Will Apple make David Rice disappear?

The former NSA expert has reportedly joined Apple as director of global security. Will he articulate the company's security policy -- or slip behind Apple's veil of secrecy?

Security expert David Rice will reportedly be joining the most secretive organization in America. No, not the National Security Agency -- he's already worked at that runner-up. No, Rice will reportedly be joining Apple.

It's no secret why Apple is searching out heavy-hitting security people. Earlier this month, Apple formally declared that it was focusing on the enterprise -- but it still has not issued an enterprise security strategy. Already, more than 80 companies in the Fortune 100 are testing out iPads for corporate use, and 88 of the Fortune 100 companies are testing or deploying applications on the iPhone. The company's products increasingly get carried into the enterprise by workers, a trend known as user-driven IT, and companies want assurances that Apple is doing everything right in terms of security.

Yet, over the past decade Apple and the security community have had a mixed relationship, at best, mainly due to the company's secrecy.

While Microsoft has actively courted security researchers -- with appreciation parties, special conferences such as Blue Hat, and more timely responses to vulnerability reports -- Apple has yet to make a public effort at engaging the security community. This week is a case in point: The company is reportedly hiring security expert David Rice, a former analyst at the National Security Agency, to become director of global security, but has so far kept mum on the reports.

This is standard operating procedure for Apple. In many ways, the lack of a conversation on security speaks more toward Apple's culture of secrecy than toward its seriousness about security. Apple has made a number of key hires over the past few years -- including Window Snyder, a former Microsoft and Mozilla security engineer, and Jon Callas, an encryption expert from PGP Software -- and has a regular, if low-key, presence at security conferences. But where these security professionals had a public face in their roles at previous companies, they are rarely heard from after joining Apple.

It may take a critical security incident to shake up Apple and get it talking security. Microsoft did not push security to the forefront until it faced a number of serious attacks by viruses that caused its customers to question whether they could secure their software.

Given that Apple just took the No. 1 spot for vulnerabilities (PDF) -- though most of the flaws are in the third-party open source packages that are part of the Mac OS X operating system -- the company needs to not only take security seriously, but communicate its plan to its customer and the community as well.

This article, "Will Apple make David Rice disappear?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies