The iPad is everybody's "it" device: new, bright, sexy, and -- as with everything Apple produces -- oh so stylish and fun to use. It's a transformative item worthy of all the press it has garnered. The iPad breaks the decades-old laptop/desktop paradigm and takes us partway over that bridge to a future of lightweight, multifunction mobile implements and powerful, cloud-based applications and services. But like any piece of hardware, the iPad is only as good as its weakest feature. In the case of the iPad and iPhone, everyone knows that the weakest feature is the unholy and exclusive relationship with bumbling carrier AT&T.
When news broke Wednesday about a security breach by a French hacking group that yielded the email accounts and device IDs of more than 100,000 VIP iPad users, it was little surprise that the source of the breach wasn't Apple, which has wrapped some decent security features around its new device [PDF]. Instead, it was AT&T. As with any breach, there are lessons to be learned here, as organizations everywhere venture into the brave new world of mobile devices and the hosted or hybrid applications that empower them.
The first is, obviously, know what you have running in your environment. Consumer-led adoption of next-generation devices like the iPad outstrips the ability of IT organizations to properly manage and secure them -- a phenomenon that Gartner famously termed "the consumerization of IT" way back in 2005, when the big mobile news was the hack of Paris Hilton's Sidekick account. Enterprises need better tools for mobile device discovery, tracking, and lifecycle management. Alas, many of the vendors they'd turn to for help are just figuring out that Windows Mobile isn't the heir apparent to Windows and are only now getting around to supporting platforms like the iPhone and BlackBerry.
The second lesson is about the importance of investing in application testing and security -- not just of your own platform, but also those of your business partners and any other firm or individual that wants to swim in your pond. Any employer worried about the security of its networks, data, and intellectual property needs to be very concerned not just about the security of the devices their employees are bringing into the office, but about the entire application and services infrastructure that supports those devices. This AT&T incident is just the latest example of that.