Steve Jobs’ information security legacy

Not much has been said about the security of Apple’s products in the wake of Steve Jobs’ passing. Now may not be the time, but I’m going there anyway.

Jobs’ vision has changed the way we live. We get our music differently. We work differently. We play differently. There’s a lot to thank him for.

But there will be security issues to deal with in the land of Apple. I don’t point that out to be insulting, though I’ve learned over time that Apple enthusiasts are easily insulted. They are so devoted to the technology — and have been so lucky to date in not seeing the same level of attacks Microsoft users have seen — that many refuse to accept that there are risks in the devices they revere.

We’re starting to see the security risks (just look at all the Mac vulnerabilities we’ve seen of late) but attackers are only getting warmed up, testing the defenses and seeing what kind of damage they can do.

With the iPhone and iPad so ubiquitous in work and at home, the bad guys now have all the reason in the world to make these devices their number-one target. It’s going to happen.

But Apple will deal with it, just as Microsoft had to deal with their security problems in the last decade. Apple, in fact, is already moving in that direction.

CSO contributing writer George Hulme wrote in March about how, when examined in their entirety, recent steps taken by Apple show a concerted effort by Apple to strengthen the security of its Macintosh computing platform. He wrote at the time:

Proactively engaging with the Apple security community is Apple’s most recent move in what appears, from the outside, that the company is stepping up its security game. Earlier this year Apple reportedly hired noted software security expert David Rice. That personnel move followed the hiring of Window Snyder, former security lead at Mozilla, last year.

“They’ve hired a number of high-profile people,” says Rich Mogul, founder and analyst at researcher firm Securosis. “They’ve since fallen into the Apple vacuum, but I most definitely get the feeling that Apple is taking security more seriously.”

Also, two independent sources close to Apple report that the company is aligning a security member as part of each product team, though CSO has not been able to confirm this.

Steps like this can only be good news for consumers of Apple products, enterprises, and Apple’s own ambition to gain a larger piece of corporate sales.

Steve Jobs didn’t get to have his security moment like Bill Gates did in 2002 when he sent out the Trustworthy Computing memo. But I doubt he’s feeling sorry about that as he sits on his cloud (or wherever he is now).

The security push now falls to his successors. I wish them well, and I thank Jobs again for his many contributions to society. He has certainly made our lives more fun.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!