Enterprise security shoot-out: iPad vs. Android
Davey Winder investigates the relative IT sec pros and cons of iOS and Android tablets…
Jailbreaking an iOS device enables software that has not gone through the Apple approval process to be installed, which should immediately start ringing security alarm bells as it also opens the device to a higher risk of malware infection. Apps on jailbroken devices can run as root and outside of the application sandbox, gaining access to any device functionality they like. That's obviously not a good idea from the security perspective.
The bottom line is that jailbreaking either device is an equally bad idea from the enterprise security perspective.
What is less obvious is that the act of jailbreaking itself also introduces additional risk as most breaking processes rely upon unpatched security holes in the OS in order to work. Android devices can also be rooted' which is the equivalent of jailbreaking, but this is less likely as the unapproved apps' argument does not exist in the Android universe. The bottom line is that jailbreaking either device is an equally bad idea from the enterprise security perspective.
6. Mobile malware explosion bounces off the iPad and onto Android
Whilst Android has become, according to security vendors, the most attacked mobile operating system in terms of malware infection, iOS devices remain untouched by malware in the wild.
Catalin Cosoi, head of the Bitdefender Online Threats Lab told IT Pro that 2011 has been "the year of Android malware." There have been an increasing number of samples and Cosoi explained how most malicious apps for Android attempt to pilfer confidential information from the device which will further be used either for targeted attacks or sold on the black market.
Data being stolen from Android devices might seem harmless on first appearances, but it is being used for serious attacks.
7.The browser is your business friend
Sean Farrington from QlikTech advises that whether using an iPad or an Android tablet, enterprises should ensure any business applications are browser-based rather than app-based.
"By only being able to access data with an internet connection, security can be centralised and avoid any issues if the device is left unattended or stolen," he said.
Farrington claimed Apple has the security edge as it recently updated the iPad iOS "with a range of built-in enterprise-level security tools allowing for remote management and device-level encryption and password protection which is more robust than what is on offer from Android tablets at present."
8. Bring Your Own Device = Danger Will Robinson
The truth is that your employees are bringing their own devices, iPads and Android tablets to work and they are not secure. There, we said it.
"Many security breaches by employees are unintentional, but serious nonetheless," said Andy Jacques, a VP with Good Technology. "For example, an employee will frequently forward email and documents to personal Webmail accounts accessible on their tablets, or they will download and install productivity apps that copy documents to web-based repositories that are not only outside your company but do not comply with your security policies".
Whether workers are running Android or iOS, BYOD is a threat that businesses need to get cover for.
9. Linus' Law loves Androids
In his book "The Cathedral and the Bazaar" Eric Raymond wrote that Linus's Law dictates "given a large enough beta-tester and co-developer base, almost every problem will be characterised quickly and the fix will be obvious to someone."
Or to put it another way, given enough eyeballs all bugs are shallow. The Android source code is subject to enough eyeballs for security problems to be uncovered and fixed in short order, thus improving the core security of the OS. The same cannot be said of iOS which relies instead on the dev team within Apple.
It's one of the few areas where Android wins over iOS in security.
10. Keep taking the tablets
Tablets are understandably an end-user hit in the enterprise, and more specifically outside of it. Whether employees are using iPads or Android-powered devices though, the same focus on security is paramount.
Sure, each presents some unique challenges for IT security managers but both require the same secure integration into the IT infrastructure of your business. A tablet is, at the end of the day, only as secure as the policies and processes you have in place to secure it.