Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple's security strategy: make it invisible

Rich Mogull | June 17, 2013
When I received an invitation to the keynote event at Apple's Worldwide Developers Conference, my first reaction was, "Why?" I'm known as a security guy, which means my keynote invites are only when major security features are released. But as I watched the presentations, I began to understand why.

Invisible and practical

You'll see evidence of this same approach elsewhere in the Apple ecosystem.

With FileVault 2, Apple provided full disk encryption for users to protect lost laptops. But at the same time, the technology allows users to safely and freely recover their system if they accidentally lock themselves out (without giving the NSA a back door). XProtect provides invisible, basic antimalware protection to all Macs, without the intrusiveness or cost normally associated with antivirus tools. Java in the browser is automatically disabled unless a user explicitly needs it; adding a small hoop to jump, while again minimizing the biggest attack path against current Macs. iOS will soon strongly encrypt all app data, while continuing the tight app isolation that effectively eliminates most forms of attack.

These tight controls might frustrate some advanced technology users, and certainly frustrate security vendors. But they also provides a safe user experience that's proven itself effective over the past five years.

The consistent thread through all these advances is Apple attempting, wherever possible, to use security to improve the user experience and make common security problems simply go away. By focusing so much on design, Apple increases the odds users will adopt these technologies and, so, stay safer.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.