Insights For Success

Strategy, Innovation, Leadership and Security

Microsoft

Is Apple's IOS or Google's Android more secure?

Android, Apple, IOS, Microsoft, iPhoneEdward Kiledjian

Which is better: Android or IOS?

Asking “which mobile operating system is the best” is a great way to start a mini war between friends or coworkers. It seems everyone has taken a side and is willing to go down in a blaze of glory defending their position. 

The fine folks over at Symantec wanted to determine which mobile operating system was more secure (IOS or Android). They then took the analysis a step further by comparing the security postures of these mobile OS’ to their most popular desktop counterparts. 

The risks

Symantec found that from a technology perspective, these mobile OS’ are more securer than their desktop counterparts but they highlighted the main weakness common to all the platforms : the user.   

In a previous article, I wrote about the “Consumerization of the enterprise”. They highlighted the risk of employees using their personal unmanaged devices to access corporate information then connecting them to outside third party uncontrolled and unmanaged services. This reality potentially exposes corporate assets to attackers. 

The Conclusion

Although Symantec did not clearly identify one mobile OS as better than the other, they do have a slight preference for IOS. Of particular interest was Apple’s application vetting process which adds a nice player of protection for users.  They went on to say that IOS’ architecture “makes it better at resisting malware attacks and data integrity attacks”. The cherry on top for IOS supporters is their final statement that IOS offers better encryption and more secure access control for apps. 

I doubt anything above would make an Android supporter jump ship but it does present an interesting perspective you should keep in mind.

 

The Symantec Press Release

MOUNTAIN VIEW, Calif. – June 28, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced the publication of “A Window into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android” (PDF). This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.

 

Chief among the findings is that while the most popular mobile platforms in use today were designed with security in mind, these provisions are not always sufficient to protect sensitive enterprise assets that regularly find their way onto devices. Complicating matters, today’s mobile devices are increasingly being connected to and synchronized with an entire ecosystem of 3rd-party cloud and desktop-based services outside the enterprise’s control, potentially exposing key enterprise assets to increased risk.

 

Click to Tweet: Symantec analysis finds iOS and Android security better than that of PCs, but major gaps remain: http://bit.ly/jYflt3

 

The paper offers a detailed analysis of the security models employed by Apple’s iOS and Google’s Android platforms, evaluating each platform’s effectiveness against today’s major threats, including:

  • Web-based and network-based attacks
  • Malware
  • Social engineering attacks
  • Resource and service availability abuse
  • Malicious and unintentional data loss
  • Attacks on the integrity of the device’s data

This analysis has led to some important conclusions:

  • While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.
  • iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.
  • Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.
  • Users of both Android and iOS devices regularly synchronize their devices with 3rd-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise..
  • So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.

Quotes:

“Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, Symantec Security Technology and Response. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”

The PC is dead. Long live the iPad.

Apple, Microsoft, salesEdward Kiledjian

Top tech analyst firms, Gartner and IDC, are both reporting that the sale of personal computers dropped for the first 3 months of 2011. It seems this is another trend was able to break. It was able to grow its sales and market share (compared to a year ago). Although the increase is different depending on the firm you choose, it is somewhere between 8.5-9.5% (compared to 7% last year).

Could this be the slow and painful death of the traditional PC lead by the tablets? It is too soon to tell but things could definitely get very interesting.

Cloud computing may be better for the environment

Accenture, Datacenter, Environment, MicrosoftEdward Kiledjian

Open any business magazine and you will be bombarded with the words “Cloud Computing”. It is the buzzword of 2011 and something your company will likely consider for point solutions. In simple terms, cloud computing is computing on demand. Like electricity, you pay for what you use without having to worry about any of the back-end magic (hydro-electric dams, generators, transmission lines, etc). When you flip the switch, the service just works.

Popular Cloud providers are Google (with their Google Apps), Microsoft (with their office 365), SalesForce.com (with their online CRM solution), etc.

Microsoft, Accenture and WSP recently released a report that compared the environmental impact of running your business solutions in-house versus using a cloud-based provider. They found that by outsourcing a company’s applications to a cloud provider, the environmental impact can be reduced by as much as 90% (energy usage and carbon footprint).

Knowing that IT accounts for 2% of worldwide energy use, this may be a welcome revelation to environmentally concerned executives. They identified energy usage savings as follows:

  • Reducing excess capacity (unused capacity)
  • Flattening peak loads
  • Employing large scale virtualization
  • Improving data center design.

Microsoft’s Chief Environmental Strategist (Rob Bernard) has a great analogy.  He compares cloud computing to mass transit. One bus equals 50 cars on the street. Same concept with cloud computing.

An interesting conclusion I want to point out is that the largest customers had the smallest benefits. Companies with 10,000 + users had benefits in the range of 30% while companies with around 100 users saw a 90% environmental impact reduction.

There are other concepts companies can use to reduce their environmental impact while improving productivity such as teleworking. I recently wrote an article about implementing a successful telework program and I strongly recommend you read it.

The conclusion is to investigate where Cloud Computing may fit in with your business plan. Shedding non core responsibilities means you have more resources (time, money and expertise) to concentrate on your core business while outsourcing the non-value generation part. Imagine if each company had to figure out how to generate the electricity it needed? How much value would that sap out of your business?