Tablets

Five ways to address tablet security for corporate board members

Corporate board members increasingly want to use tablets during the course of their meetings. Will Kelly offers us five ways to secure your sensitive data on board member tablets.

Increasingly, corporate board members are moving to tablets, sometimes even outside the purview of the corporate IT departments and their policies. This has the potential to put corporate networks and highly sensitive corporate documents -- such as Board Books and corporate financials -- at risk, especially in light of some of today's strict compliance programs.

Securing corporate board member tablets, their mobile access to your corporate network, and your sensitive corporate documents have all the technical aspects you probably already practice with your employees and contractors, but with the added potential of corporate political bumps that can only come from high powered, busy executives with varying technical skill levels and interests.

Here are five ways to address tablet security for your corporate board members:

1. Make tablet security part of board member contracts and agreements

If corporate board members are clamoring for the iPad and other tablets, it's time for your IT department and executive suite to work together to extend existing corporate mobile device security policies to the corporate boardroom, if it already hasn't been done. This could take a number of paths, including adding mobile device security clauses to corporate board member contracts and agreements, so they're contractually bound to follow the same mobile security and BYOD rules as corporate employees and contractors.

Another consideration is personalized or board member-specific tablet security training, depending on board member and executive wishes to aid in a smooth transition.

2. Implement an electronic board portal

The growing acceptance of the iPad inside the enterprise has led to electronic board portals from vendors like Director Access and BoardVantage. An electronic board portal, combined in conjunction with an iPad, is a user-friendly way to establish a secure connection between a board member's tablet and the board portal for collaboration and logistical information, such as voting and meeting arrangements.

3. Build your own board portal with SharePoint and a secure iPad client

In cases where an electronic board portal might be beyond your budget, look to your existing SharePoint implementation and a secure iPad app to provide an entry-level yet secure document management and collaboration for corporate board members. For example, Coaxion for iPad (see Figure A) provides SSL-encrypted SharePoint access and document collaboration, document broadcasting for updates, and users can even delete local copies of documents off board member iPads at the end of a collaboration session. It's among the first generation of iPad apps for accessing SharePoint, which provides secure data transmission, vs. an app that transmits data over an open network. Figure A

Coaxion for iPad is free from the App Store and provide a new level of iPad to SharePoint secure collaboration.

4. Use a rights management server to secure documents, regardless of the tablet

In the end, tablets can be accidentally lost or stolen, so it's important to lock down documents with a rights management server and be platform agnostic about corporate board member tablet security altogether.

Adobe LiveCycle Server is one such rights management server. It assigns an encryption key to an Adobe Acrobat PDF, which encrypts the document protecting it from unauthorized users. A corporate board member could log into the corporate network from their tablet using Lightweight Directory Access Protocol (LDAP). With the mobile version of Adobe Reader, the server authenticates the board member through LDAP, and they can read documents restricted to just the corporate board members.

Another option with Adobe LiveCycle Server and other rights management servers is to "expire" documents. This is when you can grant document access to a certain group of users and then revoke user access after a certain amount time. For example, you may have a three-day corporate board meeting, where reviewing key corporate financial forecasts is on the agenda. Policies can be set over the documents to make them accessible to board members only for the three days of that meeting. After the closing day, the documents would expire and be inaccessible to the board members.

5. Implement a secure content management server that can publish to tablets

With the kind of corporate information that boards regularly access and review, your organization may want to consider implementing a secure content management system (CMS) that can publish directly to tablets. Some of these CMS tools even enable you to track your corporate board books, financials, and other proprietary information from the server out to the tablet. Signal from Rimage is one such CMS.

Signal includes many of the features of other CMS services on the market, along with a similar but push-based publishing process, but it takes its content management a step further through its Signal Content iPad and Android apps (see Figure B). Here are some of Signal's mobile-specific features:
  • View access to all content the user has permissions to access
  • Document encryption on the server through transport to the mobile device
  • Support for online/offline content encryption
  • Document viewing that includes single and double page viewing
  • Support for viewing video directly through the tablet app
  • Document tracking that extends to iPads and Android tablets with full analytics
  • Flexible access policies set through a cloud-based management platform
Figure B

The Signal Content iPad app is quite functional and secure for board members reviewing sensitive documents.

Rights Management solutions are great choices in there own right, but Rimage Signal uses a single Digital Rights Management (DRM), providing end-to-end security and making it attractive for organizations and industries that require the additional security.

Summary

As tablet demand grows inside corporations, security needs to evolve to meet the challenge. Fortunately, there's a wide range of solutions to secure your corporate board member tablets, and especially your sensitive internal corporate documents. How does your organization secure corporate tablets? Please share your experience in the discussion thread below.

About

Will Kelly is a freelance technical writer and analyst currently focusing on enterprise mobility, Bring Your Own Device (BYOD), and the consumerization of IT. He has also written about cloud computing, Big Data, virtualization, project management ap...

3 comments
anywherepad
anywherepad

One major concern in a tablet-based board meeting process is the potential (and inevitable) loss of some devices, either through simple absent-mindedness or outright theft. It is therefore crucial to have some form of security when this happens. The primary way, which you've already mentioned, is to have strong encryption. On top of this, there should be a way to wipe the data that is on the device. Remote wipe is one solution, but it won't work if the device never connects to the internet. Another approach is to automatically purge the device's contents upon detecting password guessing. This is actually the approach that our own solution (www.anywherepad.com) takes.

John-A
John-A

My organization already owned the Altiris (Symantec) Client and Endpoint Management Suite. We were able to easily implement Symantec's new Mobile Device Security product into the Altiris platform. The quality of Altiris and Symantec's security reputation made buying the product a fairly easy sell.

eldergabriel
eldergabriel

The topic you have brought up and the types of solutions you have mentioned here is often overlooked, i think. Thanks for the write-up and bringing this subject to light.