Android, iOS, Windows Phone: What's Best For BYOD?

Enterprises grappling with the Bring Your Own Device (BYOD) trend have moved from talking about "if" they should allow employees to use their personal devices at work, to "how" these personal devices can be managed while still protecting data. Knowing which security features are standard on each smartphone operating system is a step in the right direction for IT organizations.

BYOD environments require heightened security on all the available platforms in smartphones and other devices. For IT departments, this means evaluating each mobile operating system, and keeping up to date on changes in Apple's iOS, Google Android, and Microsoft's Windows Phone platforms.

IT organizations have limited scope to monitor employee-owned devices, often relying on the built-in security features on the devices to prevent data from accidentally going public.

Smartphones, tablets, and other devices have some built-in security measures, such as data encryption and other technologies that can help find lost or stolen devices. Many of these features are preloaded to protect sensitive data stored on the device, but the question remains: Are these features robust enough to protect the data?

Data security comes down to each organization's willingness to invest in -- or have a budget allocated for -- new security solutions such as EMS, MDM, and others.

However, investing heavily in one or more of these solutions does not guarantee that employees will volunteer to enroll their devices to be monitored by an organization, or encourage workers to share private information such as current location. On the following pages we look at the three major employee-owned device platforms -- Android, iOS, and Windows -- to help you ascertain what they offer in out-of-the-box security.

An employee using a smartphone or tablet to access and store sensitive business data is at risk of exposure, as attackers may assume a lower level of security and attempt to break into that device. In such circumstances, Android provides you with an option to encrypt data on your device, such as accounts, settings, downloaded apps, media, and other files, to make them secure from corporate espionage attacks.

Android devices are configured to backup and restore the data available on the device, such as passwords and other sensitive information, to Google servers, which in turn store the data in the company's cloud. For corporate users, there is an option to disable this cloud-based backup option, thus preventing sensitive corporate data from leaving organizational boundaries.

Employee-owned Android devices can be restricted from installing apps from any source other than the Google Play store with a built-in feature. With this toggle-switch option, users can restrict installation from non-trusted sources, lessening the chance that something might get downloaded into the device unknowingly or unintentionally. User data is better secured by using only trusted apps that are available in the Play store.

Android does not provide a built-in feature to locate, lock, or erase a lost or stolen device. But it does offer applications in the Play store to locate devices by using linked Gmail accounts. If a device is stolen or lost, it can be set up for a lock-and-erase option using a Web browser to wipe out all the sensitive data.

Most devices using Apple's iOS offer encryption to help organizations secure sensitive corporate data on employee-owned devices. Encryption prevents data from going public if a device gets into the wrong hands. With iOS, this data protection is available for iPhone 3GS and later, all iPad models, and third-generation or later iPod touch. The user creates a passcode to access their device, enhancing the built-in hardware encryption by protecting the hardware encryption keys with the passcode. In case someone other than the owner tries to break in, 10 failed attempts to enter the correct passcode trigger an automatic wipe of all the data on the device.

iOS provides users with a privacy option to restrict applications from accessing photos, resources, and data stored on the device. Users can restrict applications from accessing features and information that are not required to be shared, or that are too sensitive to be in the public domain.

Apple's iOS provides users with a built-in feature to disable sharing and backing up data in the cloud. This restricts data from going public if other security measures on the device have been compromised.

iOS provides an out-of-the-box feature for iPads and iPhones in case they are lost or stolen. The feature enables users to find their device with the help of "last seen location" when the Find My iPad or iPhone feature is enabled. It provides an extra layer of security for an organization to protect sensitive corporate data on an employee-owned device.

Windows Phone devices provide data security with the help of data encryption of both the device and the SD card. Employees with a Windows device need to set up an Exchange account and have an option to enable BitLocker to encrypt the data on the device. This encryption provides organizations with needed security to protect data on employee-owned devices.

Devices with Windows Phone OS provide users with an option to disable the backup and restoration of all the device data to OneDrive. This prevents users from sharing data in the cloud, easing the threat of data being compromised in case of a security failure.

Each of the three smartphone platforms most commonly seen in BYOD environments provide a good level of security and are more than capable of protecting corporate data out-of-the-box. To ensure the security of data on personal devices, IT organizations would do well to share this information with their users, and provide ongoing user education to make sure devices are being used in accordance with the level of security required.

or visit

www.interop.com/lasvegas/

or visit

www.interop.com/lasvegas/