This is not a time to have heads buried in the sand and wishing for risk aspects of business usage of tablets to go away, the tablet is coming to a business near you. In a few years from now they will be as common place on office desks as laptops, and will be smugly grasped by the majority of attendees within meeting rooms. But let us not forget, a corporate used and connected iPad will have the very same type of confidential information to that of a corporate laptop, therefore you would expect the same policies and controls to apply, right? Well perhaps not.
The information security problem is not a problem of control even though iPads are a consumer led invention, as there are third party solutions from the likes of MobileIron which can centrally enforce security controls on iPads within the enterprise. No, it is a problem of risk acceptance.
One of the key fundamental appeals of a tablet is its accessibility, namely it’s “pick up and go” ease of use. But in applying best practice mobile device information security policies and controls to tablets, we find this seriously starts to hinder the device’s accessibility. This trade off kills a key advantage of having the device in the business in the first place. For example a typical best practice mobile device information security policy applied to laptops, which is typically centrally enforced in large businesses, requires users to have an at least 8 character password consisting of upper/lower case alpha, numeric and special characters, and an automatic password lock timeout of ten minutes when the laptop is unused. We could use a third party solution within the enterprise to enforce the same mobile device policy onto the business’s iPad estate. However in forcing a complex long password to be entered every time someone picks up their iPad, will no doubt be a trade off too much to stomach by many, as it kind of defeats the advantage of having an iPad in the first place.