Authentication (Files on your iPhone or iPad)
It is up to you to decide if you want to require users to authenticate in to your mobile file on their iOS device. Many users will choose to use an auto-enter account and password so local users won't be asked to authenticate each time they open the mobile file. This makes more sense in synced files than others because a) the file often doesn't have any/much data in it, b) you can instruct users to secure the device with strong passwords, instead of securing the file, and c) the local file has no account information (no access) for the hosted files.
If you're concerned about theft of the mobile device, check out the Remote Wipe available here: http://www.apple.com/ipad/built-in-apps/find-my-ipad.html Note that you can also turn off "simple passcodes" in your iPhone or iPad's settings to use longer, more secure device passwords.
If you do choose to require authentication in the local file, users will be asked to authenticate each time they open the file. If you're breaking connections to the served files often, users will also be asked to log in...
Users will also be asked to authenticate each time they return to an open local file (such as after switching away to another app, or after closing their iPad) unless you use the fmreauthenticate extended privilege to control when users will be required to reauthenticate after not using FileMaker Go for a specified period of time. You'll likely want to add this to the privilege set in effect on your iOS Devices.
Our Recommendations: Your Mobile Files
So here are our recommendations for securing your mobile files (you can do this to GoZyncMobile as well if you wish).
When it comes to your hosted files, GoZyncMobile will open your hosted solution (your "mothership" files) at the beginning of a sync session. This is when users will be asked to log into your solution.
Our Recommendations: Your Hosted Files
You really don't need to secure your files any differently than you do now: syncing users will be asked to authenticate when they sync begins and if their login fails the sync will abort.
Our Recommendations: GoZyncHosted
GoZyncHosted doesn't have any file references to your hosted solution (your "mothership" files) but it does contain your configuration instructions, so you don't want just any user messing around in there. We've created two privilege sets in GoZyncHosted: "Admin" and "Sync". Admin is a full access privilege set and "Sync" is a lower level access that lets users sync but not change the sync settings. We recommend you default GoZyncHosted to the sync privilege set, and then log in as an admin user when you want to make changes to the sync settings.
To do this, open GoZyncHosted and select File Options from FileMaker's File menu. The under the "Open" tab, enter the default Account and Password for the "Sync" privilege set: both of which are "Sync":
Then, when you need to log in as an admin user, run the "Relogin" script from GoZyncHosted and enter your Admin account and password.
You'll find this "Sync" privilege set in GoZyncMobile as well so if you log GoZyncMobile in using "Sync" in your Upon Opening script AND GoZyncMobile and GoZyncHosted have the same account name and password for the "Sync" privilege set, you can turn off the File Options account in GoZyncHosted. That is idea.
So in this ideal setup it would look like this:
Changing default Full Access accounts
You'll likely want to switch the default Full Access account fro both GZM and GZH from Admin / blank which is the FileMaker default for admin accounts and a bit easy to guess.
Enterprise customers: MDM
For larger customers, Apple has a suite of Mobile Device Management (MDM) applications to help secure devices, push profile changes, pull applications and monitor password compliance. This can help more thoroughly secure your iOS devices. Learn more here: http://www.apple.com/iphone/business/integration/mdm/