The newest findings in a new report (PDF) from Trend Micro compare the ability of several different mobile platforms to meet the demands of use in the enterprise. Canada’s own BlackBerry 7.0 scored highest across the board, ahead of Apple iOS5, Windows Phone 7.5 and Google’s Android 2.3. Altimeter Group, Bloor Research and Trend Micro’s own specialists carried out the research.
“The continuing explosion of BYOD (bring your own device) coupled with the consumerization of IT continues to make every mobile device a risk to business. While some mobile devices manufacturers provide enterprise grade security capability, organizations need to protect their valuable data regardless of the device their employees choose to use,” commented Jim Short, Trend Micro Canada General Manager.
BlackBerry attained the highest average score (2.89), followed by iOS (1.7), Windows Phone (1.61) and Android (1.37). The platforms were each scored on a combination of factors including built-in security, application security, authentication, device wipe, device firewall, and virtualization.
Trend Micro’s Key Findings:
BlackBerry -Corporate-grade security and manageability make this platform the option of choice for the most stringent mobile roles. However, many features and protections that are commonly enabled or enforceable via the BlackBerry Enterprise Server (BES) are not present on devices that are user-provisioned via BlackBerry Internet Services (BIS). In fact, some of the strongest features restricting high-risk activities that users may undertake, such as removal of password protection for the device, may be rendered inactive if a user’s device is not provisioned via the BES.
Apple – The iOS application architecture provides user protection because all applications are “sand-boxed” in a common memory environment. Security in iOS also extends to the physical attributes of the iPhone and iPad. There are no options for adding removable storage, which in effect provides another layer of protection for users. Apple also compares favourably to BlackBerry insofar as the BlackBerry IT administrator has complete control over the device, while with Apple’s iOS, an IT department can only configure items once the user has supplied his or her permission.
Windows Phone – Microsoft has created a reasonably robust and secure smartphone operating system in Windows Phone. The OS uses privileges and isolation techniques to create sandbox processes. These “chambers” are based on a policy system that, in turn, defines which system features the processes operating in a chamber can be accessed.
Android – Although Android is now available in more recent versions (4.x), version 2.x is still the most widely deployed on existing and new handsets. This is a security risk in itself; with no central means of providing Operating System updates, meaning that many users remain unprotected from critical vulnerabilities for a prolonged period. On the plus side, it is a privilege-separated operating system and applications can’t access the network without prior consent. Apps run in their individual sandboxed environment and permissions are granted by the user on a per app basis. Unfortunately the end user often fails to closely inspect the permissions request dialogue in their haste to use the app. It is often unclear, when permissions are given, of what the application is actually capable.