iPhone Tops Android in Enterprise Security, Management

by Clint Boulton

Comparing security and management for the iPhone iOS4 and Android 2.2 is tough, largely because the iPhone is a proprietary platform, while Android is open source. Moreover, there are shades of gray within the various categories and different degrees of support. Here is a quick and dirty rundown of the features Gold looks for in a smartphone for the enterprise.

The iPhone provides a log-in password that allows locking of the device and access/authentication of the user, with password characteristics set by the IT department. Before Android 2.2, Google couldn’t lay claim to this. Android 2.2 now has numeric pin or alphanumeric password options to unlock the device. Exchange administrators can enforce password policy across devices. Any device that can’t require user authentication should not be considered for the enterprise, Gold said.

Although remote wiping capability, which lets Exchange administrators reset the device to factory defaults from afar, has been added with Android 2.2, the iPhone has an advantage over Android here, Gold said, offering the ability to manage devices through its iPhone Configuration Utility. Neither iPhone nor Android has the policy management in place like the BlackBerry. Gold prefers devices that allow remote setup, monitoring, uploading, display, asset management, lock-down and kill, reimaging, and OS software upgrades.

To ensure maximum protection to both the platform and the data, Gold said devices should contain a tool for verifying that an application is what it claims to be. Google’s Android team has a remote kill switch it uses for apps, and a security tool to prevent app abuse but no strong verification for Android. For the iPhone, all corporate applications require a digital certificate issued by Apple.

Reliability remains an unanswered question, Gold said. The oldest iPhone is just over 3 years old, and the oldest Android handset less than 2. There have been few reports of wholesale freezing or crashes for either platform. Judging reliability is a wash for these platforms, unlike the BlackBerry, which is a battle-tested platform.

The iPhone leads Android here, obviously. But what did you expect? Android, again, is open source, so people muck around with the code as a rule. The iPhone is closed and proprietary. Users shouldn’t be able to monkey around with the OS, though every hacker worth his salt is trying to jailbreak it. “With BlackBerry, you can’t get in there at all,” Gold said.

Both the iPhone and Android lack data vaulting, which provides a second point of defense against device hacks and jailbreaks. Again, Android has no encryption and the iPhone only locks up e-mail. By way of comparison, BlackBerry provides a granular ability to encrypt all data on the device, including data stored on peripheral flash memory cards.

Neither Android nor iPhone has FIPS-140-2 certification, a government accreditation that states a device has met security testing and specifications before they can be deployed to mobile government workers. Today, developers are adding third-party apps from Good Technology, Sybase or Trust Digital on top of Android and iPhone to satisfy this requirement.

Apple’s iPhone and Android are both lacking in policy management for applications, whose requirements are significantly different from e-mail. This is table stakes for most large enterprises. “If you’re storing anything on the device, it better be encrypted. Android has no encryption-iPhone does. But it’s encrypting e-mail. I’m not sure you can get to all of the encryption algorithms if you write your own application for the device.”

At the end of the day, the iPhone gets a slight edge over Android. But Gold expects that Android and the iPhone will boost their enterprise capabilities to try to approach the level of RIM’s BlackBerry. However, Android’s open-source nature will likely curb corporate adoption in large enterprises, such as health care and financial services organizations.