Without question, the iPad has been the most disruptive piece of technology released within the last decade for businesses. The speed of its uptake has surprised everybody, and its uptake in boardrooms and amongst senior executives has dramatically changed the workplace. In business meetings and conferences across the world an exec will turn up with an iPad, which prompts others attending to feel they should have one as well, and they then take their newly acquired iPad to their next meeting, creating an unstoppable purchase cycle.
However, with the recent launch of the new iPad triggering another huge surge in sales, perhaps now is the time to stop and think about the challenges this rapid adoption brings.
Executives no longer just want an iPad as a fashion accessory. They want it to be a practical and functional device, enabling them to work on the move and share this work with colleagues, and clients alike. To do this, however, the iPad must connect to a corporate email and carry around potentially sensitive documents.
I have been speaking with a number of Information Security departments about the challenges that come with this trend. Many of them said they initially responded to their executive’s request that, as the iPad is not a supported platform, they simply cannot connect it to the corporate network. But this is not a popular response and they are often asked to “find a way”.
Consumerisation of tablets
This is not to undermine the great achievements of the iPad. Along with other tablets, it has undoubtedly delivered on the promise to provide a portable device which users can annotate without carrying around bulky paper, or even more bulky laptops. It has also delivered on consumerisation, a key element being that users must be self supporting which is much easier with tablets than with full desktop systems.
This is why it’s not surprising that time and time again I have the same conversation with companies around the challenges of mobile devices, mobility and ‘bring your own device’. This concern tends to be closely followed by discussions around cloud adoption, as users increasingly turn to backdoor cloud adoption, using file-sharing services to put documents on their unsupported tablet devices.
Is there a solution?
There is now a desperate need for businesses to overhaul the approach they are taking to managing corporate IT and Information Security. Instead of having a standard build and a limited set of supported platforms, we now need to look at minimum standards of connection and security controls across multiple platforms.
A primary focus of information security should be how to enable mobile devices and tablets access to the network. Combining the policy enforcement and control requirements that are required, whilst providing the usability and performance experience that attracted users to the tablet in the first place, will be a careful balancing act for Information Security departments.
The key to this is Information centric security. It is possible to enable access by developing an understanding around what information can go on a device, based upon the user, and also assessing the location and whether it is a personal or managed device. These are the first step in preventing sensitive information from risk.
Nobody can deny that the rapid adoption of tablets has created an interesting challenge. But, I believe, that with right balance and a can-do outlook businesses and users alike will reap the benefits that today’s devices can deliver.