What is an Enterprise Ready eBook Reader

The growing market of eBook readers has started to get my wallet itching. However being from “the land Down Under”, I am limited as to what I can buy directly. Or more importantly, what I can walk into a store and play with first before coughing up all the money and buying it online.

Even so, from a Enterprise perspective, which is what most of my e-reading would be for, I believe the most appropriate viewing format would be the full size A4 or 8″x11″ screen. As I would be viewing work related documents, I believe this size format would be better for reading PDF’s, Word documents etc etc. Along those lines, I like the look of the I-Rex models, but the price does hurt.

Wearing my corporate hat, one thing that does worry me if I were to allow the use of eBook readers by others in the Enterprise, is how the company information stored on the readers is protected. The readers suffer the same data leakage risks as other mobile storage media (which includes laptop hard drives and USB sticks). Therefore, some level of encryption is needed. The question is, what is the most appropriate type of encryption . Especially as encryption is a CPU intensive operation, I am sure the eBook vendors are scared off at the potential impact of the battery life drain when encryption is thrown in the mix.

Maybe in this case, where one of the main goals and benefits of eBook readers is to have extremely long battery life, is to look at file level encryption support. This way only those files that need to be protected are, while the rest (i.e. magazines, whitepapers, novels, manuals, technical books) are left unprotected.

And now we come to a common problem for the vendors and the Enterprise. How do we make the encryption process convenient enough that end users will make use of it. To that end, I think any such encryption should be designed to protect the majority of Enterprise information in an acceptable fashion, and leave the more sensitive information to utilise other solutions (i.e. full disk encryption on a laptop). When we talk about the majority of Enterprise information we are talking about classifications such as X-In-Confidence , where X can be Commercial, Security, HR, Legal or any other Enterprise body. To define it more clearly, I will make use of the definition from SRMBok (Security Risk Management Body of Knowledge) which is:

“Private, security or commercial information prepared with an expectation it may be shared with external parties with a legitimate need to know, subject to relevant restrictions.

If the information were released to the media or competitors organisation XYZ could expect: minimal damage to corporate interests, including reputation; minor potential for financial loss; minor embarrassment to the company or its business partners and minor detriment to employees or customers.”

A solution that may protect against material that falls into this category, while maintaining ease of use, would be to introduce the fingerprint technology that you see a numerous laptops these days to authorized the decryption processes. If the fingerprint technology were combined with well designed eBook synchronization software, the protection process may become easy enough that people wont avoid the “hassle” of having to encrypt sensitive information.

To protect sensitive information, the synchronization software needs to have a very simple way to encrypt data that is to be transferred. This may simply mean having a special “Protected” container for users to copy Enterprise information into. Given that encryption/decryption functions are CPU intensive, we don’t want to encrypt all files if there is no need. This should minimize the impact on battery usage/CPU to only when “Protected” files are decrypted and displayed.

A fingerprint scanner would be used to protect a random password key that is generation during the eBook reader initiation. Then “Protected” files can be encrypted as they are passed from the synchronization software to the eBook reader. If this method is followed, then the random key never needs to leave eBook reader. This suggests that a tamper resistant/TPM like chip might be important to protect the key from general access if the reader is lost. As long as the person using the eBook reader has their fingerprint authorized, they will be able to display the protected Enterprise material.

Another option for encryption is for the eBook reader to pass the key securely to the synchronization software. This would allow the PC to encrypt the files on its faster CPU first before passing them to the eBook reader. However, once the key is removed from the eBook reader, it opens another source where the key may be found by an attacker to be able to view the eBook readers contents. But lets be realistic, if someone is able to pull the encryption key from the computers eBook synchronization software, then they its very likely that the attacker already has access to all the information stored on the eBook reader anyway.

Of note, Hoff also recently wrote about the same need for a password on the Amazon Kindle2 for Enterprise use.

1 comment
  1. I wanted to choose between the sony reader 700 and the kindle 2. So I purchased both.

    The sony reader arrived first. I have read so many praises about the sony reader compared to the kindle 2. Whereas my experience with the sony reader, I kept for only 1 day, was the glare was horrendous. The backlight is not a backlight. The lights are casted from the side of the reader fusing towards the center, which caused me to experience severe eye-strain. Even without the back light, within fifteen minutes of reading on the sony reader due to the glare, my eyes were hurting. I repackaged the sony reader and sent it back immediately.

    My kindle 2 arrived two days later. Although I have read some ill reviews about the kindle 2, my personal take on the kindle 2 is …. “I HAVE YET TO PUT IT DOWN.” I have not experienced eye-strain. The words are crystal clear. Although it does not have a back light, I purchased a clip on light. The illuminence of the light is equally distributed onto the screen which causes “no” eye strain.

    I do hope in the future that Kindle incorporates a touch screen, which would enhance its performance. I ALSO wish kindle installs, (which the sony reader does have) “password” protect. On all of my electronic devices, they are all password protected.

    But, as far as my reading experience with the kindle 2, I have downloaded so many books and all at a fraction of the original price. I have also found books that are free or next to nothing in expense. I enjoy my Kindle 2 so much that my sister is buying one too.

    With some of the other reviews which were quite helpful, I am going to back up my purcahsed books onto my computer.

    As far as I’m concerned, the Kindle 2 is my choice of electronic reader.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: