Corporate policy is beginning to accept BYOD (bring your own device) as a matter of course; but according to Nigel Stanley, security practice leader at Bloor Research, “Security people I work with are scared witless by consumerization and the rapid adoption of these devices.” A new report from Altimeter, Bloor and Trend Micro examines the basic security posture of the four major smartphone platforms: Android, Apple, BlackBerry, and Windows.
All of the platforms examined have their own security provisions, but are all – to one extent or another – found lacking. “Against the growing, unstoppable backdrop of consumerization and BYOD, every mobile device is a risk to business. What is interesting in these results is that, whilst some mobile platforms have evolved very noticeably along enterprise lines, there is still a strong ‘consumer marketing’ legacy in some quarters and this is negating some of the progress made on the enterprise front. Indeed, some of the attributes we have examined in the report are still firmly ‘enterprise-unready' ", the report noted.
BlackBerry is considered to be the best candidate for the enterprise. Possibly, suggests the report, due to its comparative maturity: “Corporate-grade security and manageability make this platform the option of choice for the most stringent mobile roles.” But it points out that security is reduced if the users are provisioned via BlackBerry Internet Services (BIS) rather than BlackBerry Enterprise Server (BES).
BlackBerry’s leading challenger is Apple iOS, where Apple’s proprietary approach and stringent app approval process is legendary. “The iOS application architecture,” comments the report, “natively provides users much protection in terms of the fact that all applications are ‘sandboxed’ in a common memory environment. The downside of this architecture is that theoretically you are only as strong as your weakest app.”
The two remaining options, Android and Windows, both have their security problems. Recent versions of Android have improved features “such as device encryption support,” but it remains “widely exposed to malware and data loss.” The report’s conclusion is IT managers should consider using Android, “but should probably limit its use to the least sensitive mobile roles.”
Finally, there is some praise for Windows Phone. Microsoft, it suggests, has learned lessons from the past and created a reasonably robust and secure smartphone operating system. But, “The system is too new to show a reasonable track record for enterprise adoption, and corporate policies should take this reality into consideration when considering Windows Phone devices for mobile roles other than for general knowledge workers.”