The Security Pro's Guide To Tablet PCs

[The following is excerpted from "A Security Pro's Guide To Tablet PCs," a new, free report posted Dark Reading's Mobile Security Tech Center.]

Is a tablet computer a small laptop or a big smartphone? The answer to that question has changed in recent days, and many enterprises are changing their security strategies to keep up.

Why hasn’t tablet security been a major concern until now? Tablets aren’t new, but many attempts to bring tablet PCs to market failed because the devices were essentially laptops disguised as tablets. Today’s generation of tablet is more like a smartphone than a laptop, a model that brings with it many benefits but also many new security concerns.

"We’ve known about tablets for a long time, but these are different tablets today," says Tony DeLaGrange, security consultant and co-author of the mobile security policy course set to debut at the SANS Cyber Defense Initiative in December in Washington, D.C.

"These are tablets based on mobile platforms," DeLaGrange says. "They’re still in a bit of their infancy. They’re going to increase in power, in capabilities, in feature sets. And I think we’re also going to see, hopefully, an improvement in the security controls that are either embedded into the devices or are available from third-party providers."

One of the biggest security issues with smartphones, and now tablets, has to do with their size. A tablet is bigger than a smartphone but typically much smaller and lighter than a laptop. Thus, both smartphones and tablets are easily lost or stolen, with theft a particular concern when it comes to tablets due to their current "it" status.

It’s thus essential, says DeLaGrange and others interviewed for this report, that IT departments can remotely manage and wipe tablet devices. However, one of the problems with the way many tablets come into the enterprise is that IT doesn’t always exert ultimate control over the devices.

Kevin Baradet, CTO at the S.C. Johnson Graduate School of Management at Cornell University, suggests two things need to happen for enterprises to be able to properly lock down tablets.

First and foremost, security and management tools on par with those designed for laptops and desktops must be made available for tablet PC systems. Baradet and his team are evaluating several options. He says vendors are getting closer to delivering the levels of antimalware and DLP protections enterprises require, but aren’t quite there yet.

Second, policies specific to tablet PCs must be written. For now, Baradet is relying on the guidelines set forth in the university’s existing acceptable use policy, including those determining the kinds of data that can—and can’t—be stored on the devices.

To get more insight from enterprise security managers who have built tablet security policies -- and to see tips and pain points for managing tablet devices -- download the full report.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.