Is there such a thing as a secure tablet?
As more and more companies are replace computers with tablets, we look at just how secure they are.
With the introduction of devices that behave more like a laptop computer than a tablet, it's no surprise companies are starting to roll them out to employees.
Gina Luk, senior analyst for Wireless Enterprise Strategies at Strategy Analytics explained the number of tablets in business will grow exponentially in the next four years.
"We expect the global business (personal and corporate liable) tablet sales will grow a healthy 63 per cent year on year on average between 2010 and 2015 and global business tablet sales will grow from 7.4 million units in 2010 to 56.2 million by 2015," she said.
However, despite the myriad benefits on offer, one issue that still remains is whether they are secure enough for highly sensitive information and applications.
"As a growing number of companies allow employees to use personal devices (in this case a tablet) for business use, they must be aware that along with the benefits of this model come increased security risks," Luk added.
At a time when IT managers are allowing employees to bring in their own mobile devices, more manufacturers need to address security and provide an out-of the box solution.
The enterprise market's increased acceptance of personal tablets for business use amplifies the need for mobile security solutions.
"Companies will need to invest in cross-platform security solutions across several mobile security sub-segments to effectively address these concerns as the company must ensure that any device, that is any tablet, connecting to the network is both authorised to do so and in compliance with company policies," Luk explained.
No one has managed to produce a secure tablet as yet, Ian Chapman-Banks, Dell's head of mobility, smartphones, tablets, the digital content ecosystem and business development in Asia Pacific and Japan, claimed at the Mobile Asia Congress at the end of 2011.
Rob Bamforth, principle analyst at Quocirca concurs. "Maybe no one has [produced a secure tablet]," he said. "But the issue isn't about securing a mobile device per se tablet or smartphone but about securing what it does and what it handles."
Chapman-Banks thinks it's the applications and content causing the problems.
"Security on tablets is an apps problem, not a hardware or operating system issue," he said.
"Employees can access inappropriate content. Even children can access inappropriate content on their parents' tablets. There's no firewall to stop this happening."
RIM has taken the first steps here by introducing a system that only allows you to access sensitive data, emails, documents, IM and other applications when connected to a BlackBerry smartphone. However, other applications can be accessed outside of this through Wi-Fi.
So with more and more people using tablets in the workplace, how important is security on a tablet, specifically when applications are involved?
"The concept of a 'secure device' will eventually go the same way as firewalls and castles, but that's not to say that security isn't important, especially on tablets," Bamforth explained.
"The importance of security is elevated by the other things that tablets do, ie consumer oriented access and apps whether it is a personal device or company issued, consumer usage will bleed on, one way or another. It is channels of communication and packages of data that need to be secured and the assumption must be that the device and network it is connected to are insecure, and so items of value or interest should be protected, irrespective of any security that may or may not be present in the platform."
Prosumers and businesses think application security is the most important factor, but manufacturers haven't addressed this properly yet, Chapman-Banks added.
Although smartphones and tablets share many similar security needs, more data may be consumed on the tablet, making it even more vulnerable. What's more, the availability or use of cellular connectivity in addition to Wi-Fi might also pose increased risks.
While mobile phones tend to be highly personal mobile devices, tablets are often shared freely among a group of workers, and this could create security headaches too.
"How does enterprise IT ensure that iPad users have convenient access while ensuring that sensitive corporate data is protected? iPad was designed for the consumer, but IT must ensure that it can mitigate the risk of data loss or network compromise to meet growing set of compliance requirements," Aruba Networks stated in a whitepaper on the topic published in 2011.
Aruba's offering claimed to be "eliminating excess privilege on the network while providing identity-based auditing of activity."
The report continued: "You can use Aruba's role-based access control to assign roles to users and devices based on their authentication. The role, which is enforced by the firewall policy, can be defined on the basis of user identity, device identity via authentication credentials, device type and other factors."
The problem with a solution like this is that although there are plenty of security applications available for a range of tablets, it is down to the company to install and set up such technology. Companies are looking for ways to secure their hardware and software with minimum input from IT managers and in as cost-effective manner as possible.
In November, Fujitsu launched the Stylistic Q550 Windows 7 Professional tablet, with Becrypts's DISK Protect Baseline full disk encryption software pre-installed. It was designed for use in companies where security forms the core business, such as local and central government.
"We recognise the dilemma faced by the public sector who are attracted to the benefits promised by tablets, including a more mobile and flexible workforce, but who are equally concerned about inadequate data security offered by the majority of tablets," claimed Michael Keegan, UK executive director of Fujitsu's technology product group.
"Our partnership with Becrypt makes the Stylistic Q550 the obvious choice for both public and private sector organisations that have a responsibility for ensuring data security is not breached, while safeguarding UK citizens and valued customers."
Fujitsu and Becrypt's solution protects secure data, whether files, email or applications if the tablet is lost or stolen. Using strong user authentication, it prevents unauthorised access to the device and used with the Stylistic Q550's hardware security features including a smartcard reader, fingerprint reader and Trusted Platform Module, provides a two-tier security solution.
However, the Toshiba Stylistic Q550 is only the first tablet device that includes such strong built in security and, at a time when IT managers are allowing employees to bring in their own mobile devices, more manufacturers need to address security and provide an out-of the box solution.