michelangelus - Fotolia
- Eric Klein, VDC Research
As enterprises begin building and buying mobile applications, one of their first major decisions is: which mobile operating systems to support?
Apple iOS and Google Android are dominating; combined these platforms account for roughly 90% of the mobile OS market. End users are familiar with these mobile platforms and have made sizeable investments in their apps, leaving BlackBerry and Windows to lag behind. Still, churn is inevitable, and Microsoft’s strategy to converge the desktop and mobile user experience will affect the dynamics of the mobile OS market.
When it comes to enterprise mobility, securing mobile devices and applications has become a top priority. The prominent handset manufacturers targeting the enterprise continue to add key security features that give IT the peace of mind to include certain smartphones and tablets on the list of approved devices for work. As more companies go mobile, the onus lies on IT to effectively manage those devices and implement the appropriate security policies.
The progress Apple and Google have made in augmenting their security posture has made supporting their mobile OSes an easy choice for CIOs and CISOs. But while Apple’s walled garden approach to controlling iOS allows the vendor to dictate the cadence of OS updates, this is still a sore spot for Android, which is at the mercy of carriers for timely updates.
The iOS platform features robust, layered security elements at its core without compromising the user experience. Apple’s use of hardware-level AES-256 cryptography to provide full-disk encryption and fast remote wipe capability is well known, but the company has also implemented other important sandboxing features. Each application is limited in where it can write data and cannot access other applications’ data or code. To share information with other apps, developers need to communicate through APIs or other services. Plus, the core OS partition is read only, which further prevents malicious programs from attacking the device.
A lack of professional services, support options and distribution channels has hindered Apple’s enterprise play, but this is changing quickly. The company’s partnerships with IBM and Cisco help give Apple the enterprise inroads it has lacked.
In addition, iOS 9 builds on Apple’s enterprise features with hardware-based storage encryption, remote wipe capabilities and countless device and supervision restrictions. Apple’s APIs provide Touch ID biometric security features to third-party developers, and the company has implemented passcode capabilities on numerous native applications.
Apple’s security enhancements will keep iOS on the top of most lists when IT chooses which mobile OSes it will support.
BlackBerry has brand strength among certain business users, and its value play in the mobile OS market continues to revolve around its best-in-class security capabilities and enterprise-grade email and messaging. The company’s slow move to touchscreens and lack of developer engagement have significantly harmed its market share and threatened its longevity, but it has demonstrated progress by releasing a smartphone lineup with innovative features.
Plus, BlackBerry continues to excel in industries with rigorous security and compliance mandates such as financial services and healthcare. The vendor’s recent acquisition of enterprise mobility management (EMM) provider Good Technology will also help, as will its plan to produce Android devices, starting with the Priv.
This year, Google made several important enterprise mobility announcements. For one, Google Play for Work, the enterprise version of the Google Play app store, will allow companies to provide access to enterprise applications from secure work containers on employees’ devices.
The Android for Work initiative provides those containers that separate personal and corporate data -- ensuring secure access to mail, contacts, calendar, browsing and documents. That should help combat the idea that Android lacks security and is therefore an inadequate mobile computing platform for the enterprise. Still, Android for Work requires using a Google-approved third party EMM vendor to manage the corporate profile of a device. Every tier-one EMM vendor (with the exception of Good) has partnered well with Google, but the levels of integration vary.
Android 5.0 Lollipop includes security enhanced (SE) Linux, which serves as a firewall for all applications on a device. SELinux on Android, known as SE Android, creates an access control system that isolates the applications users download so potential malware cannot access the OS itself.
Android 5.1 includes a device protection mechanism similar to Apple’s that keeps the device locked (even after factory reset) until the user signs on to the corresponding Google account. This feature adds a much-needed security layer for lost or stolen phones. The most pertinent security feature in the upcoming Android 6.0 Marshmallow OS is the ability for developers to work fingerprint authentication into their applications.
Google’s acquisition of Divide in 2014 provided the company with the tools to build containerization, encryption and device management into Android. And with Android for Work, Google can help other Android manufacturers make their devices suitable for enterprise deployment -- instead of relying solely on Samsung KNOX to carry that flag. Susceptibility to malware will continue to be an issue for Android, but Google has provided IT with more control over device management and protection, which should increase its share of the enterprise mobile OS market.
Microsoft has worked hard to elevate the messaging around its Enterprise Mobility Suite. EMS includes identity and access management for applications through Microsoft Azure Active Directory Premium, along with encryption and authorization policy enforcement in Azure Rights Management Services. At its core is Microsoft Intune, the cloud-based EMM platform that helps IT control access to business applications on users’ devices. With EMS, the key will be to deliver on the value proposition that Microsoft touts: one vendor, one contract, one SKU.
Windows 10 is also critical for the company. In particular, the Windows Hello feature improves security by allowing users to access Windows devices via their fingerprint, iris or face. There’s also Passport, a feature that allows users to access applications, websites and networks without additional passwords following verification. Reducing the need for passwords -- which users can inadvertently or purposely share with others -- lowers the probability of a hacker accessing a user’s device and information. Windows 10 also adds Device Guard, a security enhancement that protects against malware by blocking unapproved applications.
Don’t take mobile OS decisions lightly
Choosing which mobile OSes to support involves critical decisions about how to best approach device and application management, privacy, user agreements and much more. These will be high-priority issues for years to come, and the growing number of devices on the market will require organizations to quickly accommodate the myriad mobile OSes coming into the enterprise.
This article originally appeared in the October issue of the Modern Mobility e-zine.
Compare the top mobile OS security features
How mobile OS fragmentation causes problems
The major differences between four mobile OSes
- Essential Enterprise Mobile Security Controls –SearchSecurity.com
- Discover the Risks and Rewards Behind a Mobile Workforce –SearchSecurity.com
- SearchSecurity Survey Reveals Top 5 Enterprise Mobile Security Issues –SearchSecurity.com
- Enterprise Mobile Security by the Numbers –SearchSecurity.com