Wednesday, July 11, 2012

Tablet Encryption 101

Thinking about encrypting your Apple or Android tablet? The process can be daunting, but here's how to do it.
 Today’s workplace is becoming increasingly agreeable to the BYOD (bring your own device) concept: Employers are finally giving the green light for staffers to use their own equipment for work while they're at the office. For businesses, it's cheaper to let employees bring in their own laptops, smartphones, or tablets, since that cuts down on the need to purchase hardware (though not on the need to support it). Regardless, businesses seem to have little choice in the matter, since many employees are bringing their devices in whether they have permission or not--and some people are knowingly breaking the company’s security policy in doing so.

If you want to bring your own Android or iOS tablet to work, you should consider a couple of factors before taking the plunge. First, in some respects you lose ownership of your device once you commit to using it at work and keeping potentially sensitive data on it. Corporate intellectual property or client data is extremely valuable to your employer, and as such you lose certain freedoms regarding any device that contains that information. Mishandle that information, and you might lose your job.
Second, you have to think about how to secure the device against tampering, to protect its information and thereby minimize your loss of ownership. If you plan to store confidential material of any kind on your tablet, you’ll want to safeguard that data against the chance that you lose the device or let it slip into the wrong hands.
So how do you keep your data secure? You encrypt it. The field of data encryption is always changing, and you can encrypt your tablet in many different ways. Here are a few popular methods of tablet encryption that I was able to test.

Encryption Basics

For our purposes, encryption is a process that changes data in a way that makes it unreadable to anyone who doesn’t possess the key to unlock it. The data is, in theory, useless without the key, thus affording some measure of security in the case of theft or loss.
Tablet Encryption 101
Encryption itself is a complicated topic. For a PC, you can purchase encryption software or encrypted hardware, as well as products that encrypt the “whole” disc, including the Master Boot Record. The debate over which approach is better rages on. Software encryption involves running an encryption program on a standard drive to make its data indecipherable unless you have the key. This implementation tends toward slower access time, since the managing software decrypts the data for applications as they need it. Hardware encryption, in contrast, is generally invisible to the PC's software, including the operating system. Although this type of encryption is faster, it tends to be more expensive, as it requires specific hardware components. There's a whole lot more involved in encryption and device security, but a deep delve into those details is outside the scope of this article.
Since this story covers tablet encryption, let’s look at two of the world’s leading tablets: the Apple iPad and the Asus Eee Pad Transformer. Although both tablets offer some measure of security, you should be aware that both fall a bit short of enterprise levels of encryption. Still, if you want to encrypt your tablet for business purposes (or for your personal protection), take the following steps.

How to Encrypt an Apple iPad

Apple claims that all of its devices have hardware encryption out of the box, protection that the user can’t disable. This is a good thing, since it makes the “Fast Erase” functionality (if you lose your iPad or iPhone, you can remotely wipe the device in seconds if the feature is enabled) possible. Nevertheless, the hardware encryption has a weakness: If your device is jailbroken, all bets are off. Jailbreaking an Apple device bypasses the security code, so if your tablet is stolen, your data is only a jailbreak away.
Thankfully, the iOS 4.0 update added the Data Protection feature, which offers true encryption. Unfortunately, applications must enable Data Protection in order to take advantage of it--and most applications, to date, do not make use of Data Protection. This is deplorable! It’s also my duty to note that iCloud Storage does not encrypt your data, so using that service will open your cached data to prying eyes if someone compromises your device via a jailbreak.
Tablet Encryption 101
That said, if you want to encrypt your iPad without jailbreaking it, you will have to rely on Apple's encryption features. Turning on Apple’s encryption is as easy as activating the Passcode feature in the General settings; the default Simple Passcode provides a 4-number combination to unlock the device, and turns on the basic hardware-encryption functionality. Remote Wipe, also listed in the General settings under Passcode Lock, will turn on Data Protection, and will erase all data on your device after ten invalid passcode-entry attempts, as shown in the screenshot above.
If you're not sure whether these safety features measure up to your employer's requirements, take a look at Apple’s white paper regarding the security of the iPad; it’s a decent read, and for many corporate environments the iPad's amount of protection might be sufficient, even with the caveats described above.

How to Encrypt an Android Tablet

Now that you've seen the limited encryption options available on the iPad, you're probably thinking that an Android tablet is a safer option, right?
Well, the truth depends on which tablet you own and on which version of Android it's running. Before I dig into that topic, let’s take a quick peek at how to enable encryption on a tablet running Android 4.0. First, open the Settings menu and find the Security section, as shown below. From there it’s one tap to enable encryption and one tap to confirm, and off Android goes. The encryption process can take up to an hour depending on your device, so be patient.
Tablet Encryption 101
Now that your Android tablet is encrypted, you might wonder how strong the encryption is, or how hard a malefactor would have to work to decrypt it. The problem is, Google has been closed-mouthed about the specifications of Android encryption. Is it 256-bit AES, as on the iPad? We know that Android 3.0 Honeycomb is 128-bit AES, according to source.android.com, but I couldn't find any data about whether Google will strengthen Android encryption in later versions.
Is Android encryption just hardware encryption? Do apps have to utilize an API to gain encryption protection, just as they must in order to take advantage of the iOS Data Protection feature? We don’t know yet, though PCWorld has reached out to Android representatives for comment.
If you want to learn more about your Android tablet's encryption features and how strong they are, try looking up the specific device you own and checking for any white papers or security manuals the manufacturer has published. The Android developer community can be a fantastic resource, too: For example, I learned that the Asus Eee Pad Transformer Prime's hardware encryption includes cryptographic signatures protecting the boot partition, an improvement over the security implemented on the Asus Eee Pad Transformer.
Having encrypted my Transformer, I can say that the tablet won’t even finish booting without a passcode. That's good--until the tablet crashes and reboots in the middle of the night, and the alarm fails to go off in the morning because it’s waiting on input from you, and suddenly you're late to work. Encrypt your device if you must, but understand that Android tablet encryption can have some unintended consequences.
Tablet Encryption 101

Tablet Encryption Needs Improvement

On top of all of the concerns described above, rumor has it that an encrypted device that is already running is vulnerable to terminal commands if the Debug mode is enabled and someone gains physical access to your device. Beware, developers!
Even so, for both tablet platforms, the verdict isn't all bad. Android also includes a remote-wipe functionality, and you can find some decent security apps for both platforms that enhance or replace the default encryption, making either tablet enterprise-ready with some customization.
All in all, from a risk perspective, neither tablet platform passes the test for me when confidential information is at stake, but you might feel differently. If you have any relevant experience or tips to share regarding tablet encryption, let us know in the comments. And if you're an employer looking for enterprise-class approaches to BYOD security, feel free to talk about that too. Would you allow iPads and Android tablets on your network, knowing what I've outlined above?

No comments:

Post a Comment