iOS vs. Android: What’s Best For Enterprise Security?

The Bring Your Own Device trope has been around so long now that it has created a cottage industry of like-minded acronyms, such as Bring Your Own App (BYOA), and Bring Your Own Cloud (BYOC).

Still, for the IT professionals who are charged with implementing, deploying, and maintaining an enterprise's BYOD policy, the idea that an employee could download sensitive data to a smartphone or tablet and then lose it is still enough to cause nightmares.

Right now, Apple's iOS dominates the BYOD enterprise market, although Google's Android mobile operating system has made some gains. Determining which one is more secure for your enterprise depends on the industry sector in which you operate, the number of employee devices you have to manage, and the level of regulation your business faces.

On the plus side, iOS and Android have both had their security features beefed up in recent years. Perhaps the most significant development was the ability for users to store and transfer data with the help of Exchange ActiveSync or EAS.

EAS is a Microsoft-designed protocol that synchronizes email, contacts, calendars, tasks, and notes from a messaging server to a mobile device. It is based on XML. The EAS server and the mobile device communicate over HTTP or, more commonly, HTTPS. Initially, EAS only supported Microsoft Exchange Servers and Microsoft Pocket PC devices, but now EAS is a standard protocol for synchronization among a broad range of groupware and mobile devices.

It can be a first layer of defense for organizations that are also using mobile device management (MDM) tools. They key here is choosing MDM applications that are compatible with your device policies and features. 

Here, InformationWeek looks at the primary data security-related features in iOS and Android to help you uncover which is best for your enterprise. What have your experiences been with BYOD and MDM? Let us know in the comments section below.

[Did you miss any of the InformationWeek Conference in Las Vegas last month? Don't worry: We have you covered. Check out what our speakers had to say and see tweets from the show. Let's keep the conversation going.]

Android devices enable users to restrict autofill form options and password history with the help of the default browser, Google Chrome. When disabled, the autofill and password options prevent a mobile device from storing passcodes or auto-filling forms using saved information. These options provide particularly effective security measures. For example, if a company employee has stored a credit card number on the device, the details are not stored and the user is protected from unauthorized purchases being made.

Android devices have developer options in order to make application more stable and up-to-date with user requirements. Google shares crash reports and other details with Android developers in order to improve applications. However, these diagnostics and developer features options can cause a serious data threat if the device is compromised. These options, when enabled, can allow a user to root the device and modify its contents as well. Most Android devices have these options disabled, but if your device has them enabled, there is an easy way to disable them through the settings menu.

The standard for public key encryption and signing of MIME data is called S/MIME or Secure/Multipurpose Internet Mail Extensions. It provides cryptographic security for email and messaging, such as privacy and data security with encryption, authentication, integrity of the message, and non-repudiation of the origin of the message with digital signatures.

Android devices do not have built-in S/MIME features or options, but Android does offer encryption for email and messaging with the help of the Cipher mail application available in the Google Play store. Cipher provides enterprise users with encryption for the message body and attachments when sending an email containing sensitive data. It is compatible with Gmail, Outlook, Lotus Notes, Thunderbird, and other email applications compatible with Android devices.

Android offers privacy settings in its latest version -- Android 5.0 -- Lollipop. The device has a built-in option to disable applications with usage access to device data, such as how often the apps are used and related information. Users can disable the option in the security section to avoid sharing enterprise data with the public domain. Users can even install an application for privacy, available in the Google Play store.

Android devices support all major features of MDM clients, including:

Remote Wipe Android with MDM Agent enables an administrator to wipe device data in case the device is lost or stolen, to protect the data stored on the device.

Push Notification Android devices can be sent notifications at regular intervals by an admin to remind users to work in accordance with the defined organizational security policy, increasing adherence.

Geolocation Devices that use Android OS offer support to all major MDM vendors to locate and track the device in case of loss or theft, protecting the data on the device. Geolocation can also be used as a medium to monitor employee movements, including how often employees are in the field, what areas they have covered, and more.

Encryption Android devices provide support for encryption of emails and data stored on the device.

The Google Play store contains more than 1 million apps. IT departments may find it necessary to place restrictions on the purchase and installation of these apps. Google provides users the option to filter the display of content on the app store to prevent downloading unwanted or unnecessary apps. If an application is installed accidentally, a further restriction can be made requiring an authentication -- PIN -- to make any in-app purchases or any further purchases from the Google Play store.

iOS has a built-in password and autofill restriction option, which can be easily enabled or disabled to provide security to organizations. Disabling these options minimizes the risk of sensitive data being copied or forwarded inappropriately using stored passwords or autofill information. These options enable iPhone and iPad users to restrict suggestions based on surfing history, ensure passwords are not stored on the mobile device, and restrict details an outsider might use to access organizational data.

iOS provides iPhone and iPad users an option to disable sharing diagnostics information, such as crash data history and statistics, with Apple servers. Apple shares this information with developers so that they can improve the applications. Disabling this function provides users with added security, in case the crash reports and stats shared may have contained sensitive enterprise data.

iOS has a preloaded feature supporting S/MIME encryption to send encrypted mails and messages. The feature can be enabled on iOS in the advanced account settings option for emails, which encrypts emails by default when enabled. When the recipient is within the sender's Exchange environment, this feature gathers the recipient's certificate and encrypts the emails. When the recipient is not an Exchange account user, a certificate is required to be installed on the device to make the message encrypted.

Enterprises these days often have stringent measures for privacy, and a device with the organization's data is required to be well secured. iOS is on the mark when it comes to data privacy on the device. Users can easily deny or disable all the permissions requested by an application. This can be particularly useful at times such as when a personal photo app requests access to an enterprise Drop Box account. Disabling permissions can help users avoid a hazardous situation for sensitive enterprise data. This built-in feature gives user control over application behavior by restricting application access to all the sensitive information available on the device and connected media.

iOS supports all major features offered by MDM clients, such as:

Remote Wipe iOS devices, when configured with an MDM agent, provide IT admins with an option to wipe the devices if they are lost or stolen.

Push Notification Notifications can be sent to iPhones or iPads through the IT admin console, encouraging users to adhere to the security policy or providing reminders to stick to the norms of the policy being set for the organization.

Geolocation iOS offers support to all major MDM vendors to locate a lost device and prevent data theft. Geolocation can also be used by organizations as a means to monitor the whereabouts of employees, in case of inappropriate behavior or to increase organizational efficiencies.

Encryption iOS provides support to MDM agents to encrypt the data and email stored in, or sent from, the device.

iOS restricts users from installing unwanted applications that would compromise sensitive enterprise data on the device. The built-in restriction, when disabled, disallows users from installing new applications or deleting the ones previously installed. The feature also disables in-app purchases from the App Store, as well as iTunes, iBook, and any podcasts on the device.

Android and iOS mobile operating systems have made their marks on the enterprise landscape when it comes to security, and have been deemed by organizations as safe in their own ways, according to their security requirements. These devices have seen a lot of changes over the years through adding new and improved features to protect data and increased compatibility with third-party MDM software. Security will always be a major factor in enterprises that allow or encourage employees to carry sensitive data on their mobile devices. As systems evolve, new methods will always be required to protect data from going public. However, it's clear from reports that iOS, especially the iPhone, is still the preferred platform by most IT shops. This has a lot to do with Apple getting into the smartphone business before others. Android is good, but still has a way to go.

Android and iOS mobile operating systems have made their marks on the enterprise landscape when it comes to security, and have been deemed by organizations as safe in their own ways, according to their security requirements. These devices have seen a lot of changes over the years through adding new and improved features to protect data and increased compatibility with third-party MDM software. Security will always be a major factor in enterprises that allow or encourage employees to carry sensitive data on their mobile devices. As systems evolve, new methods will always be required to protect data from going public. However, it's clear from reports that iOS, especially the iPhone, is still the preferred platform by most IT shops. This has a lot to do with Apple getting into the smartphone business before others. Android is good, but still has a way to go.