Hey Slashdotters – looking for our blog post on Google Wallet? It was actually over here in our blog.

iPhone & Android in the Enterprise

Many corporations face the demand to rapidly increase the support and management of consumer mobile devices, especially iOS and Android, while still maintaining acceptable levels of data protection and enterprise security. Our study gives you real-world intelligence and actionable recommendations on managing the mobile risks of iOS and Android smart phones and devices.

What’s Inside: Preview the Report Contents

This report provides a high-level assessment of general device risk and in-depth technical analysis, as well as specific examples where data can be compromised. Looking to understand the security profile of the iPhone and Android smart phones? Start here.

Executive Summary

This study provides specific, research-based intelligence on the threats, data exposure risk and benefits of most common security measures for these critical platforms. In addition, we have included corporate policy recommendations, a high-level comparison to BlackBerry security and a brief overview of Mobile Device Management (MDM) software and their related security impacts.

Audience and Assumptions

Different industries face different risks as well as different regulations. This report does not focus on a particular industry or regulatory framework, but rather addresses risks and security threats common across organizations, virtually all of which have some form of sensitive data. Common corporate technology scenarios and concerns are addressed, focusing on Exchange data (email, contacts, calendar) synchronized to iOS and Android smart phones.

Target audience roles include: President/CEO, CIO, CISO, Chief Risk Officer, Internal Audit, Information Assurance, Compliance officers, and others.

Key Issues and Recommendations

For the executive and information security manager, we provide mobile risk intelligence summarized into key issues and recommendations. The key issues highlight high-level areas of risk in corporate mobile device deployment and use, informed by our technical forensic security expertise.

Our actionable recommendations are based on expert understanding of mobile security, and are segmented into Basic, Enhanced and Advanced for varying levels of security control and risk mitigation. Recommendations include specific steps in the areas of policy, security, risk mitigation, and considering third-party software.

Common Questions

This useful chapter also summarizes key issues in a convenient Q&A format. Questions addressed include:

  • Is iOS secure enough for use in the enterprise?
  • Is Android secure enough for use in the enterprise?
  • How do iOS and Android compare to BlackBerry in terms of security?
  • Does the device passcode prevent someone from accessing device data?
  • Does iOS encryption work? Does encryption protect all device data from being stolen?
  • How secure is the iOS keychain?
  • And more common questions

High Level Risk Overview

Mobile devices in the enterprise present significant risks for sensitive corporate information (SCI) for several reasons. Although these risks are increasingly understood in the business community, corporate policies and mobile implementation strategies do not appear to reflect this understanding. The reason may be a lack of understanding of how mobile risks equal business risks. This report provides advanced risk intelligence covering:

  • The mobile device as a target
  • The mobile device as a vector
  • Risk scenarios: What could go wrong?
  • Mobile risk map based on real-world threats

Auditing Mobile Devices

By implementing a targeted device audit program corporations can gain valuable insight into how devices are used, the data they contain, and the success or failure of security controls. Such audits can be implemented relatively easily using devices pulled from service, prior to de-provisioning and data wiping. In the case of employee-owned devices the process can be more complex, but may still be feasible. As with drug testing, corporate policy can require employees to provide their devices on request for analysis.

Corporate Policies

With the increasing prevalence of both highly mobile devices and cyber crime targeting corporations, it is critical to ensure that corporate policies are up-to-date with the technology in use. Our recommendations can help information security managers update their policies to address issues such as passcodes, remote wipe, personal data, BYOD, and more. Policy topics covered include:

  • Classifying sensitive company data
  • Device encryption
  • Passcode complexity
  • Jailbreaking/rooting
  • And more policies

Comparison: iOS, Android and Blackberry

The RIM BlackBerry platform has been the foundation of typical corporate mobile strategy for nearly a decade. While RIM is struggling in both market share, it is still an important platform and the leader as an end-to-end secure solution. One issue that many IT departments face is that mobile devices designed for consumers are already deployed in the enterprise. This report addresses the risks of this new reality and the technology involved, including the key questions:

  1. Is enterprise data at greater risk on iOS and Android devices?
  2. Are there tools enterprises can use to effectively manage and secure iOS and Android devices, like those offered by BlackBerry/BES

Trusted, Independent, Vendor-neutral

Our report presents objective analysis that does not represent any particular security software or mobile platform. viaForensics is trusted by law enforcement as well as corporations large and small to provide the most cutting-edge mobile forensic security services in the industry.More about viaForensics >