The iPad has, again, caused a revolution. With the device finally being officially available on SA shores, customers who aren’t early-adopters are getting their first taste of this international tech phenomenon, and judging by the sales so far, they like it.
Everyone else is leaping into this explosive growth market – HP, Google, and RIM all have devices in the pipe. This proliferation of devices raises an interesting question, which in all the flash and glamour of their usage models hasn’t exactly been properly addressed as yet. How does a tablet fit into an enterprise security architecture?
The answer is fairly straightforward. Right now, it doesn’t.
MyBroadband spoke to Vartan Minasyan, senior product manager at Kaspersky HQ, for more details. “The iPad in particular is fortunate in that it runs on Apple’s tightly-controlled iOS operating-system, which unless jailbroken doesn’t permit any piece of software which hasn’t first been checked and authorised by Apple to run on the device. It’s a very robust OS, although that doesn’t necessarily mean it can’t be exploited. Users of these devices should in particular be very cautious of phishing and information theft over the Web, with their rich connectivity options it could be very easy to enter your information into a fake website and have that data harvested without you ever even knowing about it!”
Jailbreaking the device does naturally increase vulnerability, and there apparently have been cases of unlocked Apple tablets and phones having software installed on them which caused security breaches. At the moment, there are no products on the market such as an AntiVirus solution which can assist tablet PC users in identifying and quarantining potential malware.
“We, and I’m sure every other security vendor out there, are currently developing this solution. Virusses and Trojans aren’t a big threat to tablets right now, but as their numbers grow we could see this shift, but for the moment we’re focussing on services to keep the tablet user’s internet sessions safe. The reality is that they just developed so quickly, the security industry has been caught napping a bit, and no one has any solutions to the tablet security concerns as yet – we expect to see our first developments being released this year,” comments Minasyan.
It isn’t just the iPad of course, and that’s one of the problems. Rather than standardised OSes, these tablets are launching with all-new proprietary operating systems which the security industry knows nothing about. HP has released a product using an evolution of the PalmOS, Google is customising Android to be more tablet-friendly, and there are already several Windows 7 powered tablets available in our market. So we’re moving back, at an OS level, to a far more distributed, disparate environment which is always tougher for security protocols to cope with.
Add to that the mobility factor; these devices are often open to “the wild” without any corporate firewalls or DMZs between them and the Web – the security concern is compounded. We’ve already seen some Android malware which harvests all the user data it can get hold of from Google-powered smartphones, and although threats to mobile devices have taken a while to emerge, expect to see them grow with the rise in sales of these units.
Minasyan suggests: “For the moment, we recommend that IT managers simply stick to enterprise IT security best practices when it comes to these devices entering their networks. Limit their connectivity options to reduce exposure to threats, and generally secure them in the same way you currently harden your network against potential smartphone-borne threats. Make the mobile device conform to corporate security policies, even though many of these devices are not company owned but personal purchases right now. And educate their users on basic Web security techniques – this education will remain the key to tablet security until the security industry can develop more reliable solutions.”
Tablet security << Comments and views