One of the interesting projects we’ve recently been looking at with several customers is implementing secure document delivery of private (and in some cases public) data to the iPad using a combination of our Open Cloud Platform and our iSMEStorage iPad App.
The iPad seems to have become the executive, and salesman’s choice of device for mobility and ease of use. We’re seeing it everywhere from high end Finance to very small two to three man businesses.
What restricts some businesses from being able to use the iPad a means of accessing Cloud Data that they store on premise or in public Clouds in private accounts is often security. They need a level of security that can be above what is required for normal everyday use. I’ve outlined some of the requirements below:
1. Requirement to have full control over Cloud File Server / Gateway. This requires the company implementing our Open Cloud Platform on their premise or in their data centre. This is reasonable straight forward and we have a whitepaper on the architecture for high availability here.
2. The iPad has to be a complete sandbox and not accessible as a “File system”. Of course, the way Apple designed iOS Apps was that each operate in their own sandbox directory and by default there is no access to different directories from within Apps (unlike Android). However if the device jailbroken all bets are off. To this end, we implemented in our code for such clients that detects if the device is jail broken when the App is installed or launched. If it is then the App becomes inaccessible.
3. Of course in in point 2 above, if the App is not launched and someone gets access to the filesystem via a jailbreak then the files could still be compromised. To this end we have implemented encryption on PIN. The current version of iSMEStorage already enables adding a PIN over above login. For private customers we this PIN to also encrypt the data on the iPad, much like you can do using the home directory encryption that Apple provides on the Mac. This now means that if the device is jailbroken and the App is not launched then the files, even if accessed, cannot be viewed. This feature may well make it’s way into our App Store iSMEStorage App at some point in the future.
4. In the unlikely event someone does get access to the App then all documents that are accessed can be encrypted using the SMEStorage Cloud Platform which means that a PIN is required to download them to the device (where the are encrypted anyway). The encryption is 256 bit AES encryption.
5. Integration with third party authentication services. A number of clients we’ve worked with have their own third party authentication services. In some cases we’ve need to look at integrating these into the authentication mechanism used for our iPad App. Two examples are Ping Identity Server and Arcot mobile authentication solution. You can view a short whitepaper on security integration here.
6. Disabling any document sharing with other Apps. This of course makes perfect sense in a world where you want the ultimate security for files and was simply a case of disabling this feature. This presented some challenges where customers wanted still to have some editing capabilities of documents. To this end we entered into OEM’s with best of breed third party solutions for such private implementations that enable document editing from within the App as well as PDF annotation for PDF documents.
Taking these steps a secure document delivery solution can be achieved for Private data. Public data, stored on such services as Amazon S3, or RackSpace, can if required also be accessed by “plugging them” in at a Cloud Platform Server level. Additional data becomes part of the Cloud File System and can be managed easily within the virtual directory. The Organisation can use the options in the SMEStorage Cloud File Server to require encryption for all documents stored on such services that pass through the Cloud Gateway.