Establishing Digital Trust: Don't Sacrifice Security for Convenience
Of course, CIOs have long harbored worries about Androids security and that is no different with 3.0, the operating system nurtured by Google specifically for use in tablets (meaning theres more screen real estate, more processing power, more storage than with Android phones). If anything the smarter devices might represent even bigger security worries. But the good news is progress is being made towards making Honeycomb tablets (among them: Motorolas Xoom and LGs G-Slate) enterprise ready.
But, even though off the shelf Honeycomb comes with robust security features built in, it's still a good idea to take your own steps to secure your devices. So here the top five ways to do that:Use the powerful data encryption tools in Honeycomb, suggested Geoff Webb, product marketing director at Credant Technologies, a data protection firm. With a few clicks users can encrypt all data on a Honeycomb device. (The process does take a couple hours, however.)
Webb pointed out that this is not a final security solution for enterprise, but rather a beginning: This still presents the security organization with a management problem. They must somehow ensure that systems are encrypted, that the keys are securely stored, and that they can ensure access, and revoke it, when necessary." But much of that can be handled with clear enterprise policies and directives to employees along with regular reminders to encrypt.
Use the other barebones Honeycomb security tools, said Kevin Lenane, director of mobile strategy at PointAbout, a Washington DC mobile deployment consulting firm. Also built into Honeycomb, said Lenane, is a tool that allows an administrator to do a remote PIN reset. Device locating tools are also included in the core OS, said Lenane.
Those built-in tools are a start in securing Honeycomb. But just about all enterprises will want to take steps beyond deploying those basics. The good news is that the marketplace already is providing choices for stepped up tablet security:
Deploy remote desktop tools, suggested Adam Powers, CTO, Lancope, Inc., which creates secure networks for enterprise. Powers point: Use tools such as Citrix receiver, which allows users to access their sensitive data with a device but without storing data on the device, and many security concerns vanish. Other remote desktop providers will pile in with their own Honeycomb compatible solutions. This technique is well-known to iPad users but it already is migrating into Honeycomb and ought to work as well with the Google mobile OS, say the experts.
Use an app to screen for viruses. Specialized Android security apps now are hitting the market and there are differences between them and personal computer security apps (a key issue, said Alicia diVittorio, a spokesperson at Lookout Mobile Security, is battery life; apps that use too much juice will get turned off or uninstalled. That is not usually an issue with apps for PCs.)
Most mobile security apps for Android are free, though many have premium upgrades (Lookout offers a $.99 per month plan that provides enhanced info about privacy as well as a remote device lock/wipe tool). Many organizations now are requiring employees to install and update mobile security apps for smartphones and there is good reason to simply extend that policy to Android tablets.
Doublecheck all Apps Before Installing. The number of bad -- as in criminal -- apps that have been available via Google Marketplace is tiny (under 100 have been publicly identified) but the Google policy of scant screening before putting an app in the marketplace is ample to cause heartburn among CIOs.
The problem intensifies because in the most recent batch of apps infected with Trojans there were ones employees shouldnt have downloaded (Hilton Sex Sound), but there also were ones that seemed harmless (Chess, Super Stopwatch & Timer). That is scary and a reality is that Google is unlikely to ever impose rigorous Apple-style apps screening, which means there always will be a Wild West element to the Google Marketplace.
A bit of prevention would come by requiring employees to use third party apps marketplaces that do screen apps (Amazons Appstore for Android is one) but, right now, such venues have slimmer pickings than does the Google Marketplace, which means employees may wind up there anyway. The cure, say the experts, is to require employees to install an app (Lookout Mobile is one) that screens new app downloads for authenticity before allowing them to fully load on the tablet.
Robert McGarvey - As a busy freelance writer for more than 30 years, Rob McGarvey has written over 1500 articles for many of the nation's leading publications―from Reader's Digest to Playboy and from the NY Times to Harvard Business Review. McGarvey covers CEOs, business, high tech, human resources, real estate, and the energy sector. A particular specialty is advertorial sections for many top outlets including the New York Times, Crain's New York, and Fortune Magazine.