Kindle Fire Hits The Office: 5 Security Concerns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Kindle Fire Hits The Office: 5 Security Concerns

As proud owners of the Amazon Kindle Fire tablet walk this device through your company's front door, enterprise IT should be prepared.

With the first Amazon Kindle Fire tablets delivered as of Tuesday, IT managers now face salient security and privacy questions: How much of a threat do these tablets pose to enterprise data and systems, and how can risks be mitigated?

For starters, as with netbooks, the iPhone, iPad, and Android smartphones and tablets before it, expect the hot-selling Kindle Fire to quickly arrive at work, and in quantity. Amazon recently increased its order for production from 4 million to 5 million units, and in the run-up to the holiday season, who's going to want to park their tablets at home?

So with the tablets becoming the latest in "bring your own device" chic, be sure to keep these five security and privacy questions--and challenges--in mind:

1. Attackers Like Android. Kindle runs Google's Android operating system. It's been highly customized. But as far as mobile device operating systems go, Android is an attack magnet. Even if attackers have so far failed to monetize their attacks, which hacker wouldn't want to rack up the first Kindle malware? (Perhaps by exploiting the latest vulnerability in the WebKit open source browser engine that powers the tablet's Silk browser?)

2. No MDM Yet. Unfortunately, whatever your company's mobile device management (MDM) tool of choice, don't expect it to work with Kindle, at least not yet. In fact, as Savid Technologies CEO Michael A. Davis has noted, securing Kindle Fires in the workplace will be a challenge, not least because Amazon isn't letting the devices access Android Market, from where needed commercial security tools, such as MDM clients, can be downloaded. Accordingly, CIOs may want to block Kindle Fires from connecting to the business network, at least initially, as much as users may not like that answer.

[ How good is your mobile device management strategy? See Top 5 MDM Must-Do Items. ]

3. Amazon Adds Walled Garden. On balance, the Kindle Fire may come to rank as one of the most secure Android devices. That's because, taking a page from Apple's walled garden model, Amazon is requiring all developers to submit their apps to Amazon for review before they're allowed to be listed. If Amazon can imitate Apple's success at keeping malware off of its devices, it will be doing its users a big favor.

4. Will Amazon Sell Security Apps? Still, Apple has famously blocked many types of security applications from its Apple Store. While security experts and developers can debate whether or not an iPhone, iPad, or iPod Touch is susceptible to viruses, amongst other types of attacks, Apple clearly doesn't want the word "antivirus" coming anywhere near its AppStore. Will Amazon take a different tack with its Kindle Fire shop, given that its devices run Android, which faces many more attacks than iOS?

5. Kindle Data Privacy. To accelerate browsing on the Kindle, Amazon runs non-SSL traffic through its Amazon Elastic Compute Cloud (EC2), which functions as a Web proxy, but which also allows it to store a list of websites that people visit. "The data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement," according to the Electronic Frontier Foundation.

Still, there's an easy fix. "For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration," the EFF said. Of course, will the owner of the season's must-have budget tablet willingly impede their online experience in any way, even if business data might be involved?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
11/16/2011 | 8:56:27 PM
re: Kindle Fire Hits The Office: 5 Security Concerns
As shown on another blog. other, non-Amazon approved apps CAN be installed on the Kindle. The example they gave was installing a Barnes and Noble client software on a Kindle, just to see if it could be done. It could. That opens up the possibility that unsecure apps CAN be installed by a tech savvy user. IT Departments should beware.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll