Amazon Kindle Fire Meets Enterprise: Security Advice - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
9/28/2011
07:24 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Amazon Kindle Fire Meets Enterprise: Security Advice

How do you secure these devices, and prevent them from accessing the network, without help from your mobile device management system?

Amazon announced its new 7-inch tablet this week to much fanfare. Great price ($199), great specs, and even more important, it runs Google's Android operating system, giving the user access to apps, movies, and a whole slew of other content. Our take: The price point makes this thing a credible iPad killer, but it's also a shot across Google's bow because the Kindle Fire is highly customized by Amazon and does not provide access to Google's Android market. Now it's an Amazon vs. Apple discussion instead of Google vs. Apple.

Smart tactic for Amazon and great for the consumer, but what does it mean for your network? If sales of Hewlett-Packard's doomed TouchPad are any indication, my bet is that it will increase the rate of tablet adoption dramatically. When HP announced a steep TouchPad price drop, weekend hackers started snapping them up and hacking them to run Android, dynamic IT dashboards, and remote-controlled robots. With such a low price for the Kindle Fire, consumers -- read: your end users -- will soon employ them for all kinds of functions Amazon never intended -- and you never imagined, for that matter. Which leads us to the security issues that accompany any fast-paced consumer adoption and how you can address them.

First, the Kindle Fire runs Android, and like all Android devices, you would expect support from the major mobile device management providers. But you'd be disappointed. Amazon has decided that the Kindle Fire will not have access to the Google Android Market, where major MDM vendors put their apps. Only the Amazon Android Store is accessible, and MDM providers do not have their apps available in that store at the moment.

[ Want a closer look at Amazon's Kindle Fire tablet? See Amazon Kindle Fire: Visual Tour. ]

Second, if you do get your hands on an MDM client, it may not function properly on the Kindle Fire, at least at first. The hardware is different from other Android devices, and the OS, while Android-based, is a completely different user interface. Basic security functions your organization may require, such as pass code screens and encryption, may not function either.

On Nov. 16 (the day after the first preorders land on doorsteps nationwide) you will have people walking into the office with their new Kindle Fires and hopping on the company Wi-Fi to show off the sleek-looking tablet to envious peers. And to be fair to the Fire, this problem is applicable to any new consumer device, be it a smartphone, tablet, or netbook.

So how do you secure these zero-day devices, and/or prevent them from accessing the network, without help from your MDM system?

First, find out when your MDM vendor will support the device, and mark that day on your calendar so you can push out updates ASAP.

Second, if you want to prevent access from the Kindle Fire -- or any device -- set your Wi-Fi APs to deny access for the specific Organizationally Unique Identifier. Now, this isn't a perfect solution, because, for example, an OUI linked to Apple may block all iPhones, even though you only want to block iPads. Watch the help desk phones light up.

Third, leverage your vulnerability scanner, such as Nessus or Qualys, and use its operating system fingerprinting function to find devices that match the unsupported profile, and have it blocked via firewall or the access point. This is a manual process but shouldn't be too burdensome.

Fourth, if you're really concerned, get yourself a Wi-Fi intrusion-detection system -- technology that's custom built for the identification and authorization of wireless devices.

Finally, and in my opinion, most important, get your priorities straight. Just let them on and realize that your network is public, but your systems are private. In other words, don't try to prevent the connection to the network, prevent access to the resource, such as the file server or email. MDM vendors provide the capability to default-deny any device that isn't registered with their software. In our Kindle Fire case, if we have this policy enabled, the employee can get access to Wi-Fi and show off but cannot access email, calendars, or the file server until the device is supported.

One other piece of advice from the trenches: If you see a phenomenon like the Kindle Fire coming your way, buy one or three and give them to the security and IT staff to play with, so they know what the device can and cannot do. You might be surprised at your team's ability to develop security controls and provide help desk support once they have had a chance to analyze new hardware. Plus, it helps build morale when the company encourages the "geeking out" of the IT staff via access to a cool new device.

See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll