Tip

Mobile security for tablet devices: Recognizing risk

Consumer tablet devices are no longer considered niche devices and are flooding into the enterprise, disrupting IT support plans and mobile security practices. According to Strategy Analytics, 10 million

    Requires Free Membership to View

tablets shipped in the fourth quarter of 2010, with Android tabs nipping at market leader Apple iPad's heels.

The next wave of tablet devices is imminent

Today's hottest tablet devices are slate-style touchscreen multimedia devices, powered largely by mobile operating systems. Last year, the first wave was launched by Apple's iOS-based iPad, followed by the Android-based Samsung Galaxy Tab and Dell Streak.

This spring, an updated iPad will be challenged by a tidal wave of challengers, including RIM's BlackBerry Playbook (QNX), Cisco's Cius (Android), Motorola's Xoom (Android), HTC's Google Tab (Chrome), Asus's eee Slate (Windows 7), and Lenovo's IdeaPad (Android or Windows 7).

Gartner expects to see tablet sales triple as enterprise workers buy these devices for fast access to email, calendaring, Web apps, and delivering on-the-go presentations. While tablets are unlikely to replace PCs as a primary computing platform, many users find them more convenient and easy to use. Similarly, tablets may facilitate ad hoc video conferencing, but are unlikely to be treated as a primary mobile phone.

As a result, tablets fall into that "third device" category: a tough sell to cash-strapped employers, but appealing to individuals willing to buy their own mobile devices for both business and pleasure. According to Gartner, because tablets attract both power users and techno-phobes, many will end up being shared among family members.

Tablet devices and mobile security risk

For enterprises, this this proliferation of tablets may prove beneficial, helping IT enable mobility more effectively. Using right-sized displays and mobile-friendly gestures, tablets can support a variety of knowledge worker needs. Moreover, many tap the infrastructure pioneered by Apple iTunes and extended by the Android Marketplace that jump-started broad mobile app development. Need SalesForce.com on your iPad? There's an app for that. Want SAP on your Android Galaxy Tab? There's an app for that too.

But app-happy workers using bring-your-own tablets for business can be a risky combo. PCs ship with personal firewalls and anti-malware programs, but tablets don't. Although they are optimized for Internet-connected use and capable of speaking secure protocols, today's tablets do little to protect themselves by default against network-borne attack.

Like phones, tablets tend to get carried everywhere and are thus prone to loss and theft. Although some tablets do support hardware data encryption, not all do – and many users don't bother to enable PIN locks, much less encryption. While storage capacity still pales when compared to laptops, it is rare to see a tablet offer less than 16 GB.

Furthermore, even users who lock their own tablets may not realize that data stored there is readily accessible to downloaded apps. According to the App Genome Project, roughly one-third of mobile apps access a user's location, while 8% to 14% access a device's contacts. Perhaps more importantly, most users don’t read warnings displayed when installing apps, giving little thought to potential risk.

For example, a new Android Trojan dubbed Geinimi was recently seen in the wild. Packaged with legitimate games distributed by Chinese app markets, this Trojan can harvest SMS messages, download files, and send contacts to a remote server. Although mobile malware has been slow to emerge, conditions may be right for cybercriminals to attack mobile devices, especially tablets, being used for financial transactions and business activities.

Managing tablet device risk

To IT managers and telecom pros familiar with securing other mobile devices, these tablet threats no doubt sound familiar. In many cases, risks are similar to those associated with contemporary smartphones -- that means they can be managed by starting with the same best practices.

Unfortunately, tablets also pose a few new unique challenges, and many just add fuel to any already known but still largely unaddressed fire. Enterprises need mobile security measures and best practices to help make productive, safe use of contemporary tablets. Read more about best practices for tablet security.

About the author:

Lisa Phifer is president and co-owner of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development.

This was first published in February 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.