It seems like whenever the subject is the business use of tablets, the sentence immediately following is focused on the issue of security. It appears to have gotten to the point where there is more emotion that surrounds the issue than there is factual consideration. This is actually quite understandable as tablets are far too frequently lost, stolen, or misplaced, and with up to 128 GB of storage on these devices, we could be talking about a lot of data. That of course doesn’t consider the issue of who might now have access to your systems on a lost device.
So if we remove some of the emotionality, and step back, what are the basic and fundamental steps that we should implement so that tablet use in the office becomes far less scary? Well I have a few. This is by no means an exhaustive list, but some of the basics I think every device should have.
This may seem awfully basic, but you’d be amazed at how many tablets are not protected by simple password protection. Personally I’d like to see more use of two factor authentication, especially if any data is resident on the device, but that’s going to require the most modern tablets.
Encrypt, encrypt, encrypt
If you plan to have any sensitive information that resides on the device, it must be encrypted. Despite the use of password and sign-on security, these devices are not completely trustworthy. Encrypted data is essential.
Web Only Access
If you want to protect data on tablets, the best way to do this is to make sure that none is actually on the tablet. Some organizations are forcing their end users to only access corporate data from web based applications as a virtual “terminal” type device. This approach has merit, but we still have some work to do for Microsoft Office files and data on non-Windows 8 devices using Office 365.
Use Tablet “LoJack”
There are a number of tools for finding and disabling lost tablets. These tools are incredibly useful and should be implemented. However, I’d look for tools that allow for more than just wiping the device as a security option. Having disable only functionality may help with recovery. One IT professional I’m friendly with wants a tool that lets him blast a message offering a reward for return on the screen, before the device is wiped.
Special care for the Android App Marketplace
This may seem like I’m picking on the Android devices, but let’s be realistic. This app marketplace is not well managed and curated. There are very real threats in some apps and others are basically spyware with a token front end application. Apple and Microsoft are doing a far better job keep their markets safe.
There are of course many other elements of the security solution that need consideration and implementation in the next year or so. However, this list covers the most basic protections that I think you need to have in place from day 1. Thankfully, the threats that are tablet specific are still pretty rudimentary. Taking some fundamental security precautions will protect you from the most common vulnerabilities.