09:12 AM

Kindle Fire Hits The Office: 5 Security Concerns

As proud owners of the Amazon Kindle Fire tablet walk this device through your company's front door, enterprise IT should be prepared.

With the first Amazon Kindle Fire tablets delivered as of Tuesday, IT managers now face salient security and privacy questions: How much of a threat do these tablets pose to enterprise data and systems, and how can risks be mitigated?

For starters, as with netbooks, the iPhone, iPad, and Android smartphones and tablets before it, expect the hot-selling Kindle Fire to quickly arrive at work, and in quantity. Amazon recently increased its order for production from 4 million to 5 million units, and in the run-up to the holiday season, who's going to want to park their tablets at home?

So with the tablets becoming the latest in "bring your own device" chic, be sure to keep these five security and privacy questions--and challenges--in mind:

1. Attackers Like Android. Kindle runs Google's Android operating system. It's been highly customized. But as far as mobile device operating systems go, Android is an attack magnet. Even if attackers have so far failed to monetize their attacks, which hacker wouldn't want to rack up the first Kindle malware? (Perhaps by exploiting the latest vulnerability in the WebKit open source browser engine that powers the tablet's Silk browser?)

2. No MDM Yet. Unfortunately, whatever your company's mobile device management (MDM) tool of choice, don't expect it to work with Kindle, at least not yet. In fact, as Savid Technologies CEO Michael A. Davis has noted, securing Kindle Fires in the workplace will be a challenge, not least because Amazon isn't letting the devices access Android Market, from where needed commercial security tools, such as MDM clients, can be downloaded. Accordingly, CIOs may want to block Kindle Fires from connecting to the business network, at least initially, as much as users may not like that answer.

[ How good is your mobile device management strategy? See Top 5 MDM Must-Do Items. ]

3. Amazon Adds Walled Garden. On balance, the Kindle Fire may come to rank as one of the most secure Android devices. That's because, taking a page from Apple's walled garden model, Amazon is requiring all developers to submit their apps to Amazon for review before they're allowed to be listed. If Amazon can imitate Apple's success at keeping malware off of its devices, it will be doing its users a big favor.

4. Will Amazon Sell Security Apps? Still, Apple has famously blocked many types of security applications from its Apple Store. While security experts and developers can debate whether or not an iPhone, iPad, or iPod Touch is susceptible to viruses, amongst other types of attacks, Apple clearly doesn't want the word "antivirus" coming anywhere near its AppStore. Will Amazon take a different tack with its Kindle Fire shop, given that its devices run Android, which faces many more attacks than iOS?

5. Kindle Data Privacy. To accelerate browsing on the Kindle, Amazon runs non-SSL traffic through its Amazon Elastic Compute Cloud (EC2), which functions as a Web proxy, but which also allows it to store a list of websites that people visit. "The data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement," according to the Electronic Frontier Foundation.

Still, there's an easy fix. "For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration," the EFF said. Of course, will the owner of the season's must-have budget tablet willingly impede their online experience in any way, even if business data might be involved?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
11/16/2011 | 8:56:27 PM
re: Kindle Fire Hits The Office: 5 Security Concerns
As shown on another blog. other, non-Amazon approved apps CAN be installed on the Kindle. The example they gave was installing a Barnes and Noble client software on a Kindle, just to see if it could be done. It could. That opens up the possibility that unsecure apps CAN be installed by a tech savvy user. IT Departments should beware.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.