Opinion: FBI security scare means Apple's iPhone beats Android for BYOD enterprise

Apple [AAPL] already leads the mobile enterprise with its iOS devices, and seems likely to consolidate its grip in the months ahead, with the security of its platforms giving the firm a sure grasp on hearts and minds in corporate IT, while its competitor gets named and shamed in an FBI warning.

screen_shot_2012-10-16_at_14.09.02_0.png

[ABOVE: See that finger up above? It's not reaching for the Home button, but the fingerprint recognition scanner just underneath.]

BYOD: iPhones for government agencies

Meanwhile a new system from HID Global offers government-level biometric security to iPhones, offering a hint at what to expect from iPhone 6, which may see the introduction of identification technologies from Authentec and Microlatch.

Aimed at government agencies but likely of interest to any enterprise looking to protect iOS devices as part of their BYOD deployments, HID Global’s system combines the ActivClient Mobile SDK for iOS with two sleeves from Precise Biometrics. 

The system, which is capable of fingerprint authentication, lets agencies use their existing Common Access Card (CAC) or Personal Identity Verification (PIV) cards to, “secure communications and access to sensitive information by encrypting it through standard PKI encryption methods.” 

That’s the kind of security implementation Apple will likely hope to integrate within a future iPhone (iPhone 6?), as it considers the needs of its growing church of enterprise users.

Apple’s iPhone is winning in the enterprise markets precisely because it is seen as more secure, and on strength of its regular freely available and speedily installed software updates. 

That Apple chooses to curate apps made available via the App Store also adds a level of security to apps users may choose to download. That Apple has also created easy to comprehend controls to govern what information apps can access is another point in that platform’s favor. 

The frequency and ease with which Android devices can be jailbroken is another disadvantage for enterprise users, who demand consistent platforms in order to manage them within their infrastructures.

Apple is not a traditional enterprise company, but its focus on best in class consumer devices has given it a huge advantage in the BYOD gravy train.

BYOD: Security matters

Consumerization of enterprise IT isn’t just hype. A recent Infonetics Research survey confirms the change, with enterprises looking to favor tablets (iPads) and smartphones above PCs as they deploy unified communications solutions in 2013. 

A security warning aimed at Android devices from the FBI this week certainly doesn’t help boost enterprise adoption of that platform. Neither did last month’s report that Android-focused malware can wipe data off SIM cards and Samsung devices, or news that over half of Android devices are vulnerable to known security flaws.

None of these reports helps Android’s case in the enterprise. Now the Feds are on the case, warning: “The Internet Crime Complaint Center (IC3) has been made aware of various malware attacking Android operating systems for mobile devices.

While the usual coterie of Android apologists will attempt to talk down that statement, the people making IT purchasing decisions within the enterprise can’t let simple platform preferences interfere with the decisions they take. 

They know that the devices they choose to support must be idiotproof -- users do make mistakes; they also recognize a platform’s inherent security is vitally important when your devices have the power to unlock corporate or government secrets.

Enterprises across the planet are attempting to create policies with which to manage and implement BYOD deployments. I’d argue that FBI’s recommendations for device security are sensible enough to become the watchword for mobile device use by everyone. I urge you to take a look.

BYOD: Lightning hits iPhone security

Apple is already ahead in this game. While its biggest competitor shrugs off multiple reports warning its security sucks, Apple is already preparing to make its own device security even better.

Take a look at the new Lightning connector. The first true upgrade to Apple’s iOS device connection cable for a decade, this cable already includes elements designed to boost future security, a Chipworks report reveals.

It is actually very interesting that we may have found a security device in this cable,” they write. “The security does not come close to the herculean approaches that are used in (for example) today’s printer cartridges, but resembles the level of effort that cartridge manufacturers used to implement in the olden days.

They observe that this “just enough” approach to implementing a measure of security for the device is, “likely a calculated decision by Apple to keep costs to a minimum knowing that their core customer base prefers to shop in Apple stores or for brand name peripherals.”

The inclusion of this kind of secure element is important because it hints that: “With future generations of Apple and non-Apple products, we may begin to see even stronger security and control if the market forces merit it.

Look at the evidence

Let’s take a quick review of what we know so far:

  • Apple’s iOS is inherently more secure than Android for a host of reasons, not least device fragmentation and the availability of security updates.
  • Apple’s App Store is more secure because it is curated.
  • The FBI and others note the frequency of malware attacks poorly-protected Android devices.
  • BYOD means enterprises are looking to standardize around a set of secure devices, but need to make those decisions sooner, not later.
  • Solutions are already available that allow an iPhone to meet government agency-level security requirements, including secure monitoring of communications sent using that device.
  • With Lightning, Apple is already laying the ground for future device security improvements.

The mobile era requires levels of security we never saw during the Golden Age of Windows. (Indeed, we never really got the levels of security we needed during that period). 

Future mobile innovations such as the mobile wallet will also demand high levels of security -- both consumers and enterprises will not use these solutions until they feel secure enough to do so. That’s why Apple is only now beginning very limited Passbook-based support for payment systems.

Apple’s incremental approach means it only makes its moves when it feels the time is right, or when it feels it has no choice (Maps, for example).

However the platform’s current position as the world’s most secure mass market mobile OS makes it the best platform for enterprise deployments. 

Enterprises won’t wait until Google makes Android secure -- their employees want mobile devices today, not tomorrow -- which is why Apple will win the enterprise: subject to challenge by Microsoft (with its own security story) and RIM.

The purchasing decisions made by enterprise users won’t be taken in isolation: consumers are employees too (the point of BYOD). This means that as they see their enterprise decision-makers reject Android devices because they are not secure, the drain from Android to iOS will likely continue.

Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you knowwhen these items are published here first on Computerworld.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies