Feeds

Tablet security study finds BlackBerry still good for something

iPad,Galaxy Tab and PlayBook face off in BYOD probe

Boost IT visibility and business value

A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work.

A study by Context Information Security looked at Apple's iPad, Samsung's Galaxy Tab and RIM's BlackBerry PlayBook, and concluded the Samsung device was the least enterprise-ready of the trio. While the iPad and BlackBerry PlayBook performed better, both still have security deficiencies – including desktop software that fails to encrypt backups by default.

The BlackBerry was the only device of the three found to provide good separation between personal and work data, something that ought to be a key feature in supporting the growing trend of Bring Your Own Device (BYOD).

All three tablets supported Exchange ActiveSync, a factor that means their core security configurations can be managed from a central Exchange server. But differences in security controls affect their suitability for enterprise use. These security controls included data protection, software integrity and updates, access control, security configuration profiles and connectivity, along with backup and synchronisation.

The iPad has robust data protection and damage limitation facilities. However, its security shortcomings include the regularity of new jailbreak attacks, and ineffective disk encryption unless a strong passcode policy is applied. And although the iPad's disk encryption scheme is well designed, the default behaviour for iTunes backups is to store files in clear text, obviously unacceptable for the storage of potentially sensitive corporate data. Much the same back-up approach is adopted with the BlackBerry PlayBook.

The Samsung tablet does not ship with a locked bootloader but the built-in disk encryption provides weaker support, making it more difficult to use. Even when encryption is enabled on the Galaxy, it allows badly written apps to store sensitive information on any unencrypted SD card inserted into the device.

A lack of enterprise-level management tools beyond ActiveSync also means that it is very difficult to manage more than a small number of Galaxy Tabs in an enterprise environment, a shortcoming the kit shared with the iPad. The BlackBerry PlayBook, by contrast, provides "excellent logical and data separation between work and personal modes" thanks to its Balance architecture – which allows secure wipes of biz data from the device by the employer while leaving personal information intact – combined with its built-in Bridge content-porting application.

Context Information Security's report, entitled Tablets - A Hard Pill to Swallow (available here), casts a rule on the robustness of the security controls on the three popular tablet platforms.

We can't stop BYOD

Jonathan Roach, principal consultant at Context and author of the report, concludes that even though security controls are easier to apply on traditional desktops and laptops, the trend towards allowing working to bring their own devices into work is unstoppable.

“It is difficult to ignore the growing presence of tablet computers in the home and workplace offering a blend of productivity, connectivity and physical freedom which has never been achieved before,” Roach said. “The device format is perfect for social networking and creating and sharing documents, presentations and other content on-the-fly, but the same characteristics also present tough security challenges for organisations. Our research suggests that most tablet manufacturers still have a way to go before their products can deliver the high levels of security required for use in most corporate enterprises.”

Many security vendors are marketing third-party tools designed to overcome some of the security shortcomings surrounding the use of consumer devices in corporate environments.

Roach indicated that these tools are likely to help correct some of the issues the study outlined but it's not clear how much. The effectiveness of BYOD management and security tools was beyond the scope of Context's initial study into the security of tablet devices but may become the topic of follow-up research. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?