentication mechanism for other iOS-based apps, as well as acting as a link to a user's Apple ID — enabling purchases from the various Apple stores (iTunes, App Store, iBookstore), sparked plenty of debate online.
On Twitter, many of the reactions were focused on privacy issues, and others debated how effective Apple's implementation of biometrics would be in the long term. At issue is the fact that laptops have had biometrics for some time, and they are rarely used.
Others raised the point that biometrics were not considered when existing mobile management offerings were put into place, so there will need to be costly (in money and time) adjustments made. Apple, for their part, explained that the fingerprints used by the iPhone 5S would be encrypted and stored on the device's A7 chip, and not on a server somewhere in the iCloud.
Marcus Carey, inventor at Threat Agent, a company that provides security professionals with applications to do security assessments and training, pointed out on Twitter that the security industry needs two-factor authentication and biometrics. Instead of arguing, he said, security professionals "should be thinking how you could leverage built in Biometrics in iOS to help secure your data."
Sign up for CIO Asia eNewsletters.