ATLANTA, May 3, 2013 /PRNewswire/ — Mobile Active Defense (M@D), The Smartphone Security Company, fully supports Apple's action to reconsider a decision it made to change how iPhones and iPads handle virtual private networking (VPN) access, following the conclusion of a patent lawsuit with VirnetX.
When Apple lost a patent infringement case in November 2012, the company initially decided to modify a key security function in iOS – the on demand virtual private network (VPN). They planned to reconfigure iOS 6 so that its VPN on demand setting defaulted to "establish if needed" rather than "on demand." Mobile Active Defense immediately published a White Paper (http://www.mobileactivedefense.com/wp-content/uploads/2013/04/ios-ondemand-vpn-WP.pdf) and CTO Rob Smith noted that changing the VPN on demand feature had profound security implications.
A number of self-proclaimed security pundits subsequently tried to sell the incorrect idea that the proposed change was "merely a matter of inconvenience." Users would now 'only' have to manually start the VPN before initiating any data traffic.
At stake for organizations with employees using iPhones and iPads was nothing less than losing the ability to secure those devices across their mobile enterprise with industry standard IPSec over a VPN. Now, users could disable VPN and data in motion security at any time, removing content filtering, and a long list of other critical mobile security features. The impact of Apple's announced changes to the default VPN security within iOS underscores the substantial risks that organizations face when attempting to securely deploy their mobile workforce.
Organizations worldwide must now seriously ask themselves if they want to rely upon the sometimes capricious decisions made by mobile device manufacturers and developers of operating systems. As with Apple's initial decision, such changes can often have a negative impact on data and mobile security, and cause an organization to instantly fall out of regulatory compliance.
With Apple now challenging the patent infringement verdict, it appears likely that on demand VPN will not be removed from devices that have already shipped.
Winn Schwartau, Chairman of Mobile Active Defense said, "We completely support Apple's court challenge. Too many enterprises – and even MDM vendors – do not really understand the inner workings of mobile operating systems. They do not always appreciate the profound impact on security a seemingly innocuous change can cause.
"This is the right move given the only fundamental secure way to fully protect data in motion connected to mobile devices is by forcing all traffic through an IPSec VPN. Other forms of data transfer like SSL VPN exist, but each have well documented security flaws."
The hallmark of M@D's solution is secure communications. Mobile Active Defense is the only company to have developed technology to upgrade existing MDM shops with complete data at rest and in motion security with iPSec VPNs, Terminators, Firewalls and Content Filtering.
SVP Eric Green said, "MDM customers came to us, realizing that they were still struggling with securing data in motion and automating a VPN connection to access corporate resources. So we solved their problem."
Rob Smith said, "The security industry should be grateful that Apple is standing up for security. Their enlightened decision enables M@D Products to sit under any MDM product and add the missing security pieces, including network level controls for mobile devices. We offer sophisticated MDM capabilities, too, but we also recognize that companies may have already bought other MDM products. But now they need mobile security. So we are answering that call."
For more information on Mobile Active Defense's security product for MDM please call us or visit our website at http://www.mobileactivedefense.com/solutions/mdm-implementation/.
For a complete technical description of how the proposed changes would have affected mobile security, and an analysis of workarounds, read the Mobile Active Defense white paper at http://www.mobileactivedefense.com/wp-content/uploads/2013/04/ios-ondemand-vpn-WP.pdf.
For interviews and additional technical commentary, please contact: Jackie Baumann at 941-266-3819 or Email.