Technology: Tablet Computing
The new frontier in enterprise IT security
April 28, 2011 at 08:00 PM
13 minute read
The original version of this story was published on Law.com
This is the second part in a multipart series exploring technology risks facing in-house counsel and their clients. The first article in this series dealt with steps that in-house counsel can take to keep their data safe while they are on the road. This installment deals with deploying tablet computers in both the legal department of companies and in the enterprise in general. It also suggests some steps that might help to make these tablet computers more secure.
As tablet computers such as the Apple iPad, the Samsung Galaxy Tab, and the RIM Playbook start to displace laptop computers as the mobile computing platform of choice for both lawyers and other company employees, in-house counsel must be attuned to the risks associated with using these types of devices and be in a position to counsel their clients on these potential risks and ways to mitigate them.
Tablet computers are becoming a particularly hot topic as companies move to migrate mission critical applications to these platforms. The use of applications such as customer relations management applications, mobile payment and processing applications and other cloud-based applications all enhance the chances of data loss.
While often not thought of in the same vain as the laptop, tablet computers offer much of the same (and increasingly more) functionality as laptops. However, due to the newness of these platforms, the current lack of security in the underlying operating systems, and their enhanced uses, these platforms create additional risks for users and for companies.
However, unlike most laptops and desktop computers, company IT departments are not yet universally installing any type of encryption or any other network security devices or software on tablet computers. Unfortunately, this presents an opportunity for hackers to access the data on these devices. This can also be said for smartphones, which have much of the same functionality and vulnerabilities as tablet computers.
The Main Concerns When Using Tablet Computers
The leading concerns from a security standpoint with respect to tablet computers at the current time can be summarized as follows:
- Most tablet devices do not contain any type of security or virus detection software.
- Most users use tablets for personal use as well as business use. This dual use may expose corporate intellectual property assets to misuse or inadvertent disclosure due to the end user's use of social media or other personal applications on the tablet.
- The very applications that make tablet computers such a valuable business and personal tool also may allow access to the information contained on those devices through the installation of malicious applications.
- Most tablet devices are able to connect to internet via Wi-Fi. When connecting through the use of free, public Wi-Fi connections, data being transmitted as well as data contained on the devices may be at risk. This is especially true when using unsecured networks, which are becoming more ubiquitous throughout the country, if not the world.
- Many devices do not have any remote disabling or wiping software or other technologies installed upon them. In the event of a loss of the device, not only is the data contained on the device potentially at risk, but the loss can also potentially allowed unfettered access to the corporate networks.
Some Thoughts on Securing Tablets
As discussed in the first column of this series, one of the first things that all users should be required to do is to install a password on their tablet devices. At a minimum, this will deter the casual thief from accessing the data on the device as well as potentially accessing the corporate network. I should note that this is a very basic measure as there are devices in the marketplace that can directly access data on mobile devices even if a password is in place.
Secondly, all devices should have anti-virus as well as remote disabling or wiping technologies installed upon them. In the event that the device is lost, the data on the device can be remotely wiped thereby limiting inadvertent disclosure of sensitive information. Additionally, this remote wiping will prevent access to the corporate networks.
Thirdly, corporate enterprises should consider either directly providing these types of devices to appropriate end users so that the use of the device can be limited to corporate use only. As such, applications that access social media-type functions can be limited on these devices.
There are rumors that some forthcoming versions of certain tablet operating systems will be able to essentially partition the devices into a consumer side and a business side. This is particularly interesting because it will allow the enterprise to remotely wipe the corporate side of the device if it is lost while not touching the personal side. It also would presumably create a partition between an employee's social media or other personal uses and the employee's corporate uses, which would afford better protection for corporate IP in the event a consumer application was breached. Again, the goal is to enable the enterprise to provide a higher level of security for the devices.
Another suggestion is to make certain that employees are only downloading applications from approved application stores or market places. Google recently admitted that it had removed more than 50 malicious applications from its Android market in March of this year and remotely deleted these applications from over 250,000 smartphones that had already downloaded the applications. These applications were either found to be accessing private data inappropriately or providing data on users in violation of Google's privacy policies. Additionally, companies need to make certain that users do not jail-break their devices and that the devices have the latest version of the appropriate operating system installed.
Further, legal departments need to confirm that the company's policies and procedures with respect to information technology are appropriately updated to take into consideration the use of tablets and other mobile devices by employees.
Lastly, enterprises that are using tablets to develop applications for either corporate use or for their customer's use need to make certain that robust security is incorporated into those applications at the development stage so that not only is the enterprises' data protected but also customers that use those applications have their data protected also.
In Closing
While tablet computers present unique security risks, many of these risks can be mitigated through appropriate policies and procedures. Additionally, enterprises need to make certain that their employees are well educated on the ever evolving security risks associated with these and other mobile devices.
Like all new technology, some enterprises are reluctant to allow the adoption of these technologies. However, ultimately the ease of use of these devices as well as their ability to provide increased functionality and competiveness for enterprises will win the day, allowing for their ubiquitous adoption. Security will, however, always need to be a part of the technology adoption equation.
Read Roy Hadley's previous column.
This is the second part in a multipart series exploring technology risks facing in-house counsel and their clients. The first article in this series dealt with steps that in-house counsel can take to keep their data safe while they are on the road. This installment deals with deploying tablet computers in both the legal department of companies and in the enterprise in general. It also suggests some steps that might help to make these tablet computers more secure.
As tablet computers such as the
Tablet computers are becoming a particularly hot topic as companies move to migrate mission critical applications to these platforms. The use of applications such as customer relations management applications, mobile payment and processing applications and other cloud-based applications all enhance the chances of data loss.
While often not thought of in the same vain as the laptop, tablet computers offer much of the same (and increasingly more) functionality as laptops. However, due to the newness of these platforms, the current lack of security in the underlying operating systems, and their enhanced uses, these platforms create additional risks for users and for companies.
However, unlike most laptops and desktop computers, company IT departments are not yet universally installing any type of encryption or any other network security devices or software on tablet computers. Unfortunately, this presents an opportunity for hackers to access the data on these devices. This can also be said for smartphones, which have much of the same functionality and vulnerabilities as tablet computers.
The Main Concerns When Using Tablet Computers
The leading concerns from a security standpoint with respect to tablet computers at the current time can be summarized as follows:
- Most tablet devices do not contain any type of security or virus detection software.
- Most users use tablets for personal use as well as business use. This dual use may expose corporate intellectual property assets to misuse or inadvertent disclosure due to the end user's use of social media or other personal applications on the tablet.
- The very applications that make tablet computers such a valuable business and personal tool also may allow access to the information contained on those devices through the installation of malicious applications.
- Most tablet devices are able to connect to internet via Wi-Fi. When connecting through the use of free, public Wi-Fi connections, data being transmitted as well as data contained on the devices may be at risk. This is especially true when using unsecured networks, which are becoming more ubiquitous throughout the country, if not the world.
- Many devices do not have any remote disabling or wiping software or other technologies installed upon them. In the event of a loss of the device, not only is the data contained on the device potentially at risk, but the loss can also potentially allowed unfettered access to the corporate networks.
Some Thoughts on Securing Tablets
As discussed in the first column of this series, one of the first things that all users should be required to do is to install a password on their tablet devices. At a minimum, this will deter the casual thief from accessing the data on the device as well as potentially accessing the corporate network. I should note that this is a very basic measure as there are devices in the marketplace that can directly access data on mobile devices even if a password is in place.
Secondly, all devices should have anti-virus as well as remote disabling or wiping technologies installed upon them. In the event that the device is lost, the data on the device can be remotely wiped thereby limiting inadvertent disclosure of sensitive information. Additionally, this remote wiping will prevent access to the corporate networks.
Thirdly, corporate enterprises should consider either directly providing these types of devices to appropriate end users so that the use of the device can be limited to corporate use only. As such, applications that access social media-type functions can be limited on these devices.
There are rumors that some forthcoming versions of certain tablet operating systems will be able to essentially partition the devices into a consumer side and a business side. This is particularly interesting because it will allow the enterprise to remotely wipe the corporate side of the device if it is lost while not touching the personal side. It also would presumably create a partition between an employee's social media or other personal uses and the employee's corporate uses, which would afford better protection for corporate IP in the event a consumer application was breached. Again, the goal is to enable the enterprise to provide a higher level of security for the devices.
Another suggestion is to make certain that employees are only downloading applications from approved application stores or market places.
Further, legal departments need to confirm that the company's policies and procedures with respect to information technology are appropriately updated to take into consideration the use of tablets and other mobile devices by employees.
Lastly, enterprises that are using tablets to develop applications for either corporate use or for their customer's use need to make certain that robust security is incorporated into those applications at the development stage so that not only is the enterprises' data protected but also customers that use those applications have their data protected also.
In Closing
While tablet computers present unique security risks, many of these risks can be mitigated through appropriate policies and procedures. Additionally, enterprises need to make certain that their employees are well educated on the ever evolving security risks associated with these and other mobile devices.
Like all new technology, some enterprises are reluctant to allow the adoption of these technologies. However, ultimately the ease of use of these devices as well as their ability to provide increased functionality and competiveness for enterprises will win the day, allowing for their ubiquitous adoption. Security will, however, always need to be a part of the technology adoption equation.
Read Roy Hadley's previous column.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Lawyers Drowning in Cases Are Embracing AI Fastest—and Say It's Yielding Better Outcomes for Clients
GC Conference Takeaways: Picking AI Vendors 'a Bit of a Crap Shoot,' Beware of Internal Investigation 'Scope Creep'
8 minute read
Why ACLU's New Legal Director Says It's a 'Good Time to Take the Reins'
Trending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
