With the sales of smartphones starting to exceed those of PCs, companies have started to look at these mobile devices as more than just fancy accessories that employees are given as “perks”. Smartphones are becoming a critical part of daily corporate life. Indeed, recent studies show that the average user spends more time on mobile applications than he or she does surfing the Web. However, before organizations start looking at smartphones as the de facto standard for their businesses and start replacing their laptops and PCs, their security concerns must be addressed. This is the primary hurdle facing most companies today, as corporate data stored on a smartphone is seen as more vulnerable than that stored on a laptop or PC. This month, we take a look at the major mobile operating systems in the market and how their security posture stacks up when it comes to protect the valuable data stored on them.
Apple: One smartphone to rule them all
Apple’s decision to ditch the tried-and-tested Google Maps application did not go down well with the majority of its users and has tarnished its once untouchable reputation. However, love them or hate them, nobody can deny Apple’s strong position in mobile OS security. A mobile OS is only as secure as its surrounding app eco-system and Apple’s strict vetting rules and quality control makes it very hard for malicious apps to slip through the cracks and infect its customers’ beloved iPhones. Additionally, Apple’s sandboxing architecture limits the damage that malicious apps can do to the memory. Apple has also focused on making the iPhone more corporate friendly in recent years, allowing features like remote wiping and integration with Microsoft Exchange. in order to jump onto the Bring Your Own Device (BYOD) bandwagon.
However, organizations are accustomed to the complete control which BlackBerry gives to IT departments, and may find it jarring that users’ consent has to be taken even for minute actions. Despite this, Apple’s efforts seem to have paid off, as indicated by a recent study by Decisive Analytics, showing that most IT professionals now place the iOS ahead of the previous corporate favorite — BlackBerry — when it comes to security and manageability. While BlackBerry remains the corporate device of choice, Apple is now close behind and may overtake its rival soon.
BlackBerry: Down but not out
BlackBerry and RIM may have been left trailing in the dust as far as market share goes, but it is undoubtedly the winner when it comes to secure Mobile OS; and remains the choice of organizations worldwide. Although most IT professionals have started ranking iOS above RIM’s BlackBerry, the same study shows that it still holds the top spot among organizations worldwide. It is RIM’s dedication to security and the multitudes of options available in its Blackberry Enterprise Server (BES) that gives it the edge over Apple and Google. The BES allows companies to fine-tune hundreds of security options till they reach that fine balance between security and usability which most organizations aspire to.
Although Google has meteorically risen in the market with its Android Mobile OS, it continues to suffer consistent security woes, with regular news of data breaches and malware hitting Android- powered smartphones. Google’s developer-friendly policies and lax monitoring may have paid off in the short-term, but the littering of Google marketplace by malicious apps has definitely become a huge problem. Organizations are wary of adopting its mobile OS for fear of falling prey to cyber-criminals who may take advantage of any loopholes in the Android OS. Android’s “all-or-nothing” model with regards to its app permissions is also something that has drawn criticism from industry veterans. The Google Play marketplace remains cluttered with malicious apps which are capable of stealing data, activating microphones; snooping on text messages… the list goes on, despite the presence of Google’s bouncer which kicks unfriendly apps out of the store.
Windows Phone: The new kid on the block
Although it is too soon to give a decisive opinion on Windows Phone’s security, it seems as if Microsoft has learned from its previous experience of countless malware attacks on the Windows desktop platform, and has worked to improve its security features. Their mobile OS has a secure foundation — similar to Android — in which apps are sandboxed and controlled via policies. All eyes are on the Microsoft marketplace to see whether it will suffer the same fate as Google Play — with malicious apps swarming all over the place and spoiling the experience for users. Microsoft seems to have taken steps by requiring developers to register and apps to be signed via digital certificates before they are allowed to execute on a user’s phone. It will be interesting to see whether organizations primarily using Windows on their desktops will be as accepting of Windows on their corporate smartphones.
Despite the improvements taken in mobile OS security by the major players in the industry, it must be remembered that no amount of security in a mobile OS can protect against a careless user. User awareness remains the most important aspect of secure smartphone usage, and yet is often the most overlooked feature. Studies from Veracode show that over 59 per cent of corporate users often disable security features like password and key locks on their corporate devices, while 59 per cent of companies report that they had experienced a malware infection as a result of insecure mobile usage. Clearly the problem remains with users who don’t perceive their smartphones to be under threat when downloading and installing the latest applications and rely on user reviews or word of mouth to gauge the legitimacy of an application. Unless this attitude changes, we are far from achieving a smartphone-powered workforce that is the dream of the major players in the industry.
[tp lang=”en” only=”y”]
Guest article written by: Sohail Qaisar writes a lot of articles on technology review, if you want to contact him then send him email on: [email protected]