Mobile security for tablet devices: Recognizing risk

Tablet devices are flooding into the enterprise, disrupting IT support plans and mobile security practices. Find out the business benefits and potential risks tablet devices pose.

Consumer tablet devices are no longer considered niche devices and are flooding into the enterprise, disrupting IT support plans and mobile security practices. According to Strategy Analytics, 10 million tablets shipped in the fourth quarter of 2010, with Android tabs nipping at market leader Apple iPad's heels.

The next wave of tablet devices is imminent

Today's hottest tablet devices are slate-style touchscreen multimedia devices, powered largely by mobile operating systems. Last year, the first wave was launched by Apple's iOS-based iPad, followed by the Android-based Samsung Galaxy Tab and Dell Streak.

This spring, an updated iPad will be challenged by a tidal wave of challengers, including RIM's BlackBerry Playbook (QNX), Cisco's Cius (Android), Motorola's Xoom (Android), HTC's Google Tab (Chrome), Asus's eee Slate (Windows 7), and Lenovo's IdeaPad (Android or Windows 7).

tablet devices

Gartner expects to see tablet sales triple as enterprise workers buy these devices for fast access to email, calendaring, Web apps, and delivering on-the-go presentations. While tablets are unlikely to replace PCs as a primary computing platform, many users find them more convenient and easy to use. Similarly, tablets may facilitate ad hoc video conferencing, but are unlikely to be treated as a primary mobile phone.

As a result, tablets fall into that "third device" category: a tough sell to cash-strapped employers, but appealing to individuals willing to buy their own mobile devices for both business and pleasure. According to Gartner, because tablets attract both power users and techno-phobes, many will end up being shared among family members.

Tablet devices and mobile security risk

For enterprises, this this proliferation of tablets may prove beneficial, helping IT enable mobility more effectively. Using right-sized displays and mobile-friendly gestures, tablets can support a variety of knowledge worker needs. Moreover, many tap the infrastructure pioneered by Apple iTunes and extended by the Android Marketplace that jump-started broad mobile app development. Need SalesForce.com on your iPad? There's an app for that. Want SAP on your Android Galaxy Tab? There's an app for that too.

But app-happy workers using bring-your-own tablets for business can be a risky combo. PCs ship with personal firewalls and anti-malware programs, but tablets don't. Although they are optimized for Internet-connected use and capable of speaking secure protocols, today's tablets do little to protect themselves by default against network-borne attack.

Like phones, tablets tend to get carried everywhere and are thus prone to loss and theft. Although some tablets do support hardware data encryption, not all do – and many users don't bother to enable PIN locks, much less encryption. While storage capacity still pales when compared to laptops, it is rare to see a tablet offer less than 16 GB.

Furthermore, even users who lock their own tablets may not realize that data stored there is readily accessible to downloaded apps. According to the App Genome Project, roughly one-third of mobile apps access a user's location, while 8% to 14% access a device's contacts. Perhaps more importantly, most users don’t read warnings displayed when installing apps, giving little thought to potential risk.

For example, a new Android Trojan dubbed Geinimi was recently seen in the wild. Packaged with legitimate games distributed by Chinese app markets, this Trojan can harvest SMS messages, download files, and send contacts to a remote server. Although mobile malware has been slow to emerge, conditions may be right for cybercriminals to attack mobile devices, especially tablets, being used for financial transactions and business activities.

Managing tablet device risk

To IT managers and telecom pros familiar with securing other mobile devices, these tablet threats no doubt sound familiar. In many cases, risks are similar to those associated with contemporary smartphones -- that means they can be managed by starting with the same best practices.

Unfortunately, tablets also pose a few new unique challenges, and many just add fuel to any already known but still largely unaddressed fire. Enterprises need mobile security measures and best practices to help make productive, safe use of contemporary tablets. Read more about best practices for tablet security.

About the author:

Lisa Phifer is president and co-owner of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development.

Dig Deeper on Enterprise mobile security