Enterprise security professionals will be pleased to learn that it will soon be possible to enhance the already considerable device security of Apple’s iPhones with hardware-based physical authentication dongles using the Lightning port.
A highly secure proposition
Announced at CES 2019, the key fits on a keyring and comes from the authorization experts at Yubico. The hardware connects to iOS systems using the Lightning connection and is also equipped with USB-C for Macs. This is quite a big deal.
Enterprise users can use this system to impose additional hardware security protections to regulate use of proprietary apps – that’s even more useful when boosted by the conventional biometric, password and MDM device protection that already exists on these devices.
It will enable organizations to deploy near rock-solid protection against unauthorized use of services, confidential data or even physical access to spaces.
It will also make Apple’s devices (iPhones, iPads) even more compelling systems for highly secure tasks that lack of hardware authentication has prevented them being used for in the past.
A little help from its friends
The introduction reflects Apple’s focus on providing a secure infrastructure for enterprise IT.
In December, we learned it had begun beta-testing support for the WebAuthn standard in Safari Technology Preview Release 71.
This standard lets websites/online services use hardware keys (typically USB devices) to authenticate your identity when you try to access them.
Combined with the new hardware device, it becomes possible for enterprises to secure website access. This is likely to be of particular importance to financial industry services who are migrating to increasingly secured access provision to their services.
YubiKey for Lightning
The YubiKey for Lightning is a multi-protocol hardware authenticator that carries both USB-C and Lightning connections.
The device was recently approved under Apple’s Made for iPhone (MFi) scheme. Apple’s devices have only been able to connect with security keys of this type over Bluetooth until now, which has a few security and performance problems of its own.
The product isn’t yet ready to hit market, but the company promises it will debut later this year.
Meanwhile it is demonstrating the solution privately at CES as it invites enterprise-focused developers and services to develop software that works with the device and to join its YubiKey for Lightning Program. That scheme aims to develop strong hardware authentication for increased security to iOS apps. More information about this scheme is available here.
Yubico announced a Mobile SDK for iOS with a view to providing highly secure multi-factor authentication for Apple devices last year.
Apple’s a big cheese in enterprise IT
The inconvenient truth is that security is a journey.
Password, biometric, MDM and hardware authentication, geo-location zoning, even encryption don’t ever really make processes perfectly secure, but each layer of protection makes subverting security much more complicated. You have to see security as a conversation – the harder you make something to break the more likely it is that criminals will choose another target.
What’s really important here isn’t just the news that enterprises can now look to deploy hardware-based security around their mobile systems, but also that this development reflects how important Apple’s products are becoming to the enterprise.
While no one really likes using dongles, they do enhance Apple’s already industry-leading reputation for security, making it possible to deploy these devices in even more mission-critical situations.
Please follow me on Twitter, and join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.