When weighing Android versus iOS, companies have to figure out if Android's overall advancements in features and security are enough to compete with iOS in the enterprise.
In 2012, Google rolled out two major Android operating system updates: Ice Cream Sandwich and Jelly Bean, both of which did a great job making the tablet and phone versions of the OS look and feel more similar. We also saw the first enterprise app store for Android in December.
- Multiuser support: This feature allows more than one employee to have their own customizable spaces on a single device. The benefit is that, if a small sales force or other team has a limited need for tablets, you can implement device-sharing and save on hardware costs. Newer tablets can support up to eight users, with up to three active users simultaneously. They can all sync data at the same time and use the same apps.
- KeyChain API: Many companies have now started the BYOD program (Bring your own devices) which enables employees to bring their personal devices and use them for office work. Android 4.0 (ICS) comes with a number of enhancements that make it easier for people to bring their personal Android devices to work. Back in Android 1.6 (Donut), a system key store was added for use by VPN. Although this was later expanded to support WiFi authentication, applications weren’t able to access it. In the past, it was common practice for apps to maintain their own key store if they needed to authenticate a secure SSL web server, or authenticate the user to a server via a client certificate. While this works, it can present manageability issues in an enterprise environment where multiple certificates may be shared across a number of apps such as Email and Browser.To bridge the gap in ICS, there’s a new API named KeyChain that regulates application access to the system key store and allows users to grant application access to the credentials stored there. Additionally, this API enables applications to initiate installation of credentials from X.509 certificates and PKCS#12 key stores.
- Malware-prevention improvements: Android added features such as address space layout randomization, which makes it harder for malware to locate key data structures; and data execution prevention, which stops malware from executing code from certain regions. Android security still has a ways to go, but these are steps in the right direction.
- Security and encryption: Ice Cream Sandwich provides full internal storage encryption on both phones and tablets. ICS adds ASLR (Address space layout randomization) to Android to protect the system and apps from memory exploits. Address space layout randomization (ASLR) is a computer security method which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space. ICS also has a new public keychain framework to make it easier for applications to manage authentication and secure sessions. And, as with every release, ICS fixes bugs, cleans up permissions, and improves end user insight into security issues.
- Device management and Exchange ActiveSync: Ice Cream Sandwich updates Exchange support to use the EAS v14.1 protocol. ICS adds EAS policy support for limiting attachment sizes, disabling attachment downloads, enforcing manual sync while roaming, and disabling the camera. That brings the total number of supported EAS policies to 16. ICS additionally enables client certificate authentication to Exchange servers. Many of these device management capabilities, such as remote wipe and password strength enforcement, are also available in Android’s open Device Management APIs for other device management solutions.
- VPN support: Ice Cream Sandwich adds out-of-box support for pure IPSec VPNs to support many commonly deployed VPN routers. This complements the pre-existing support for L2TP, L2TP/IPSec PSK, L2TP/IPSec RSA, and PPTP VPNs. ICS also creates a new platform for SSL VPN clients which can be downloaded from the Android Market. This new service provides enhanced security with an always-on VPN.
Do the native OS improvements and additional capabilities such as SAFE mean Android is ready to uproot iOS in the enterprise? The answer is maybe. Android's variety of features and rate of innovation are impressive, but what makes Android great for consumers is what makes it difficult for organizations. On one hand, consumers have many customizable devices to choose from. On the other hand, organizations that let users bring their own devices face the prospect of supporting four to six different OS versions running on literally hundreds of different phones made by a handful of manufacturers. This fragmentation makes it difficult to support, create apps for and manage the security of Android devices in the enterprise.
Apps for iOS, on the other hand, consistently work well across four different OS versions. Apple makes all the iOS devices, and they seem to integrate with Windows better than Android. And it offers features such as guided access, which allows IT to limit certain functions of apps. Its certificate-based VPN authentication works with virtually all Apple products, whereas your VPN may only work with a specific Android version or device.
Apple is the choice currently, but Android is picking up in the enterprise. Look for small, upstart companies to align with Android, because they do not have a large Windows infrastructure and they can align more easily with other Google products, such as Google Apps.
No comments:
Post a Comment