Jailbreaking BYOD Control. Is Apple ready for enterprise primetime?
March 9, 2012 3 Comments
Consumerization is happening now, but many IT departments simply aren’t prepared to deal with the new challenges and complexities it entails. With IT managers increasingly urged by CEOs to stop saying ‘no’ and start supporting consumer tools, they need to reappraise their traditional approach. Put simply, IT needs flexible standards – they can’t say no but neither can they say yes to everyone.
In the mobile space this becomes a minefield for IT admins. An upcoming Trend Micro study* into mobile consumerization trends finds that nearly half of companies have experienced a data breach as a result of an employee owned device accessing the corporate network. When the stakes are this high, IT needs to know which platforms to allow and which to refuse.
An upcoming independent study commissioned* by Trend Micro assessed the enterprise readiness of the major consumer platforms – iOS, Android, BlackBerry and Windows Phone – appraising them in over 40 categories. Unsurprisingly, BlackBerry came out top by far, but the truth is that it is the remaining consumer platforms where most challenges lie, and where most user requests will be focused. The research rated the platforms in order of most secure and manageable: 1) Apple iOS 2) Windows Phone 3) Android
Apple came top of the bunch, excelling in areas such as application security and support for corporate managed email, with the platform also offering ISVs a large range of APIs to provide device management capabilities. Windows Phone also fared well, considering it’s a relative newcomer, particularly impressing with its Active Sync support, device wipe and authentication functionality. Android was rated least secure, despite featuring capabilities including VPN support and mandated code signing for all installed applications, and there are signs that it will get better as it matures.
It’s fair to say that despite enterprise-grade security and management capabilities creeping into some of these platforms over time – Apple’s OS is in its fifth iteration for example – the target for all of these manufacturers is the consumer. The focus is on attributes like design, form factor and social networking support, not encryption, VPN, or MDM support. So is it fair to put Apple at the top and Android way down below? To understand why Android gets a bad rap, and why there is such a positive perception of Apple in enterprise IT circles, we need to look at the application ecosystems for both.
The argument goes thus: Apple has complete control over its ecosystem because it makes the hardware and the operating system and vets any third party applications incredibly rigorously. Google on the other hand only makes the OS, leaving OEMs to build the handsets and to craft their own particular versions of Android, and it has a very laissez-faire attitude to the apps in the Android Market. Apple has therefore seen no major security incidents within its tightly controlled ecosystem whereas new malicious Android apps are being found on an increasingly regular basis.
This doesn’t tell the whole story though. I’d argue that it is Apple, not Android, which is the more risky platform. Why? Simple economics. Cyber crime is a multi billion dollar industry, funded and resourced like legitimate business operations. The criminal gangs need to know that any investment in their own resources is going to provide a decent return, and the best way of guaranteeing that is by targeting the one large homogenous platform, just as they did with Windows in the 90s. In the mobile world, this means iOS.
Android’s strength is that it is so diverse. Although the OS may be winning the market share wars, the fact that it has multiple variants all slightly different from each other depending on the OEM, makes it much more difficult and cost-effective for the criminals to target all of them.
But there’s another reason why Apple’s iOS might not be as secure as is first appears. The very control which the firm applies so rigorously to its ecosystem could be its undoing. You’ve probably noticed, but users don’t take kindly to being told what to do. Apple has blocked content in the past, and it has forced users to pay additional charges to turn on Wi-Fi hotspot functionality. This kind of uncompromising philosophy has driven many to jailbreak their phone with a “my device, my rules” kind of attitude. And a jailbroken phone is not a secure phone: there have been real world cases of malware targeting jailbroken devices such as the first “iPhone worm Ikee”, the most recent “iPhone/Privacy.A” and many others. Think about it: If the device can be jailbroken, by definition it can be exploited – the jailbreaking procedure itself is de facto an exploit.
How many have done this we don’t know as Apple will not release the data. The firm would probably rather not think about how many users it is driving towards insecure mobile practices with its suffocating policy of control. What is clear is that Apple is not the panacea for secure, manageable consumer devices in the enterprise that many believe.
Note: the two new studies mentioned above are part of the Consumerization Toolkit released by Trend Micro at the Mobile World Congress 2012 in Barcelona, 27 February – 1 March. More at http://www.trendmicro.co.uk/newsroom/pr/trend-micro-gold-sponsor-at-mobile-world-congress-2012/