Take our FREE 30-Day Trial with no obligation required.

Experience for yourself why MaaS360 is a leader in MDM Solutions.

Divider

Fill out your information below to start.

Your email and personal information are confidential, and will not be sold or rented. See our Privacy Policy for more information.

Loading...
Loading...
Click here to hide

MaaS360 by Fiberlink

Of the Mobile Device Operating Systems, Which is the Most Secure?

Of the Mobile Device Operating Systems, Which is the Most Secure?

by MaaS360 staff | May 24, 2011

Security practitioners like me shy away from absolutes. That being said, I do not have a problem drawing some comparisons across the leading mobile device platforms, specifically Symbian, BlackBerry, iOS, Windows Mobile 7 and Android.

I am not a smart device programmer, although I understand the architecture principles. I have quite a bit of experience securing mobile devices using Mobile Device Management solutions and I am a key contributor to Fiberlink’s MaaS360 MDM solution strategy and architecture.

I have blogged a few times about mobile device security, in particular, my blog “Passcode, Wipe and Device Encryption – The Holy Trinity of Mobile Device Management” calls out what I feel is required to be responsible when it comes to securing devices.

Here are the some links to the blogs I have written.

I think you will see from the blog articles that there is a theme around the basics that are required in order to measure mobile device platform security.

These are:

  • The security architecture of the platform
  • The ability of the device to be secured, controlled and managed
  • The vulnerability profile and threat landscape
So given these high level evaluation criteria, let’s take a stab at ranking mobile device operating systems.

Number One - BlackBerry – There is no question that the RIM/BlackBerry solution is the gold standard, and far and away the most secure mobile device platform. It has an architecture built from the ground up for security, includes military-grade encryption and has the most robust security and management platform available. While I would characterize the threat landscape as moderate–in that there are ways to get malware onto a BlackBerry and the BlackBerry App Store is still maturing–there have been few real vulnerabilities, and the tools to secure the devices can easily address most of the real threats should an enterprise choose to use them.

Number Two - Symbian – It might be on the way out, but like the BlackBerry, it has a strong enterprise and carrier heritage, and a strong OS architecture, and there are a myriad of quality tools that do a great job of securing and managing Symbian based devices. There have been a few vulnerabilities over the years, but the threat landscape is low and getting lower as the popularity of the platform wanes. The device also offers robust Exchange/ActiveSync integration and policy support, which helps secure the device for its most common use case, messaging.

Number Three - Apple iOS 4 – Apple devices represent the breakpoint between the consumer device and the enterprise device. While the BlackBerry- and Symbian-based devices are clearly enterprise, Apple, Android, Windows Phone and others are clearly consumer. This provides additional management challenges, but the security posture of the device can still be measured in the same manner.

To summarize, the iOS platform is pretty good and getting better. While the OS is not built for security, recent additions like full block, file-level encryption with an imminent FIPS 140-2 certification and the new Mobile Device Management API have helped. Mobile Device Management solutions, such as MaaS360, are now providing a good set of capabilities to secure and manage iOS devices. There have been a few vulnerabilities, but Apple’s ability to close them quickly helps. Obviously, the popularity of the platform provides a significant threat landscape, but the Apple Application Certification process helps greatly in mitigating malware threats. However, the ability to easily jailbreak a device is an issue.

Number Four - Windows Mobile 7 – The new OS from Microsoft does not appear to be architected with security in mind, but is still largely an unknown. We do know that the device does not yet support full device encryption which, in many circles, would disqualify it for enterprise adoption. As well, the ability to secure and control the device is limited to a very small set of ActiveSync polices. Given Microsoft’s track record, we can expect a plethora of vulnerabilities and it will also be a huge malware target as adoption increases. Microsoft will have to structure application qualification and storefront functionality to mitigate these threats as well as to provide enterprise class tools and APIs. Basically, I have it in the number four spot because the attention factor is so low at the moment.

Number Five - Android – A complete mess. The Android operating system is not built with security in mind and is adding security capabilities at a snail’s pace. Device encryption is still not embedded. The OS is heavily influenced by carriers who are interested in making money in the consumer market and are not focused on enhancing the device enterprise posture. Device manufactures now see the need to add in security and management capabilities outside the community, further adding to the confusion and fragmentation. Solutions for managing, securing and controlling Android devices are limited by what the Android platform can support and allows. In addition, the vulnerability and threat landscape is growing each day.  While Google has been aggressive about removing malware from the app store and some carriers are limiting where a user can download an application, malware is and will continue to be a real concern on the Android.

Based on the above, what can be done to secure these devices and what is important to concentrate on first?

I think my blogs speak pretty well on that. Basically, it is really a question of being responsible and applying best practice principles. Enforce a passcode policy, ensure the device supports full encryption and be sure to have the ability to wipe the device if it is lost or stolen. Other than that, stay current on Smart Device security, malware issues, and have a comprehensive written policy about the use of personal and consumer devices in the enterprise.


Maas360 exists in the cloud to offer solutions for the cloud. Learn more about MaaS360 Cloud-Based Enterprise Mobility Management. Download the MDM Data Sheet.


, , , , , , , , ,

Post a Comment

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Get Involved!

Sign in using one of your existing social accounts.

...or manually register for a new account here.

Free Webinars

@MaaS360 on Twitter more...

  • MaaS360 MaaS360 by IBM
    #AskAMaaSter: Mobility Management and the Public Sector bit.ly/1r2xRa3
  • MaaS360 MaaS360 by IBM
    We?re highlighting the 4 features of iPhone 6 that could have the biggest impact on the enterprise >> bit.ly/1rkljew
  • MaaS360 MaaS360 by IBM
    #WEBINAR It's time to gain more visibility and control with iOS devices in your mobile environment with Worklight. bit.ly/1r5S92l

Most Active Users

vhetrick
2014_08_14
jharrington
Joe Pappano
bcampbell
KaylaBittne...
Donna Lima
jwittkopp
manthony
Kumar A
Sobek
Fov
TRUSTe European Safe Harbor certification TruSaaS
© Fiberlink Communications Corp. All rights reserved. Privacy Policy
All brands and their products, featured or referred to within this site, are trademarks or registered trademarks of their respective holders and should be noted as such.