The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/34686
BEST PRACTICES The iPad may be one such consumer-oriented tool that can find traction in the corporation. Tablets are generally viewed as a fast and unobtrusive way to enter and access key information, no matter where the user happens to be. The iPad is also pretty easy to use, all things considered, so lawyers from every generation should be able to make their way around the device. In a way, tablets are giving control back to the end user. Although desktop and laptop computers are extremely powerful and allow us to create all sorts of content that we could not otherwise do in an analog world, they also throw up barriers between our ideas and the means we use to express them. The very nature of the tablet brings some of us lawyers back to the day when a legal pad was all we had to express our legal arguments; it feels good to be able to write on something again, in a medium that can do so much more with our thoughts than paper. It’s also less of a barrier between us and our clients — we are no longer hidden behind our laptops at depositions, and we are easily able to present documents to our witnesses at trials and hearings or have our clients sign important documents onscreen. ADDRESSING SECURITY CONCERNS I understand other law firm IT departments object to the deployment of the iPad and other tablets because of security issues. Although I’m just a lawyer, not a security expert, I understand that recent updates to the iPad platform have made its security features much more enterprise-friendly. You can now enable application-level encryption with a unique key that separates out the data stored by each app on the device. You are also now able to impose specific security policies on the iPad in the event Tips for Securing iPads number of security settings, this operating system takes care of most major security concerns. As with any technology implementation, there are a lot of policies and decision points to cover when rolling iPads out to the firm: W • Centralize management of tablet devices. This is the first, and most critical, aspect of rolling tablets out to firm users. Fortunately, iOS 4.0 supports centralized management, and dozens of vendors are now offering mobile management platforms. These include the well- known (if not always well-regarded) Microsoft ActiveSync, Good, Afaria, Trust Digital and MobileIron. • Encrypt all sensitive communications in and out of the device. This includes setting up email session encryption, but it’s for application use as well. Consider configuring Virtual Private Network (VPN) access for each device. Firm email should, of course, be routed through firm mail servers. 28 www.iltanet.org Peer to Peer ith the release of iOS 4.0, the iPhone and iPad just got a lot more secure in the enterprise. Although its security features are nowhere near as sophisticated as that of BlackBerry, which has an amazing • Consider whether client data will be stored on the device. Although the iPad hardware is encrypted, a person with prolonged control of the device can likely bypass that encryption. This can be avoided by providing access only to company-controlled apps or to virtual desktops running on company servers. Another alternative is to utilize a trusted cloud service provider, as described below. • Use the strongest possible authentication mechanisms. While the iPad currently doesn’t support top-secret applications that require biometric authentication, there are apps that can ask for one-time passwords generated by RSA or VeriSign key fobs, and the iPad’s VPN can be configured to support two-factor authentication. • Opt for cloud delivery of content if available — and make it secure. Cloud service providers can be used to store content, instead of storing it on the device itself. As with all cloud services, check that the company meets all of the qualifications necessary to hold company data. Most important, make sure that the cloud provider uses encryption to protect the data as it is transferred between the service and the device.