Johannesburg, 08 Jul 2011
The rising adoption of Apple iOS and Google Android devices, spurred by the consumerisation of IT, exposes enterprises to risk, as security policies for handling these devices often fall short.
This is according to a Symantec mobile device security whitepaper released this week, which explains how mobile devices connect with third-party cloud and desktop-based services outside enterprise control.
This potentially exposes key enterprise assets to increased risk, according to Carey Nachenberg, fellow and chief architect of Symantec Security Technology and Response, who points out that iOS and Android mobile devices are a mixed bag when it comes to security.
“While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to third-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”
According to Symantec, Apple's iOS is more secure than Google Android primarily due to Apple's rigorous application certification process and its developer certification process, which vets the identity of each software author and weeds out attackers.
Google, on the other hand, has opted for a less rigorous certification model, and permits any software developer to create and release apps anonymously, without inspection, Symantec explains.
This lack of certification has arguably led to today's increasing volume of Android-specific malware, it adds.
Jayson O'Reilly, Symantec's security specialist, explains that IT administrators face a challenge to control and secure information that enters and leaves a consumer device connected to a company network.
“Web browsing is the biggest concern with iOS and Android devices. Android is the operating system that most people are concerned about because of its open access - users can download applications from anywhere.”
He says the “cool factor” of iPads and tablet devices has been driving the adoption of tablets into the enterprise space, and security has not been a major concern.
However, he adds, increasing regulations will force companies to have a better adoption of governance and compliance policies and knowing what exact information is on these devices.
O'Reilly also notes the biggest risk to iOS is when it gets jailbroken. Jailbroken devices, or devices whose security has been disabled, he reveals, are attractive targets for cyber criminals because they are said to be as vulnerable as traditional PCs.
“In the case of the Android, because you can download the apps from anywhere, we've see Trojan injections with up to three or four vectors of attack to steal people's information. As these devices are used to surf the Web, the biggest area of vulnerability is in the browser,” he adds.
O'Reilly says the consumerisation of IT blurs the lines between business and private information and is causing the security perimeter of a company network to disappear because these devices synchronise with other PCs, notebooks, the Internet and third-party cloud providers.
This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise.
Share