Questions to Ask About Tablet Security
A poll conducted late in 2010 by ChangeWave Research found the number of organizations giving employees tablets for work would double in the coming twelve months. The research found 14 percent of businesses polled expected to buy tablets for employees in the first quarter of 2011, up from 7 percent of companies who supplied staff with tablets in the last quarter of 2010.
But while most organizations are not rushing to adopt tablets in their IT department, many end-user employees are in a hurry to start using them - on their own - with or without company support.
That has security managers scratching their heads as to whether tablets change their risk profile. The answer will differ from company to company, but here are five questions to ask as you consider your tablet policy.
Can we/should we support tablets? This is a question many organizations have been struggling with for a few years when it comes to the plethora of mobile devices that users want to now bring to work. Tablets up the ante, said Denise Lund, a senior analyst with Yankee Group's Enterprise Research team.
"The most over-arching challenge enterprises have is whether to embrace the consumerization that spills into allowing all of the tablets into an organization."
Data compiled by Yankee Group finds about one-fifth of companies still will not tolerate any consumer applications or devices in the organization. But another 17 percent are both allowing and supporting what Lund called "non-harmful consumer applications and devices" and have deployed managed-mobility solutions to do it securely. However, among this set, there's a strong sentiment that security is the top technological obstacle to supporting mobile workers. [See also: Blackberry Playbook security tips: How to protect your tablet}
"48 percent of enterprises say security is one of the top two obstacles in supporting their mobile workers," she said. "That ranks above expense management; it's almost two-times the percent of people who say expense management is their top obstacle. That's pretty significant, I would say, because we know expense management is a very big priority."
However, the largest percentage of organizations included in the data are allowing consumer devices, but not supporting them, which poses an even bigger risk, said Lund.
"About 60 percent that are somewhere in the middle," she explained. "They don't encourage people to bring their devices or use their own applications at work, but they don't actively monitor it and that's where you expect to get some problems."
What are the risks posed by tablets and other consumer-oriented mobile devices? Whether you are allowing and supporting consumer devices, like tablets, or allowing them and then burying your head in the sand about how they are being used, there are obviously several risks to consider. But is there anything about tablets that make them any more risky than the average laptop?
"I think you get more people accessing the network outside of your walls," noted Lund. "And the kind of media capabilities tablets have are so much more richer than the average laptop. The experience on the part of the end user can cause them to mix work and play much more, even if it is a work device. So, you're getting into downloaded video streams, applications in various social networks, and games, much more."
What does that mean for the organization? It means their employee-users are opening themselves up to exploits more than ever, and there is a greater chance for data loss or network infection. Of those companies polled by Yankee Group who said security was their greatest obstacle in securing mobile employees, 60 percent cited potential loss of data or other intellectual property as a major concern. An equal percentage said providing secure access to the internal network for mobile employees was a security issue. And 40 percent said controlling malware spread for mobile employees was a top worry. While security concerns remain largely the same as they have been in the past, the use of tablets and other consumer-oriented mobile devices mean they multiply.
Can we accept the risks? Should you accept the risks that come with allowing consumer devices, like tablets? John Petrie, Vice President and Chief Information Security Officer Harland Clarke Holdings Corp., believes organizations have little choice today.
"It's so pervasive now; tablets, Facebook, all of these kinds of newer technologies. And if you aren't using these within your corporation, you're not getting the best and brightest anymore. They don't want be there. They communicate differently. Security has to adapt now and there are changes that have to happen. I think you see some real focus and a change in the way security provides protection. I think that's a challenge."
Petrie believes the perimeter as security once knew it is disintegrated and controls now need to be moved in order for business to function in today's mobile world.