Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iPad / mobile device security and policy

From: Barron Hulver <Barron.Hulver () OBERLIN EDU>
Date: Wed, 2 Feb 2011 12:49:42 -0500
Oberlin College is in the process of migrating our books for the Board of Trustees from paper to electronic format (similar to www.boardbooks.com). The goal is to have a secure web site hosted somewhere on the Internet where trustees can download or display the books on an Apple iPad. The iPad may or may not be owned by Oberlin College. I'm less concerned about our web site and more concerned about the mobile device. Assuming the data is downloaded to the iPad then it will be replicated once the iPad is tethered and synced to a host (such as a laptop). The data will undoubtedly be replicated again when the host is backed up, such as to an external hard drive if using Time Machine or to an organization's central backup service. So, of course, the concerns are that iPads and laptops are easily lost or stolen and the data is easily replicated to devices where there is no control over access to the data.
I've recommended that each document should be encrypted with a 256-bit AES symmetric key but I wonder if that is enough. The future use of individual digital certificates via the InCommon/Comodo service may be interesting. 

I'm interested in what others are doing in this area.

Barron Hulver
Director of Networking, Operations, and Systems
Center for Information Technology
Oberlin College
148 West College Street
Oberlin, OH  44074
440-775-8702
http://www2.oberlin.edu/staff/bhulver/
Previous By Date Next
Previous By Thread Next

Current thread: