BlackBerry beats Apple, Samsung in BYOD brawl
A recent audit on technology has earmarked security howlers in three of the biggest names in tablet devices, which has raised a lot of concerns with regards to the security ramifications of allowing employees to bring their personal devices at work.
Context Information Security‘s recent student had iPad, the Galaxy Tab and the PlayBook under the radar and the general consensus was that the Samsung tablet’s “enterprise readiness” was the least out of the three. Even though the BlackBerry PlayBook and Apple’s iPad fared somewhat better, but both of them had chinks in their armor that included desktop software which does not encrypt backups – not by default anyway.
The PlayBook was the sole tablet that provided decent separation between the personal data and work data, which is something that should be a pivotal feature when one considers the escalating BYOD (Bring Your Own Device) trend.
Each of the trio of devices supports Exchange ActiveSync, which is a factor connoting the fact that the configurations of the security core can be maneuvered and managed via a central exchange server. Even so, their suitability is influenced by the security control disparity. And these controls include the protection of data, software update and integrity, security configuration profiles, access control, connectivity, and then there is backup and synchronization – these factors tell us about the ease with which iPhone spy software or BlackBerry spy software can penetrate the respective devices.
The data protection on Apple’s iPad is strong, and so are the facilities regarding damage limitation. However, potential security breaches include the frequency of jailbreak attacks, and futile encryption on the disk unless a robust policy of passcode is applied. And even though the disk encryption scheme on the iPad is decently designed, iTunes backups by default store clear text files, which is obviously not acceptable for storing corporate data that is sensitive. A similar approach of back up is adopted with the PlayBook.
Even though the Samsung device is not accompanied by a locked bootloader, however, the disk encryption which is built in results in a more fragile support which makes the device rather difficult to use. Also, even if one enables the encryption of the Samsung Galaxy devices, it permits apps that are rather badly written to store and save the sensitive info on any SD card which is unencrypted and inserted in the tablet.
Plus, the lack of management tools which aren’t up to the enterprise level, also mean that it is difficult to maneuver anything more than a tiny number of Galaxy devices within the enterprise environment – something that the device shares with the iPad as well. BlackBerry’s PlayBook on the contrary, gives amazing logical and data separation among the two modes – personal and work, owing to a more all-round construction that saves biz data wipes from the employer while ensuring that the personal data remains intact.
BYOD is Unstoppable
Even though the security controls on the more conventional laptops and desktops are considerably easier to apply, however the recent trend that sees employees being allowed to bring own devices to work is something that cannot be stopped now. It is virtually impossible to ignore the growth of tablets and devices in workplaces and homes that offer a mélange of connectivity, portability and productivity – something that wasn’t possible earlier.
This format is ideal when one factors in social networking, and also when one considers sharing and creating documents, presentations and generating other type of content that one can carry with them as well. However, the same features also conjure a veritable dilemma by summoning security concerns for the organizations and firms. Our research implies that most of the device manufacturers still need to do a lot before their tablets can summon the security level needed for their use in corporate enterprises – and use with minimal spread of iPhone spy software and BlackBerry software among other malware.
A lot of the security merchants are busy marketing tools that are third-party and are designed to ensure that the security glitches engulfing the use of devices in the corporate environments. These tools would ensure that a lot of the issues outlined are rectified – although how much of it would be rectified is still not clear. BYOD management’s effectiveness and the relevant security mechanism was initially beyond the jurisdiction of Context, but now with the rise of the trend and the need of the hour, all contextual eyes and other gazes are on BYOD and its security repercussions.
Image courtesy of edans, Flickr.
More Tech articles from Business 2 Community: