Tue, Sep 20, 2011 - Page 11 News List

Product security at Apple becomes issue of concern

BEING HUMAN:From e-mail scams to Cold War-style subterfuge, human weakness can be much harder to protect against than recognized digital vulnerabilities


Wanted: experienced security professional. Must have plan to thwart Chinese counterfeiters, protect secret blueprints from spies and keep workers from leaving super-secret unreleased smartphones behind in bars.

A day after a recent report that an Apple employee had lost a prototype for a new, but unreleased, iPhone at a Northern California watering hole, two job listings appeared on Apple’s Web site for managers of “new product security.”

Such workers would join a team at the US$350 billion company that has included former FBI agents and other highly trained pros with backgrounds in intelligence and law enforcement.

While a private security force might not seem in keeping with its user-friendly image, Apple and other companies in its league need the best protection they can buy, corporate security experts say. Lost iPhones likely don’t come near the top of the list of anxieties.

“Corporate espionage, that’s big money, billion-dollar money. The paranoia is justified,” said Jim -Stickley, co-founder of corporate security consulting firm -TraceSecurity “Whatever they’re trying to do, their competitors want to know. Everybody wants to know.”

Apple watchers say the company is known for creating many test versions of its new devices before they’re released to see how they work in the real world.

Losing just one such device is perhaps more of a marketing headache than a serious security breach, as was the case for Apple last year when the tech blog Gizmodo posted photos of what turned out to be a then-unreleased iPhone 4 lost by an employee at a San Francisco Bay Area beer garden.

Once a new device has reached the point where employees are field-testing it, a competitor who obtained one wouldn’t have enough time to analyze it and do anything to take advantage of that insider knowledge, Stickley said.

However, for Apple and other tech companies the issue amounts not just to a publicity problem, but a fiduciary obligation to shareholders to secure the company’s valuable assets, Apple analyst Tim Bajarin said. Companies also have an obligation to try to prevent such a loss from happening again, he added.

“If they fail, it’s the system that failed as much as the individual,” he said.

Despite the blogosphere frenzy surrounding the lost iPhone prototypes, experts say the security threats to tech companies are far more serious in China, where thousands of workers labor to manufacture Apple’s products.

According to a 2008 diplomatic cable released by WikiLeaks, Apple had only a modest security presence in China until March of that year, when the company hired a team from Pfizer that led a crusade against fake Viagra.

Under the leadership of Donald Shruhan, whose LinkedIn profile lists him as a Hong Kong-based senior regional director for Apple in security and investigations, the company began taking steps to rein in the country’s trade in counterfeit iPhones, iPods and MacBooks.

“Early evidence suggests nearly 100 percent of Apple products in unauthorized mainland markets are knockoffs,” according to the unclassified cable from the US embassy in Beijing.

The job of keeping such counterfeits off the shelves, to keep blueprints for new products from leaking and to otherwise secure vital trade secrets falls under the field of information assurance.

For information assurance professionals, securing computer networks is only part of the job. They also make sure companies remember to lock their actual doors.

This story has been viewed 3075 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top