Apple recently announced its first products with fully integrated generative AI tools, including the iPhone 16. This move is expected to bring significant advancements in user experience and device capabilities. However, it also raises concerns about the privacy and security of corporate data on employee and company devices.
In this blog, we’ll look at what we know about the safeguards Apple promises to use, the lingering questions for security and privacy leaders, and how BlackBerry can help protect your organization as you manage a growing number of generative AI tools.
What is Apple Intelligence?
Apple announces its entry into the AI space Apple Informationwith a beta release in fall 2024. Like most generative AI tools, including our Cylance® AssistantApple Intelligence is designed to provide users with powerful and fast intelligent tools and features. In this case, it’s about helping them write, express themselves, and get things done more efficiently. But what impact does this launch have on the security and privacy of enterprise data? Let’s review the key points of Apple’s artificial intelligence that have been revealed so far.
What is Apple doing to protect user data security and privacy?
Apple announced two risk mitigation features. One is for on-device computing, the other is for private cloud computing.
On-device AI processing
Many of Apple’s new AI features, such as the writing tools, Image Wand, and Genmoji, are only available on newer iPhones and devices. That’s because Apple Intelligence will do as much of the processing as possible locally, on each individual device.
Private Cloud
For off-device computing, the company has developed Private Cloud Compute (PCC). The design and architecture of the service demonstrate a deep understanding of the privacy challenges of cloud computing and a willingness to push the boundaries of what is possible to protect sensitive information. Apple has also promised that “your data is never stored” and is “used only for your requests.”
THE Private Cloud The white paper documents their design and seems to indicate that they take this claim seriously.
Here are some of them Key Design Objectives Apple claims to have had when creating the CCP:
- Stateless computation on user data: Process user data only to fulfill the request, without leaving any trace after the response.
- Enforceable Guarantee: Ensure that all critical components support basic security and privacy guarantees.
- No privileged execution access: Prevent circumvention of confidentiality guarantees, even for incident resolution.
- Non-targetability: The system is designed to resist attacks targeted at specific users.
- Verifiable transparency: Allow security researchers to verify the CCP’s privacy and security guarantees.
By pushing the boundaries of privacy in the cloud, Apple has created a cloud computing platform that could set a precedent for other technology vendors.
Generative AI Business Risks to Watch Out For
Many companies use secure apps to control their confidential information. One of the biggest concerns we’ve heard about Apple Intelligence is its new set of writing tools.
From our discussions with security-conscious Apple users, they expect several assurances from Apple, including the following:
- They want details on what data Apple Intelligence has access to.
- Organizations need visibility into when their data leaves the device to understand whether it is processed locally or in the cloud.
- They seek to control the scenarios in which Apple can use their corporate data to train AI models.
- Security and privacy officials would like assurances that Apple’s announced “Private Compute Cloud” model is truly private.
- They are curious about how data is aggregated, anonymized and encrypted, as well as how long it is stored.
- They are wondering whether they can opt out of using AI if they feel Apple’s privacy model is not satisfactory for their organization.
The BlackBerry Approach: Control and Choice
The good news for BlackBerry customers is that they don’t have to worry about the answers to most of the questions listed above. For enterprises whose device fleets consist of fully managed (MDM) iPhones, BlackBerry has already included controls for various Apple Intelligence features, such as handwriting tools, in the Fall 2024 Policy Pack update.
For application-only device deployments (MAM/BYOD), BlackBerry is adding application-level controls to provide our customers with the options they need to meet their data security requirements when personal devices are used with our secure BlackBerry productivity apps.
This offers unique flexibility; for example, you can:
- Control the Apple Writing Tools experience across the entire device
- Control the Apple writing experience only in BlackBerry secure productivity apps, allowing the user to use the new features for their personal apps
Today and looking to the future
In my role, I see customers with a very diverse set of security needs related to the use of AI on mobile. Customers are often less concerned about local processing, as their data does not leave the mobile device. However, the data should not be moved on the device, and any local processing should be ephemeral, as is the case with device memory (RAM), for example. Typically, customer concerns center around understanding when data may leave their mobile devices and how that data is handled if it does.
BlackBerry’s approach to mobile device security is one of choice and control for our customers. We provide our customers with the flexibility to implement different levels of control based on their varying security and compliance needs. Our tools help businesses find the right balance between security, ease of use, and productivity.
As the Apple ecosystem gains confidence in using Apple Intelligence, BlackBerry, as a pioneer in the use of AI/ML, will be at the forefront, powering next-generation productivity workflows anchored around the secure email and productivity app. Working on BlackBerry and the reliable and secure enterprise browser BlackBerry Access.
Related Readings
