Apple has done enough with the security of its iPhone and iPad products to make many CSOs comfortable with the mobile devices connecting to corporate networks, but Google's Android still has a ways to go.
That’s the view of Andrew Jaquith, a Forrester Research senior analyst who issued a report this summer on iPhone/iPad security. He says the No. 1 client inquiry topic for him this past quarter has been the iPad, and acknowledges that he is still coming up to speed on Android and its security model.
However, he says it is clear that Google -- and especially the carriers supporting Android smartphones and tablets -- "frankly have their priorities around share rather than security… Android devices have been propelled along by the desire of the carriers to get a higher margin device that competes well with the iPhone and iPad, that gives them some buzz and makes them more than dumb pipes."
On market share, there are increasing signs of success for Android, with fresh numbers from market watchers such as ComScore and Gartner showing Google and Android surpassing Microsoft, Apple and RIM/BlackBerry - depending on exactly what you're measuring - OS share or smartphones, for example.
And even on the security front, Google has made strides with Android, with its 2.2 OS (dubbed Froyo) offering enhancements such as new ActiveSync policies that include remote wiping and required password complexity. However, Jaquith says certificate authentication, built-in hardware encryption and other such things are missing.
This was the situation with Apple and the iPhone some years ago. "You had initial pressure from geeks who finally had a really interesting smartphone that they could do interesting stuff with. You had bottom up pressure and it took a year or more before executives got their hands on the devices and decided they were really good," Jaquith says. "Since then, Apple has done enough to persuade enough CISOs that what they've got is good enough [security-wise] to use in corporations."
It remains to be seen how Android and the third-party market for security and other applications evolves as new demands are put on the mobile OS.
Apple and RIM have taken responsibility for their platforms in totality in a way that Microsoft, for example, has not in that it farmed out a lot of the complementary tools to third parties. As a result, organisations that embrace the Apple and RIM devices can support them mainly by implementing good policies and without resorting to a lot of third-party technology, such as anti-virus programs, Jaquith says.
The analyst says he won't be surprised to see organisations that do embrace Android at least initially go with management/security services like those from Good Technology. These provide capabilities such as remote wiping and strong authentication and largely eliminate the need to sort out the security strengths and weaknesses of the dozens of Android devices hitting the market.