Eight Threats to Tablet Security

Eight Threats to Tablet Security

Rich Cheston has deep roots in the PC business and has even earned the status of Master Inventor at Lenovo. In this post, he shares his expertise on locking down data in the latest mobile device--the tablet.

I recently participated in one of Lenovo’s customer advisory council sessions. Before I attended, I read surveys on the use of tablets, as I anticipated on the hot topics at the session would be the impact of tablets on the consumerization of IT, and the challenges our customers face in securing the devices. What struck me about the survey was that the “why” behind the purchasing decision is so obvious: simple and quick Internet access, ease of browsing and shopping, simple apps, etc. However, there was no mention of the security enablement that should be required to use the tablet in a work environment. This observation matched up well with what I found at the advisory council session. Most IT organizations are little more prepared to face security challenges now than they were a year ago, and the conversations focused on the struggle to ensure security within the corporation of new devices like tablets.

Ultimately, our customers have asked us to deliver a tablet that is as secure as a PC. It is this customer need, along with these conversations and observations, which led us to do a detailed gap analysis of the security differences between tablets and PCs. We began this journey more than a year ago, and classified the gaps we found into eight categories:

1 - Encryption - If the device is lost or stolen, how do I know the data on it is secure?

2 - Anti-malware - Avoiding viruses being downloaded to the device and wiping or tampering with sensitive data.

3 - Data leakage protection - Keeping corporate data from leaving the device.

4 - User authentication - Making sure only authorized users have access to the device.

5 - Application control - Making sure users only use corporate-approved applications.

6 - Anti-theft and recovery. Protect confidential data in the event of a lost device.

7 - Rooted device detection - If a user roots the device, it gives them complete control of the device and they can use that control to bypass corporate policies.

8 - Backup/recovery - Ensuring that important data is always available even if the device is lost, stolen or damaged. Stay tuned for another post in a few weeks where I will discuss how Lenovo solved these security gaps via our new ThinkPad Tablet. I look forward to your comments and experiences with mobile security as we cover this topic.