In the corporate environment, the integrated work of Apple gets points against the variety of Android manufacturers and different versions of the OS. But users want the right to choose
With millions of new iOS and Android devices entering the business every day, it is important to know how many risks these devices bring into the corporation – and a mobile operating system can boast of having advantage over the other with regard to the safety of enterprise applications and their data.
When we look from the point of view of malware trends, the easiest conclusion is to say that iOS is the most secure platform. A report published last year by the Department of Homeland Security and the US Department of Justice, for example, found that only 0.7% of all mobile malware mirava iOS devices, while 79% of cyber threats have targeted devices Android.
But there is much more involved in the security of mobile devices that only virus attacks.In addition to worrying about standard spyware and other forms of malware, companies need to worry about attacks that specifically target their users and their business partners, and also remain compatible with the numerous regulations of industry and government.
In this case, IT managers have much to say about that device and operating system is more secure.
Many may say that the mobile operating system from Apple is safer. And Brian Katz, director and head of mobility Sanofi agrees in part. “There are great iOS security features that are built into the system, but you still need to take measures to enable these features,” he says. “You can not just let people use iPhones to access the company’s data and find that are safer because they are iOS.”
Jay Leek, SVP and Chief Information Security Officer of The Blackstone Group, partially agrees. For some time the private equity firm, which manages a $ 250 billion assets, has accepted only iOS devices in the corporate environment, because of the security problems of other mobile operating systems and also for the high popularity rating iOS between employees at Blackstone.
But the IT team of Blackstone will start to also support Android. Not all Android devices, but those who have been identified as safe, if the Samsung devices that use the security system Samsung KNOX.
“To say that the iOS is safer fact that Android depends on which devices are used in the comparison. That is why we will support only certain devices. Samsung has made quite the Android in regards to integrate the hardware some of the features of security, “says Leek.
And that kind of advantage over Android that deep integration between hardware and software that gives Apple (at least for now). “The iPhone is not just a hardware platform that is married to the operating system. It is optimized for it,” says Leek.
Managers worry that the same kind of “marriage and optimization” does not exist among Android manufacturers. “And it’s not just about the operating system integration with hardware or applications in app stores. The concern has to do with data being sucked into the device, the microphone is turned on remotely, or other number of things that can happen without the user notice “, explains Leek.
In terms of security controls, both Android and iOS made their lessons recently implementing native security features in operating systems.
For starters, iOS 7 allows companies to choose which apps can connect through the VPN corporate; It offers expanded support for MDM; help in encrypting the data stored in third-party apps; supports single sign-on and provides biometric authentication already on the device and the OS.
On Android 4.4 (KitKat), there is a more equitable access control embedded in the Linux kernel; support expanded digital security certificates alerts; encryption support Elliptic Curve; and automatic help to identify buffer overflows. Additionally, on the Android operating system are included security features supported by hardware manufacturers, as in the case of Samsung KNOX.
The KNOX aims to deliver a more secure boot process; creates a safety zone for unique business applications and have a kernel with amplified security. The KNOX also limits what resources can run within the protected area on the device.
“The difference with Android devices is that each manufacturer has its own API and it is managed differently,” says Katz. In this sense, IT managers need to agree to deal with different APIs, which is multiplication of labor, management and risk. According to Katz, this may bring confusion among different devices.
The number of security controls and its granularity within KNOX is both an advantage and a disadvantage, according to Katz. “They did an excellent job in creating the controls, but with more than 400 controls and more than 1000 APIs to support them, we are talking about a high degree of complexity,” he says.
Scouring models and apps
Soon Leek hopes to put in place a MOVIES device management system (MDM) that will help enforce safety standards on Android devices to come. “We will evaluate more mobile applications and make an inventory of apps on smartphones people,” he explains. “We will test these apps and find unwanted things or may potentially expose the company to risk we will take steps to remedy the problem until it is solved.” .
The veto system to unsafe applications does not only apply to Android devices, but has also been used for iOS applying the same principles. The two IT executives agree that there will be far fewer problems with iPhones. But it would not surprise me if we discovered a great amount of security challenges in apps for iOS, “says Leek.
According to Katz, when it comes to security of mobile devices on the corporate network, it is a device for device identification work, or what he calls “BYOD managed.” The ideal scenario for corporations and users is to combine the best security for corporate applications and data, and the best range of applications and devices the user chooses.
Some devices gain full access to the environment because there are controls in hand, and others may gain partial access or simply be vetoed by IT. The decision is based on the ease with which security controls can be activated on the device.