Kindle Fire Hits The Office: 5 Security Concerns

As proud owners of the Amazon Kindle Fire tablet walk this device through your company's front door, enterprise IT should be prepared.

Mathew J. Schwartz, Contributor

November 16, 2011

3 Min Read
InformationWeek logo in a gray background | InformationWeek

With the first Amazon Kindle Fire tablets delivered as of Tuesday, IT managers now face salient security and privacy questions: How much of a threat do these tablets pose to enterprise data and systems, and how can risks be mitigated?

For starters, as with netbooks, the iPhone, iPad, and Android smartphones and tablets before it, expect the hot-selling Kindle Fire to quickly arrive at work, and in quantity. Amazon recently increased its order for production from 4 million to 5 million units, and in the run-up to the holiday season, who's going to want to park their tablets at home?

So with the tablets becoming the latest in "bring your own device" chic, be sure to keep these five security and privacy questions--and challenges--in mind:

1. Attackers Like Android. Kindle runs Google's Android operating system. It's been highly customized. But as far as mobile device operating systems go, Android is an attack magnet. Even if attackers have so far failed to monetize their attacks, which hacker wouldn't want to rack up the first Kindle malware? (Perhaps by exploiting the latest vulnerability in the WebKit open source browser engine that powers the tablet's Silk browser?)

2. No MDM Yet. Unfortunately, whatever your company's mobile device management (MDM) tool of choice, don't expect it to work with Kindle, at least not yet. In fact, as Savid Technologies CEO Michael A. Davis has noted, securing Kindle Fires in the workplace will be a challenge, not least because Amazon isn't letting the devices access Android Market, from where needed commercial security tools, such as MDM clients, can be downloaded. Accordingly, CIOs may want to block Kindle Fires from connecting to the business network, at least initially, as much as users may not like that answer.

[ How good is your mobile device management strategy? See Top 5 MDM Must-Do Items. ]

3. Amazon Adds Walled Garden. On balance, the Kindle Fire may come to rank as one of the most secure Android devices. That's because, taking a page from Apple's walled garden model, Amazon is requiring all developers to submit their apps to Amazon for review before they're allowed to be listed. If Amazon can imitate Apple's success at keeping malware off of its devices, it will be doing its users a big favor.

4. Will Amazon Sell Security Apps? Still, Apple has famously blocked many types of security applications from its Apple Store. While security experts and developers can debate whether or not an iPhone, iPad, or iPod Touch is susceptible to viruses, amongst other types of attacks, Apple clearly doesn't want the word "antivirus" coming anywhere near its AppStore. Will Amazon take a different tack with its Kindle Fire shop, given that its devices run Android, which faces many more attacks than iOS?

5. Kindle Data Privacy. To accelerate browsing on the Kindle, Amazon runs non-SSL traffic through its Amazon Elastic Compute Cloud (EC2), which functions as a Web proxy, but which also allows it to store a list of websites that people visit. "The data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement," according to the Electronic Frontier Foundation.

Still, there's an easy fix. "For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration," the EFF said. Of course, will the owner of the season's must-have budget tablet willingly impede their online experience in any way, even if business data might be involved?

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights