Apple has done enough security-wise with its iPhone and iPad to make many CSOs comfortable with the mobile devices connecting to corporate networks, but Google's Android still has a ways to go.
Andrew Jaquith, a Forrester Research senior analyst who issued a report this summer on iPhone/iPad security and says the No. 1 client inquiry topic for him this past quarter has been the iPad, acknowledges that he is still coming up to speed on Android and its security model. However, he says it is clear that Google -- and especially the carriers supporting Android smartphones and tablets -- "frankly have their priorities around share rather than security… Android devices have been propelled along by the desire of the carriers to get a higher margin device that competes well with the iPhone and iPad, that gives them some buzz and makes them more than dumb pipes."
On the market share front, there are increasing signs of success, with fresh numbers from market watchers such as ComScore and Gartner showing Google and Android surpassing Microsoft, Apple and RIM BlackBerry depending on exactly what you're measuring (OS share, smartphones, etc.).
And even on the security front, Google has made strides with Android, with its 2.2 OS (dubbed Froyo) offering enhancements such as new ActiveSync policies that include remote wiping and required password complexity, Jaquith says Certificate authentication, built-in hardware encryption and other such things are missing.
Learning from Apple iPhone history
But if you turn back the calendar a couple of years, you'd see something similar for Apple and the iPhone. "You had initial pressure from geeks who finally had a really interesting smartphone that they could do interesting stuff with. You had bottom up pressure and it took a year or more before executives got their hands on the devices and decided they were really good," Jaquith says. "Since then, Apple has done enough to persuade enough CISOs that what they've got is good enough [security-wise] to use in corporations."
It remains to be seen how Android and the third-party market for security and other applications evolves as new demands are put on the mobile OS. Apple and RIM have taken responsibility for their platforms in totality in a way that Microsoft, for example, has not in that it farmed out a lot of the complementary tools to third parties. As a result, organizations that embrace the Apple and RIM devices can support them mainly by implementing good policies and without resorting to a lot of third-party technology, such as antivirus programs, Jaquith says.
The analyst says he won't be surprised to see organizations that do embrace Android at least initially go with management/security services like those from Good Technology that would provide capabilities such as remote wiping and strong authentication and largely eliminate the need to sort out the security strengths and weaknesses of the dozens of Android devices hitting the market.