Most Secure Mobile OS? Exploring the Debate from Wider Angles
Corporate security for mobile devices has been a concern for decades. Access to sensitive data and applications must be protected from outside influences and mobile devices were a simple means of stepping behind the corporate firewall. For years, BlackBerry was the primer standard for corporate mobility and still is for the highest-security environments. However, Apple’s products running iOS eventually found a firm stronghold in corporate use. Google’s Android has been an OS for the people and has grown outside the fringes of the corporate world: however, their new effort, Android for Work, is poised to make a push into this regulated environment.
Mobile Device Management (MDM)
With all the talk about security, one may ponder what exactly are the concerns relevant to mobile device management. The first concern surrounds compromised devices, whether lost, stolen or attacked. This area covers password protection and enforcement, encryptions, remote email configuration, certificates and configurations for remote connectivity. How the device is used may decrease the importance of these protections – if the device is only used for email and avoids Internet traffic altogether, the security of the device increases. The only missing control is the ability to detect compromised devices.
Data loss prevention covers controls for privacy, cloud-usage and email DLP. BlackBerry, iOS, and Android all support these requirements, though some may rely on third-party MDM client apps to provide and enhance features. The third concern is provisioning and data security of applications used on the devices. All mobile operating systems have basic application management capabilities, but advanced capabilities are left to the individual mobile management vendors to deploy. All platforms enable businesses to deploy applications directly to their users separate from their respective public app stores, thus allowing IT administrators to restrict downloads to ‘approved’ apps. Volume licensing and distribution mechanisms are available and can be connected to group policies and content management controls though mobile management tools.
The OS Platforms and Devices
BlackBerry devices have provided MDM controls in its operating system and key bundled apps for many years. This was the draw to meet corporate mobile requirements and for a long time, BlackBerry was the only major player. When Apple introduced their iPhone in 2007, they started to take over BlackBerry’s market share. The primary reason for the shift was the public quickly adopted the Apple product. While the BlackBerry market is dwindling rapidly, the company is reshaping its proprietary BES tool into a unified mobile management tool to manage iOS, Android and Windows 8 devices. In 2013, BlackBerry introduced BlackBerry Balance, a platform-level container to partition IT-managed applications and data into a separate workspace on the mobile device not accessible by the user’s personal applications. Secure Work Space is a Balance container app for iOS and Android. Several providers provide containers for iOS and Android but require applications to be tied to proprietary APIs and a specific vendor’s mobile management server. One large provider, Divide, was purchased by Google and their container will be part of Android for Work. Samsung has developed the KNOX (name inspired by Fort Knox) security layer on top of the Google Android OS. Originally it was called Samsung SAFE (Samsung For Enterprise). Similarly, LG has developed the GATE security layer on top of the Google Android OS.
2013 was a big year in mobile management and security for Apple as well, when they introduced features for application management and licensing management in iOS 7. iOS 8 has incorporated several improvements since. Apple forces app developers to implement APIs for a management server to work with their applications. Using APIs to manage applications is not unique to Apple and they didn’t start the trend. The variety of platform APIs available for each mobile OS is extensive, all requiring a management tool. This poses a problem for IT administrators. Luckily, most MDM tools support multiple OSes.
Android for Work is a new approach for Google specializing their services for corporate customers. While Google does not have a strong place in the corporate mobile market, they have been Apple’s primary competitor in the public sector and familiarity is a key component to success. Android for Work introduces many of the same features found with BlackBerry and iOS. Containers to run business applications in a separately managed workspace on mobile devices. APIs to manage applications: some require proprietary Android for Work APIs. A compatible mobile management server to handle policies applied to applications running within the container.
Each of the platforms have their disadvantages. BlackBerry has a small application library compared to Apple or Google. iOS uses rigid sandbox policies to prevent applications from accessing each other, but this severely restricts document sharing. Google has had ongoing malware problems for their Android devices which have been partially handled by Android for Work. For their defects, competition will bring improvements to each platform as the companies strive to retain their current customers and gain new customers. No major breakthrough is expected out of mobile device management in the next few years. As a result, corporate IT departments are likely to expand on their existing platforms and support new platforms based on consumer demand.
It is important to note that 97 percent of mobile malware is on Android devices. Lack of BlackBerry support and upgrades along the same pace of Android and iOS risks unpatched vulnerabilities. The closed-source iOS as the favorite consumer device at the workplace also makes Apple devices as prime targets for cybercriminals. Neither of the three is immune to infringements and data loss. Instead of relying on the brand name and security reputation of employee devices, organizations must devise and enforce superior device security and management capabilities.