ra2 studio - Fotolia
I read that tablets are one of the least secure devices, but many employees use them for work. Are tablets really less secure than laptops, which are still more prevalent in organizations? I'm trying to decide if the device policy for my company should restrict tablet use, or perhaps limit usage to a specific vendor or OS through a specific tablet security policy.
The popularity of tablets for consumer and corporate use has made them a clear target for malware. Corporate use of tablets is becoming the preferred method of doing business in many enterprises, replacing the laptop and workstation. Advances in user authentication, such as Apple's Touch ID fingerprint scanner that augments the mobile device passcode has greatly reduced security risks, but that only addresses authentication. Downloading malicious mobile apps remains the greater risk, which should be addressed by any tablet security policy within an enterprise.
Tablets are vulnerable to jailbreak attacks, even with mobile device disk encryption. In its 2015 Mobile Threat Report -- based on data and research of more than 2.5 million mobile applications – Pulse Secure reported that 73% of all malware targeted corporate and consumer Android devices. This does not mean that the iOS devices are more secure than Android, but Apple mitigates the risk associated with mobile apps by vetting downloads from the Apple Store. However, malware risks are pervasive and are further aggravated with the BYOD push by employees, so tablet security is a challenge.
Is the tablet secure enough to use in the enterprise? Nothing is absolute but there are some security products for tablets that enterprises should consider before deciding whether to allow tablets -- and other mobile devices -- in their environments, such as malware protection and Enterprise Mobility Management.
Consumers should consider malware protection from providers like Symantec, Malwarebytes, Webroot or Trend Micro, depending on the intended use and risk to stored data. Based on the Pulse Secure study, consumers might consider iOS devices over the Android or lesser used Blackberry, Windows Mobile and Symbian.
Corporate users should consider EMM tools to help with security for tablets. The 2015 Gartner Magic Quadrant for EMM lists AirWatch, Good, IBM, Citrix and MobileIron as the leaders in this space. The Gartner study described four possible tools provided by these vendors.
- Mobile device management -- provides inventory, mobile app provisioning and deprovisioning, remote secure wipes and OS configuration management.
- Mobile application management -- mobile app usage and monitoring, preconfigured app controls, app security and application extension control.
- Mobile identity -- ensures only trusted devices, apps and users connect to the enterprise environment.
- Mobile content management -- enforces policies on authentication, file sharing, file level protection, malware protection, DLP, email attachment security and copy/paste restrictions.
Enterprises that plan to use or are using mobile devices, including tablets, should seriously consider a tablet security policy that includes:
- Using an EMM tool for continuous monitoring and security;
- Limiting, restricting or discouraging BYOD if EMM is not used;
- Ensuring the mobile and tablet security policy requires the use of EMM and malware protection;
- Requiring all BYOD users to sign an Acceptable Use Agreement to limit company liability and define acceptable uses of mobile devices; and
- Requiring point of interaction tablets or payment apps that take payment card transactions to be PCI DSS compliant.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn more about biometric authentication on mobile devices
Discover how to balance mobile device security and privacy
Find out if quantum key distribution can improve tablet security
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Mike O. Villegas
As ransomware continues to surge, companies are faced with decisions to report the attacks, pay the ransom or both. Experts weigh in on the options ... Continue Reading
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading