Welcome Guest. | Log In | Register | Membership Benefits

The Security Pro's Guide To Tablet PCs

You've got security strategies for portable PCs and a policy for smartphones. But what about those devices in-between? Here are some tips and trips for managing the security of iPads and similar devices

Dec 14, 2011 | 12:07 AM | 

By Debra Donston-Miller, Contributing Writer

[The following is excerpted from "A Security Pro's Guide To Tablet PCs," a new, free report posted Dark Reading's Mobile Security Tech Center.]

Is a tablet computer a small laptop or a big smartphone? The answer to that question has changed in recent days, and many enterprises are changing their security strategies to keep up.

Why hasn’t tablet security been a major concern until now? Tablets aren’t new, but many attempts to bring tablet PCs to market failed because the devices were essentially laptops disguised as tablets. Today’s generation of tablet is more like a smartphone than a laptop, a model that brings with it many benefits but also many new security concerns.

"We’ve known about tablets for a long time, but these are different tablets today," says Tony DeLaGrange, security consultant and co-author of the mobile security policy course set to debut at the SANS Cyber Defense Initiative in December in Washington, D.C.

"These are tablets based on mobile platforms," DeLaGrange says. "They’re still in a bit of their infancy. They’re going to increase in power, in capabilities, in feature sets. And I think we’re also going to see, hopefully, an improvement in the security controls that are either embedded into the devices or are available from third-party providers."

One of the biggest security issues with smartphones, and now tablets, has to do with their size. A tablet is bigger than a smartphone but typically much smaller and lighter than a laptop. Thus, both smartphones and tablets are easily lost or stolen, with theft a particular concern when it comes to tablets due to their current "it" status.

It’s thus essential, says DeLaGrange and others interviewed for this report, that IT departments can remotely manage and wipe tablet devices. However, one of the problems with the way many tablets come into the enterprise is that IT doesn’t always exert ultimate control over the devices.

Kevin Baradet, CTO at the S.C. Johnson Graduate School of Management at Cornell University, suggests two things need to happen for enterprises to be able to properly lock down tablets.

First and foremost, security and management tools on par with those designed for laptops and desktops must be made available for tablet PC systems. Baradet and his team are evaluating several options. He says vendors are getting closer to delivering the levels of antimalware and DLP protections enterprises require, but aren’t quite there yet.

Second, policies specific to tablet PCs must be written. For now, Baradet is relying on the guidelines set forth in the university’s existing acceptable use policy, including those determining the kinds of data that can—and can’t—be stored on the devices.

To get more insight from enterprise security managers who have built tablet security policies -- and to see tips and pain points for managing tablet devices -- download the full report.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Mobile Security Reports

report Stop Mobile Device-Borne Malware
iPhones, iPads and Android devices are making their way into your company--like it or not. These devices are opening a new gateway for malware that old security tools and procedures can't completely close. Security professionals must combine education, policy development, and the use of existing tools and new mobile device management systems to effectively balance mobile device risk with productivity rewards.

report The Security Pro's Guide to Tablet PCs
As businesses rely increasingly on tablets for the productivity benefits they provide, IT must address the security challenges the devices present. Here's a look at how to build a comprehensive tablet security strategy.




Featured Webcasts
Featured Whitepapers
Featured Reports