How a Tablet Changed My Life
Ok, so maybe the title is a bit extreme, but I've had this tablet for a few months and I've started noticing that it's changing things up for me.
First of all, books are WAY simpler. I pretty much expected this, it's why I bought the thing in the first place. The first thing I did once i got the tablet was get electronic copies of almost every book I own. Fiction, Reference, Non-fiction, books for work, everything. So now if I travel, there's no need to choose what to bring. If I'm at work, and find myself saying - "if only I had Cricket Liu's "DNS and Bind" book, I could explain it to my customer and give them a good citation (page number etc)", no problem, it's there.
If I'm building something that I haven't done before, like the FCOE switches that I'm working on this week, I'm not alt-tabbing to the vendor documentation, I have the book / vendor web page / whatever open to the right page, and it's right there.
The best part of having a tablet is that it's not a computer. Sure, it has a browser and everything, but the form factor makes it fundamentally different. If my wife and I are watching TV, a laptop has that screen popped up that says "don't talk to me" - a tablet sits in my lap and is generally way less obtrusive than any laptop, it has a lower profile than lots of hardcover books in fact. Using a tablet instead of a laptop has done a fair bit for marital harmony on that front ....
But it's enough of a computer to do some useful things. I wrote all of my study notes for SEC542 on this thing, and it was just as easy in Docs2Go as in Excel, which I normally use for notes of this type. The nice thing is that when I was done, it IS in Excel. Picking the right apps makes your data portable. Picking the wrong apps puts your data in "data jail", it'll never leave the tablet - this is really something to consider before deciding on any new app.
There seems to be lots of effort to turn data into "prisoners of the tablet" with proprietary file formats, or prisoners of one vendor or another's e-reader software. It's just too easy to browse to a book vendor, click the book and have it a minute later. The problem is, moving that book to a different tablet might be easy, or it might be a real pain when the time comes later. I've been trying to keep as many of my books as possible in portable formats - in my case, PDF and ePub formats. Formats where I have a choice in the application that reads them, that are easily portable to my laptop or a different tablet or different OS. Especially for reference books, a search function is a real help - this isn't always there on "captive" reader applications.
On a different topic, I'm seeing that people (not me so far I hope) are a lot less lax on security once they get a tablet.
Open access points seem to be fair game for a lot of people now - if there's an open AP, then it's seen as free, fast internet and away they go. I dropped a 3G card into mine - I find that this is pretty cheap, and while not as fast as a lot of home DSL or cable uplinks, it's always there. If I'm pulled over on the side of the road, no problem. If I'm at a client site, I don't need keys or certs to get online. There's a lot of risk in using someone else's open AP - not only is it illegal, it's pretty easy to set up an "evil" AP, often to harvest credentials or credit card info.
I invested in a tiny little access point (yes, also from Apple, sorry - Linksys stopped making theirs). This now travels with me as well. If I'm at a client site with secure wireless (ie - I can't use it), I can generally plug in my trusty AP and get the tablet (and phone and laptop for that matter) online through their ethernet for a faster connection.
For some reason, people don't seem to care as much about their passwords on a tablet as they otherwise would. They can be in the middle of something totally unrelated, a window will pop up asking for their iTunes password, and they'll just key it in, no questions asked. We had a spirited discussion at the ISC's secret conference room last week about this. I think the consensus was that it'd be pretty simple to embed and hide a password harvester that takes advantage of this behaviour into an app, and that as long as you didn't get too greedy or obvious, it'd probably slide right past any check anyone would want to do. If you have information that might indicate otherwise, we'd be really interested in your input - please use the comment form for this.
I'm also not really keen on how most passwords on this device echo back to me - - only one character at a time, but still pretty easy to shoulder-surf.
Credit card security likewise seems to have fallen by the wayside a bit. People get really used to a embedding their credit card info into every music and book vendor they deal with. I'm guilty of this - frankly it's tough anymore to keep track of just who's got my credit card info (I keep a file, but still get surprised every now and then). People also are used to having LOTS of small transactions on their monthly bill. When my statement comes, how certain am I all that each and every one of those $2, $3 and $10 charge are legit, and their mine? Me, not so much. I get an email confirmation for every CC and Paypal transaction I make, but do I add them all up and check against my monthly bill? Ummm .. sometimes? Really, life is too busy to do this most months.
On the topic of enterprise use, so far I've taken care to not store customer or other confidential info on my tablet, until I've got the time to do a thorough review of risk, proper controls and mitigations. I've been told that the Apple iPad Security overview ( http://images.apple.com/ipad/business/pdf/iPad_Security_Overview.pdf) is pretty good, but haven't had the time to review it myself yet. There may be an equivalent or better Android doc, or better IOS guidance. If anyone has further info on this topic please use the comment form.
How have you seen that tablets have changed your life at work or at home?
Do these changes have a security-related story behind them?
Please, share your experiences - I for one am really interested in how these things are changing how we work / play / whatever.
Not to mention that killer app that'll make the tablet that much more useful ...
=============== Rob VandenBrink, Metafore ====================
Comments
Alex
Dec 8th 2010
1 decade ago
I see this as one of the bigger risks at the moment. Especially since people tends to re-use e-mail and passwords.
That is one reason why my account is only used for iTunes, and nothing else. On top of that, I use another e-mail address for most other things, and I use 1Password such that I can have unique complex passwords everywhere.
PHP
Dec 8th 2010
1 decade ago
I don't understand why tablet computers in various forms have been out for years, but these original tablets are never talked about, except in the dedicated tablet computer forums, like gottabemobile.com and tabletpcbuzz.com. My current computer is a Lenovo x200 Tablet with Windows 7, and I love it!
michele654
Dec 8th 2010
1 decade ago
Im sure this is in accordance with their security policies, right?
Josh
Dec 8th 2010
1 decade ago
Rob
Dec 8th 2010
1 decade ago
http://iase.disa.mil/stigs/draft-stigs/
And (ahem) iOS 4.1 security guidelines here:
http://cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.mobile.iphone
Rex
Dec 8th 2010
1 decade ago
David
Dec 8th 2010
1 decade ago
And I'm glad Josh brought it up. That line about setting up a wireless AP made me cringe.
nope
Dec 9th 2010
1 decade ago
A small IT support group decided that supporting and securing iPhones and iPads was better than sticking our heads in the sand and hoping for the best. Then our new CEO showed up with an iPad this summer. Coincidentally, national IT support for iPads was announced a few weeks later.
IMO, the business value of iPads is still a solid "maybe", but YMMV. Most user inquiries start with "I'm tired of dragging my laptop around, I want an iPad", which leads to an extended discusssion/discouragement session. They want to receive, edit, and return Word, Excel, and PowerPoint files, and that's still very much a work in progress, especially since we're prohibited from using tools like DropBox. Many middle managers view iPads as a waste of time and money, so adoption is spotty.
My own iPad substitutes for a laptop about half of the time. If all I need is email and web browsing, works great. Also great for whiling away the hours in undersized airline coach seats, watching podcasts and other videos. Not so good for running your favorite open source network scan or vulnerability assessment tools, especially on wired-only networks :-) And I still haven't solved the search-through-1000-page-PDF-manual problem.
Are iPads perfectly secure or securable? No, but no platform is perfect and risk-free. Each organization needs to weigh the pros and cons.
Rex
Dec 9th 2010
1 decade ago
Steak0mat
Dec 9th 2010
1 decade ago