June 04, 2012, 3:10 PM — There's great enthusiasm for using iPhones and iPads in the workplace, but experts say Apple's limited transparency about security issues can make enterprise adoption problematic.
IBM's Chief Information Officer Jeanette Horan recently struck a nerve when she said Big Blue regards Siri on employee iPhones a sensitive security issue and disables it because the voice interactions are uploaded to Apple computers in the cloud.
Already, there had been suspicion as well as curiosity about what Apple might be doing in the background with Siri. Apple does briefly note in its legal licensing terms it will do this Siri uploading. But despite calls for more information about how Apple stores and analyzes the voice data it may be collecting this way, Apple hasn't offered any explanation, which only heightens the ill ease for some.
It's not surprising that Apple needs to process human speech and complex speech responses in the cloud, says Chris Eng, vice president of research at Veracode. "It takes computational power," he says. "The phone may not have the power to do that."
But what he finds troubling is that so little is known about what Apple might be doing with the Siri-based voice data it collects. "Are they warehousing it? If I'm making an effort to purge information, I'm probably going to come out and say that this isn't being stored. They should come out and say it isn't being stored."
But since Apple hasn't shown an inclination to discuss this in depth, despite repeated inquiries from Network World and others, there's no way to understand what's going on in that Apple cloud.
"You can see why IBM is concerned," Eng says.
"Siri is more of a novelty now, an infant technology," says Daniel Ford, chief security officer at Sterling, Va.-based mobile risk management vendor Fixmo. "It's gathering data about you, digitizing it, and sending it to Apple's cloud." He said he thinks Apple doesn't share the information with anyone else, but he acknowledges, "We don't know how Apple is parsing it." He says it's not surprising enterprises would want to turn it off.