Kindle Fire Hits The Office: 5 Security Concerns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Kindle Fire Hits The Office: 5 Security Concerns

As proud owners of the Amazon Kindle Fire tablet walk this device through your company's front door, enterprise IT should be prepared.

With the first Amazon Kindle Fire tablets delivered as of Tuesday, IT managers now face salient security and privacy questions: How much of a threat do these tablets pose to enterprise data and systems, and how can risks be mitigated?

For starters, as with netbooks, the iPhone, iPad, and Android smartphones and tablets before it, expect the hot-selling Kindle Fire to quickly arrive at work, and in quantity. Amazon recently increased its order for production from 4 million to 5 million units, and in the run-up to the holiday season, who's going to want to park their tablets at home?

So with the tablets becoming the latest in "bring your own device" chic, be sure to keep these five security and privacy questions--and challenges--in mind:

1. Attackers Like Android. Kindle runs Google's Android operating system. It's been highly customized. But as far as mobile device operating systems go, Android is an attack magnet. Even if attackers have so far failed to monetize their attacks, which hacker wouldn't want to rack up the first Kindle malware? (Perhaps by exploiting the latest vulnerability in the WebKit open source browser engine that powers the tablet's Silk browser?)

2. No MDM Yet. Unfortunately, whatever your company's mobile device management (MDM) tool of choice, don't expect it to work with Kindle, at least not yet. In fact, as Savid Technologies CEO Michael A. Davis has noted, securing Kindle Fires in the workplace will be a challenge, not least because Amazon isn't letting the devices access Android Market, from where needed commercial security tools, such as MDM clients, can be downloaded. Accordingly, CIOs may want to block Kindle Fires from connecting to the business network, at least initially, as much as users may not like that answer.

[ How good is your mobile device management strategy? See Top 5 MDM Must-Do Items. ]

3. Amazon Adds Walled Garden. On balance, the Kindle Fire may come to rank as one of the most secure Android devices. That's because, taking a page from Apple's walled garden model, Amazon is requiring all developers to submit their apps to Amazon for review before they're allowed to be listed. If Amazon can imitate Apple's success at keeping malware off of its devices, it will be doing its users a big favor.

4. Will Amazon Sell Security Apps? Still, Apple has famously blocked many types of security applications from its Apple Store. While security experts and developers can debate whether or not an iPhone, iPad, or iPod Touch is susceptible to viruses, amongst other types of attacks, Apple clearly doesn't want the word "antivirus" coming anywhere near its AppStore. Will Amazon take a different tack with its Kindle Fire shop, given that its devices run Android, which faces many more attacks than iOS?

5. Kindle Data Privacy. To accelerate browsing on the Kindle, Amazon runs non-SSL traffic through its Amazon Elastic Compute Cloud (EC2), which functions as a Web proxy, but which also allows it to store a list of websites that people visit. "The data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement," according to the Electronic Frontier Foundation.

Still, there's an easy fix. "For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration," the EFF said. Of course, will the owner of the season's must-have budget tablet willingly impede their online experience in any way, even if business data might be involved?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll