Gartner compared 12 different platforms to find the strongest ones. The research firm also advised avoiding older mobile devices, which may have unfixed vulnerabilities or may lack management controls.
iPad Pro 9.7 May Be Apple's Best Tablet Yet
(Click image for larger view and slideshow.)
Apple's iPhone has received considerable attention for security that defied FBI investigators, but Samsung's Knox, an enterprise security layer for Android devices, scores better in a security evaluation conducted by research firm Gartner.
In a report published earlier this month, Gartner research director Patrick Hevesi compared 12 mobile device platforms -- Android 4, 5, and 6; BlackBerry 10; BlackBerry Android; iOS 8 and 9; Samsung Knox; Windows Phone 8.1 and 10 (Lumia); and Windows 8.1 and 10 (Surface). He awarded Knox more "strong" ratings than any other system.
Of all the platforms evaluated, Knox was the only one with "strong" ratings for every control in the corporate managed security section. The runner-up in terms of corporate managed security was BlackBerry 10, which received ratings of "strong" in every category except Device Firewall Management, where it was rated "average."
Knox 2.6 is the latest version of Samsung's security platform. It's available on the Galaxy S7 and S7 edge devices and can coexist with Google's managed container technology, Android for Work. A Samsung paper describes how Knox differs from Android for Work.
In a statement, Injong Rhee, EVP and head of R&D for Samsung Electronics' software and services for mobile communications business group, expressed pride that Gartner had recognized Knox's advantages.
Gartner's report examined a variety of core OS functions like biometrics, kernel security, and OS updates, as well as functions relevant to IT administration, such as encryption management, workspace isolation, and jailbreak/root protection.
The report avoids recommending a specific brand of device. Rather, it presents strengths and weaknesses, which should be considered in conjunction with the way devices will be used and business requirements. Gartner does advise organizations to avoid older mobile devices known to be exploitable or found lacking in the security or management controls available in more recent hardware.
In a phone interview Hevesi stressed that every client has different needs and that businesses should identify the risks that are relevant to them before choosing a particular platform. "There are obviously drawbacks to everything," he said. "Knox has done some really good things, but not all organizations need Knox."
Hevesi cited the Knox Warranty Fuse, a one-time programmable fuse that gets triggered if a Knox device is ever booted into an unapproved state. Once the fuse has fired, the device can no longer run Knox, and there's no IT reset switch. The feature may be more trouble than it's worth for administrators.
Hevesi also praised the BlackBerry Android's out-of-the-box experience for guiding users toward secure settings. He also gave a thumbs up to Microsoft's enterprise data protection in Windows Phone 10.
Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!
One of the gaps in mobile operating systems, Hevesi said, is that the network stack does not force secure communication, meaning a line-of-business app might still send sensitive information without encryption.
"The developers writing these applications need to start think about encrypting everything and [about] how they store keys on these devices," said Hevesi, noting that encryption also has to be supported by default settings that promote security. For example, default data encryption isn't worth much if the device allows the user to choose a weak four-number PIN rather than strong passcode.
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.