Are tablets safe for enterprise?

With tablets becoming more popular on the consumer and enterprise front, experts agree that security is an element that must be dealt with, especially as more applications are developed to enhance their usability.

Edison Yu, manager for ICT practice at Frost & Sullivan, warned that it is "pertinent" for users to start being aware of the risks. Many of the apps, he said in an email, "may actually look to leverage on the increasingly prevalent habit of users sharing their personal data around freely, and [enable] cyber criminals to steal and sell private information".

According to Kwa Kim Chiong, CEO of JustLogin, the security risks tied to accessing apps via tablets are no different from that of accessing them via the web. "Whichever means you choose to access the applications, there will be threats," he said in an email.

The head of the Singapore-based software-as-a-service (SaaS) provider added that the Wi-Fi which tablet users log on to, contributes to the overall risk level as the data transmitted could be intercepted by hackers.

However, Bryan Ma, associate vice president for devices and peripherals at IDC Asia-Pacific's domain research and practice groups, said the threat to tablets is for now not a concern. This is because "theoretically speaking", while tablets, as with other computing devices, are open to threats, the user base is not big.

"If you look at security threats, they tend to threaten the Windows platform, mainly because of the sheer number of users," Ma noted.

Tablet usage, though, is on the up-trend. In a report released last November, research analyst Gartner predicted that media tablets will displace around 10 per cent of PC units by 2014. A separate forecast from FBR Capital Markets indicated that 70 million of such devices will be sold in 2011, with a PC sale lost for every 2.5 tablets sold.

Secure tablet ecosystem takes many hands to clap

As more enterprises adopt tablets, Frost & Sullivan's Yu agreed that vendors can look to incorporate more security features into future models, on top of the ability to communicate with other devices and technologies.

"It is critical for the tablet to take on more enterprise-class capabilities, be it support for enterprise apps or reaching the required performance levels," he noted. "With mobility expected to characterise the office environment of the future, the tablet could find itself at the forefront of the enterprise mobile computing trend."

One such tablet that is already perceived to be "safe", is the PlayBook by Research In Motion (RIM). The highly publicised but yet-to-be launched device, would have security functions built in, as RIM's customer base tend to be businesses and IT managers, said Ma of IDC. Security protocols to protect sensitive data from unauthorised access, for instance, would be among such features, he explained.

Kwa, whose SaaS company develops human resource and collaboration apps for the Apple iPhone and iPad, said JustLogin's apps communicate directly with the web services hosted at their own servers, and no data is stored locally on the tablets.

"Before the user is able to access the data, the application will encrypt the password entered on the tablet and call one of the web services. The validation is done through a series of handshaking protocols before the data is sent over," he explained.

Handshaking protocols refer to technical rules a computer must observe to establish connection with another system.

Asked who should shoulder the responsibility to ensure a safer tablet ecosystem, both Kwa and Frost & Sullivan's Yu said all parties — from hardware vendors to app stores and users — have their roles to fulfil.

While IDC's Ma argued the hardware vendor's responsibility is merely to make its product as attractive as possible, Yu said adding security features is the way forward, as vendors "can do their bit in protecting end users from cyber threats since many consumers may not be as security-savvy."

End users could limit information sharing on the web, and enterprises "have to realise that tablets are still consumer-based, therefore these devices may not be safe for corporate adoption", Yu cautioned.

Kwa pointed out that apps, too, have to be secure. To that end, he noted that Apple's App Store is more secure than web applications available elsewhere, as they are vetted before they are released for users to download.

"At least [the process] is controlled and there is an identifiable owner behind each application," Kwa said.

Via ZDNet Asia