Connect with us

Hi, what are you looking for?


Management & Strategy

Does the Rise of the Tablet Predict the Demise of your Security?

Securing Tablet Devices in the Enterprise – IT Security Managers are being Faced with a New Set of Challenges with the Rapid Adoption and Deployment of Tablet Devices in the Enterprise

Securing Tablet Devices in the Enterprise – IT Security Managers are being Faced with a New Set of Challenges with the Rapid Adoption and Deployment of Tablet Devices in the Enterprise

If the recent Consumer Electronics Show in Las Vegas taught us anything, it’s that 2011 is poised to become the year of the tablet computer. Apple’s iPad, expected to sell approximately 20 million units this year, primed the market when it launched almost a year ago. Consumers are excited about the stylish new touch-screen gadgets, so it’s not a surprise that many other major manufacturers now also want a piece of the market, with CES seeing the launch of tablets from the likes of Dell, Research in Motion, LG, Motorola and others.

Tablet SecurityFar from dismissing iPads as little more than consumer toys, some businesses have been quick to seize on the versatility of the form factor for carrying out important tasks while on the move or around a meeting table. It’s a fact that tablets are already in the enterprise, and in significant volume that will only grow over the coming years. More than a quarter of all tablets sold this year will be bought by enterprises, according to recent research from Deloitte. It’s all part of the trend of what some call “user-driven IT,” where more and more enterprise technology procurement decisions are influenced by the tastes and self-defined needs of users, instead of coming exclusively from the IT department. Uptake of tablet use in enterprises will likely also increase as more vendors such as RIM, which have been historically perceived as more business friendly, bring tablets to market.

Unique Security Challenges for Tablets

Like laptops, cell phones and smart phones before them, tablets are set to become the must-have mobile business productivity tool for information workers within many enterprises. And like any new technology that enters the enterprise, the tablet will bring with it its own set of security challenges. History has proven, for example, that malicious hackers and malware creators will attempt to target any new platform that gains broad adoption. The threat level for tablets today is still low, but that could change quickly. While anti-virus vendors will no doubt all soon support tablet platforms, the amount of malware targeting those devices today is so low that many enterprises will decide that installing such protection is not worth the performance hit the software can cause.

Challenge of Securing Tablet DevicesBut malware is not the primary security concern for tablet-friendly enterprises. While not quite as powerful as today’s business PC, tablets typically have better capabilities than their hand-held cousins, making them more likely to be used to store and process potentially sensitive corporate data. Just as the loss or theft of smart phones and laptops can cause embarrassing and costly data leakage, tablets harbor the potential for being the quickest route for sensitive information to leave the controlled environment behind the enterprise network’s border.

The concept of an enterprise network having a perimeter has already been fuzzy for many years. The rise of Wi-Fi, steady adoption of hosted applications, an increasingly mobile workforce and telecommuting are all trends that have contributed to the blurring of the network’s edges. Dropping a few firewall/VPN boxes into the IT closet long ago ceased to be an effective security strategy. Enterprise adoption of the tablet, along with parallel trends such as the rise of cloud computing for critical applications, will only exacerbate this potential IT headache. With these shifts in technology, the security focus shifts from building up perimeter defenses to securing data, at rest and in transit, and the applications themselves. Data security is especially important in regulated industries such as financial services and healthcare; any such organization that has not already factored tablets into their compliance plans should do so immediately.

Securing Data Stored on Tablets

The most obvious way to secure the data stored on a tablet is to secure the device itself with strong access control and cryptography. Tablets used in the enterprise should be password-locked to reduce the risk of a lost or stolen device equating to lost or stolen data. To prevent opportunistic data theft, strong passwords should be enforced through policy and configuration (for example, via LDAP, where supported), password attempts should be limited, and suitable log-in time-out periods should be activated. In addition, enterprises should investigate tools to enable devices to be remotely or locally wiped in the event that they fall into the wrong hands. Administrators should ensure that all confidential data stored on tablets is subject to encryption as strong as their corporate policy or regulatory environment dictates.

Advertisement. Scroll to continue reading.

Securing Tablets

One of the primary appeals of tablet computers, and the smart-phones they evolved from, are the thousands of applications available to consumers. The tablet user experience is such that users in many cases will be more likely to install new third-party applications on their devices than they would on their desktop computers or laptops. Enterprises may find that a white-listing regime under which only authorized apps are permitted to be installed and used is the most appropriate method of mitigating data leakage via rogue apps. However, administrators could at first find that, depending on platform, currently available tools may not enable as granular policies as they have become accustomed to in the PC world, and crude measures such as blocking all installations may not be compatible with a friendly and productive user experience.

These are all issues that security managers will be increasingly forced to consider as tablets begin to creep into their enterprises. Make no mistake, users want tablet PCs. The form factor is here to stay. The sooner security professionals accept this fact and adapt their policies accordingly, the less likely they are to face the fallout of a costly data breach.

Read More on Mobile & Wireless Security

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.