There are at least two sides to every story, right? In the tale of the rise of the tablet, there are end-users on one side, just trying to get their work done or have some fun. On the other side: IT, the boardroom, and anyone else concerned with securing enterprise assets—notably, networks and data.
While the saga unfolds, and while you make decisions about how your organization will respond, here are five trends, issues or predictions you’ll want to keep an eye on.
1. Tablets pose unique risks.
Most are optimized for playing rich media—as in audio and video from online stores that are accessed over rapidly growing mobile networks. My colleague, Kevin Beck, recently wrote about BYOD security, confirming widespread employee use of enterprise mobile devices for personal purposes.
An admitted reluctance to encrypt files and a propensity to lend the devices to others work to further increase the risks. The result? Tablet-resident enterprise data is more susceptible to online exploits. The less IT is able to enforce policies against these behaviors, the greater these risks may be.
2. Mobile malware and other threats: just getting started.
Just ask security solution professionals at places like Intel’s McAfee security unit and security provider Symantec. Both report significant, continuing growth in the number of malware items in their databases. McAfee’ collected 8,000 mobile malware samples in April. Symantec’s recent 2012 State of Mobility Survey revealed an average cost of mobile “incidents”—data loss, brand damage, productivity loss, loss of customer trust—at $429,000 for larger firms, $126,000 for smaller ones. Expect the number of mobile malware and related threats to start growing rapidly now that tablets are becoming mainstream in the enterprise.
3. Standards, and more standards.
They will proliferate, and you or someone you know will have to act on them. Out for comment: draft “Guidelines for Managing and Securing Mobile Devices in the Enterprise” (PDF) from the National Institute of Standards and Technology (NIST) are aimed more-or-less squarely at tablets and smartphones, and seem to echo my own concerns about BYOD practices. Citing a lack of Trusted Platform Module (TPM) security devices, rampant jailbreaking and rooting practices, the policy declares tablets and smartphones un-trustworthy. Suggested security measures include:
- Treating tablets much like laptops, desktops and other conventional devices
- Establishing requirements for managed authentication, data encryption, restricted application use, remote-wipe facilities and other measures.
- Set tiered levels of access to enterprise networks.
4. A best practice you can (and should) buy.
Get a mobile device management (MDM) solution (and use it). And make sure it helps you regulate more than the devices themselves: think data and app access as well.
5. Security may help make Windows 8 a (mobile) force.
BYOD raises red flags in many CIO suites, and for good reasons. But locking out all but enterprise-issued devices may be too extreme a measure for some.
Windows 8, with its promise of running the same OS across a wide range of devices, may give IT units a tempting alternative: find ways to encourage employee use of Windows 8-powered devices, which should simplify management and control. Yes, companies can issue the devices, but it can also try subsidies or other, innovative reward systems.
One more Windows 8 plus: Windows to Go. When administrators can hand employees their Windows 8 corporate image on a USB drive for use on the go or at home, employees won’t feel as compelled to use less secure devices or online services.
We’ll have more to say on mobile security when we discuss Gartner’s new survey in a coming post. In the meantime… tell us which issues you think will impact mobile security for your enterprise.
This buyer's guide is designed to help decision-makers understand the features and functions that a new breed of business-oriented tablets is bringing to the mobile workforce. Use this guide to determine what features are most important for your organization, so you can balance end-user needs with IT requirements for successful mobility deployment.