Ok, so maybe the title is a bit extreme, but I've had this tablet for a few months and I've started noticing that it's changing things up for me. If I'm building something that I haven't done before, like the FCOE switches that I'm working on this week, I'm not alt-tabbing to the vendor documentation, I have the book / vendor web page / whatever open to the right page, and it's right there. There seems to be lots of effort to turn data into "prisoners of the tablet" with proprietary file formats, or prisoners of one vendor or another's e-reader software. It's just too easy to browse to a book vendor, click the book and have it a minute later. The problem is, moving that book to a different tablet might be easy, or it might be a real pain when the time comes later. I've been trying to keep as many of my books as possible in portable formats - in my case, PDF and ePub formats. Formats where I have a choice in the application that reads them, that are easily portable to my laptop or a different tablet or different OS. Especially for reference books, a search function is a real help - this isn't always there on "captive" reader applications. On a different topic, I'm seeing that people (not me so far I hope) are a lot less lax on security once they get a tablet. For some reason, people don't seem to care as much about their passwords on a tablet as they otherwise would. They can be in the middle of something totally unrelated, a window will pop up asking for their iTunes password, and they'll just key it in, no questions asked. We had a spirited discussion at the ISC's secret conference room last week about this. I think the consensus was that it'd be pretty simple to embed and hide a password harvester that takes advantage of this behaviour into an app, and that as long as you didn't get too greedy or obvious, it'd probably slide right past any check anyone would want to do. If you have information that might indicate otherwise, we'd be really interested in your input - please use the comment form for this. On the topic of enterprise use, so far I've taken care to not store customer or other confidential info on my tablet, until I've got the time to do a thorough review of risk, proper controls and mitigations. I've been told that the Apple iPad Security overview ( http://images.apple.com/ipad/business/pdf/iPad_Security_Overview.pdf) is pretty good, but haven't had the time to review it myself yet. There may be an equivalent or better Android doc, or better IOS guidance. If anyone has further info on this topic please use the comment form. How have you seen that tablets have changed your life at work or at home? Not to mention that killer app that'll make the tablet that much more useful ...
=============== Rob VandenBrink, Metafore ==================== |
Rob VandenBrink 559 Posts ISC Handler Dec 8th 2010 |
Thread locked Subscribe |
Dec 8th 2010 1 decade ago |
How the tablets have changed my life at work? Well, every executive, marketing person, sales guy or persons otherwise unburdened by technical knowledge or understanding of basic security principles, insist on stuffing them full of proprietary and confidential data. Claiming that with release of the iPad, laptops have lost all of their previous functionality and portability, apparently confusing coolness factor for technological necessity. Other than that - I will have to wait for a tablet that doesn't require security to be available on the app store, before I can make any further calls on how it changed my life. For now, I'll stick to my smartphone.
|
oleksiy 34 Posts |
Quote |
Dec 8th 2010 1 decade ago |
The box asking for passwords everywhere arrived with multitasking in iOS. I have seen it as a risk ever since I saw it first time. Apple need to give users a way to verify the context of the alert box. Maybe have an official alert app that can jump like apps on OSX that needs attention.
I see this as one of the bigger risks at the moment. Especially since people tends to re-use e-mail and passwords. That is one reason why my account is only used for iTunes, and nothing else. On top of that, I use another e-mail address for most other things, and I use 1Password such that I can have unique complex passwords everywhere. |
Povl H. 75 Posts |
Quote |
Dec 8th 2010 1 decade ago |
I've used convertible tablet computers for over 4 years now, buying my first one used on eBay. They have each run a full OS (some version of Windows) and have all the applications I need. They are a bit thicker than the current limited OS tablet craze, but I like having the keyboard there if I need it, because I can type faster and with more accuracy than I can write. I could have gotten slate tablets, still a full computer, but with no keyboard.
I don't understand why tablet computers in various forms have been out for years, but these original tablets are never talked about, except in the dedicated tablet computer forums, like gottabemobile.com and tabletpcbuzz.com. My current computer is a Lenovo x200 Tablet with Windows 7, and I love it! |
Anonymous |
Quote |
Dec 8th 2010 1 decade ago |
"If I'm at a client site with secure wireless (ie - I can't use it), I can generally plug in my trusty AP and get the tablet (and phone and laptop for that matter) online through their ethernet for a faster connection."
Im sure this is in accordance with their security policies, right? |
Anonymous |
Quote |
Dec 8th 2010 1 decade ago |
Yes, of course. If I'm not able to plug an AP in based on policy, 3G is a good fallback
|
Rob VandenBrink 559 Posts ISC Handler |
Quote |
Dec 8th 2010 1 decade ago |
Draft DISA STIG for iPhone/iPad is here:
http://iase.disa.mil/stigs/draft-stigs/ And (ahem) iOS 4.1 security guidelines here: http://cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.mobile.iphone |
Rob VandenBrink 8 Posts |
Quote |
Dec 8th 2010 1 decade ago |
I'm pretty reluctant to join the tablet revolution, I admit. I touch-type, so I find keyboardless devices frustratingly slow to interact with. I feel like a netbook is a better fit for me.
|
Anonymous |
Quote |
Dec 8th 2010 1 decade ago |
I tend towards the "paranoid security guy" way of doing things. I don't even have a cell phone. I send enough time trying to secure my home network in my off hours, I don't need a phone or tablet that is owned and controlled by Google or Apple to worry about.
And I'm glad Josh brought it up. That line about setting up a wireless AP made me cringe. |
Anonymous |
Quote |
Dec 9th 2010 1 decade ago |
Our group of 130 people has 10 iPads and more on order. We have national lukewarm-but-official support for iPads and iPhones (alongside Blackberries). We have our own iOS STIG derived from public sources, and iPCU profiles that make applying most of the STIG relatively painless (no we can't release any of that). We require all iPhones and iPads to be on MobileMe for findme and remote wipe (we're not running Exchange). We haven't gone whole hog on over-the-air provisioning, or third-party lockdown/encryption.
A small IT support group decided that supporting and securing iPhones and iPads was better than sticking our heads in the sand and hoping for the best. Then our new CEO showed up with an iPad this summer. Coincidentally, national IT support for iPads was announced a few weeks later. IMO, the business value of iPads is still a solid "maybe", but YMMV. Most user inquiries start with "I'm tired of dragging my laptop around, I want an iPad", which leads to an extended discusssion/discouragement session. They want to receive, edit, and return Word, Excel, and PowerPoint files, and that's still very much a work in progress, especially since we're prohibited from using tools like DropBox. Many middle managers view iPads as a waste of time and money, so adoption is spotty. My own iPad substitutes for a laptop about half of the time. If all I need is email and web browsing, works great. Also great for whiling away the hours in undersized airline coach seats, watching podcasts and other videos. Not so good for running your favorite open source network scan or vulnerability assessment tools, especially on wired-only networks ![]() Are iPads perfectly secure or securable? No, but no platform is perfect and risk-free. Each organization needs to weigh the pros and cons. |
Anonymous |
Quote |
Dec 9th 2010 1 decade ago |
Sorry Rob, this article reads just like an Apple ad.
|
Anonymous |
Quote |
Dec 9th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!