Symantec study shows Apple’s iOS and Google’s Android mobile platforms are more secure than traditional desktop operating systems, but still vulnerable through poor corporate policy.
Chief among the list of mobile security risks is that users of both Android and iOS commonly synchronize their devices with their home computers combined with a shorter primary life cycle leading to a large market of used phones. These practices could lead to sensitive corporate information being transferred to devices outside of the control of the enterprise.
“It’s a lot like someone stealing your identity by going through your trash” Jennifer Svensson, CEO of VertiGO RECOVER a global firm that helps corporations and governments deal with mobile security, told iPhone Einstein on Friday. “Smartphones can contain gigabytes of data, If you don’t take the time to shred the information you make it easy for someone to steal it.”
Most organizations still have a large population of phones purchased by individual employees making it more difficult to secure the life cycle of these phones even though the underlying operating systems are inherently more secure. “All of these devices operate in one or more uncontrolled environments. From an enterprise perspective, you don’t control the security of those services or home computers” says Svensson.
When it comes to malware, the iOS mobile operating system, which powers iPod, iPhone and iPad devices, provides a high level of protection due to Apple’s stringent application and developer certification processes, the report states. On the other hand, Google still allows any software developer to create and release apps anonymously and without inspection. This approach, naturally, makes it easier for malware authors to target the Android platform.
As for the encryption capabilities of each phone, iOS provides strong protection for emails and attachments, but it does not fully protect against the risk of physical device compromise, the report states. Most of the data on iOS devices is encrypted in a way that can be decrypted without the need for a user to input their device’s master passcode. Consequently, an attacker with physical access to a device could use a jailbreak attack and read most of the data on a device.
To defend against mobile threats, organizations need to take policy creation more seriously and consider deploying management solutions, the study said. In addition to managed services, user education and training is the best way to mitigate mobile information risks. Training programs should aim to educate users why security policies are necessary and include operation and disposal practices.