- The new iPad will fast-forward the number of powerful mobile devices used by executives.
- Managing the security of these devices requires a clear company policy and IT staff support.
The new iPad is out of the Apple bag and it will hit select retail shelves in just two weeks’ time. This will no doubt ignite a new round of tablet feeding frenzy and increase the BYOD factor in companies around the world over the next three to six months. However, apart from the added pressure on enterprise IT to cater for yet more powerful mobile devices, what will be the impact on the support organization from a security perspective? We know from global statistics that lost or stolen mobile devices constitute a glaring security hole in the corporate and public sector ranks. With a lot more (very attractive) mobile devices out there, it sounds logical that a lot more corporate data is about to change hands – literally.
Device encryption is an option, but it often conflicts with the whole ease-of-use ethos of the Apple user interface. In a recent Congressional hearing, the National Aeronautics and Space Administration (NASA) reported the loss or theft of 48 mobile computing devices between 2009 and 2011, resulting in the leak of all manner of sensitive data. For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the codes used to command and control the International Space Station. The U.S. government-wide encryption rate for mobile devices is estimated to be around 54%. However, as of the start of February 2012, only 1% of NASA’s portable devices/laptops were encrypted. In general, encryption levels in enterprises are probably much closer to NASA’s rate than that of the U.S. government.
The iPad does have track & trace functionality, remote wipe, passwords, etc., but apart from the PIN number or password, it only works when the thief accesses the Internet; data could be long gone before that happens. Of course, information can also be ‘stolen’ without removing the device from the owner at all. With its bright screen and easy viewing from all angles, it makes side-by-side reading on airplanes much easier, unless users put films on the screen to reduce the viewing angles.
A radical alternative is the zero-client approach adopted by RIM for its PlayBook tablet. The BlackBerry Bridge app connects the RIM tablet to a BlackBerry phone and uses that as the data storage device. Everything is saved to the phone; nothing is left on the tablet once it is turned off. While Apple would love that lock-in with the iPhone, the company is more likely to be looking to store all data in the iCloud. In fact, cloud storage may be the way forward, to keep sensitive data off the iPad. In the meantime, selective encryption of specific data files is also an option, but that requires the involvement of the IT staff and a corresponding company policy to make it operational. So, how many companies have such policies, as well as the means to ensure compliance in a BYOD environment?