A few weeks ago I had a discussion with a customer. They started a pilot for paperless meetings for the board members of CompanyX using Alfresco 4 (Share, actually) and iPad’s. The security department got worried.
CompanyX uses Alfresco+Share already as an internal repository. It stores confidential documents about all kind of business related stuff, and it is used as a collaboration environment. This instance is completely within the firewalls, and cannot be accessed from the outside. A new Alfresco+Share is installed in the DMZ, accessible from the outside world. The Share access is fine, and can potentially be protected additionally using a 3rd party token authentication. The iPad’s are the toys the security department is worried about.
The scenario is that the secretaries prepare meeting documentation in a folder structure in a Share Site. The PDF version of this documentation is available for the meeting participants, and can be found using Alfresco’s iPad app. The participants can annotate the PDF’s using PDF Expert and can be saved back into Alfresco (using Alfresco Mobile the iPad tool). The secretaries can process the annotated PDF’s into some final version. The image above is a flip-over used for training purposes (I love it).
The board discusses serious and confidential subjects that can have social and financial impact, these need to be properly protected. The iPad tooling has the consumer qualities of Microsoft Windows in the early 90; nice and shiny wanna-have for consumers, lousy in businesses. The chain of tooling has ‘some issues’;
- The Alfresco iPad app has no password protection
- The Alfresco iPad app can save content to for example Evernote and other platforms confidential content should never accidentally end up
- The Alfresco iPad app caches content locally, unencrypted (but the iOS is capable of doing so… [PDF])
- The PDF app (PDF Expert is used, password protected) has a local copy of the document(s) again (unencrypted)
- The PDF app can save the content to Evernote and other platforms confidential content should never accidentally end up
(If QuickOffice would be used the effects would of course be the same.)
Let’s face it, it can be expected that the children of the board members are users of the iPad too, and they are probably not most conscious about security issues and how to deal with these. It would be second-best if:
- The Alfresco iPad app will be extended with a password protection and encrypted storage.
- Applications should be configurable by the company to not-store or remove ‘intermediate’ files. There should be no trace of the documents after reading/processing.
- Applications should be configurable to output content to selected apps/end-points only
But even better:
- iPad’s should have facilities to create a password protected ‘inverse’ sandbox of (business) applications that will be locked if the user navigates away from any of these apps (or time out). Within this ‘inverse’ sandbox the navigation should be possible without ‘fences’.
Personal security discipline is a problem. To many fences is more secure, but unacceptable (e.g. a password per app, to be entered every time if you switch from one to the other). This must be improved.
In the beginning Microsoft Windows has its issues either. It was a nice tool for consumers, but rather insecure and not to centrally manageable. iPad’s (and tablets in general) also have security flaws and are not manageable at an enterprise-standard. The possible chain of apps is uncontrollable, and their individual behaviour even less. There is no standard controlled environment to allow decent business collaboration between apps, and provide encrypted storage only.
iPad’s and other tables are consumer tools, entering the enterprise. For now, the easy, ‘public’ business applications are acceptable. ‘Decent’ enterprise applications are work in progress. I am sure solutions will be found. Some other day.