Security Shootout: PlayBook, iPad, Android
By now, CIOs everywhere have felt at least a little pressure to bring new-fangled tablets to the enterprise: Apple iPads, BlackBerry PlayBooks, even Android machines. But many claim security on tablets remains woefully immature--or is it?
BoxTone, a mobile device management vendor, says security concerns over iPads and PlayBooks can be a bugaboo. And because there are so many flavors of the Android OS, those tablets in particular lack critical enterprise security features.
The debate over tablet security, especially on the iPad, rages on even within the same industry. Earlier this year, Sharon Finney, corporate data security officer at Adventist Health System (AHS), a not-for-profit Protestant healthcare provider with 44 hospitals across 10 states, described to CIO.com her "sandbox" network approach for dealing with iPad's security shortcomings.
Late last year, CIO Dick Escue of RehabCare, which operates 35 acute care hospitals and rehab facilities, and outsources therapists around the country, told CIO.com that iPad security was ready for primetime. "There's this myth IT people perpetuate that these Apple devices can't work in the enterprise," he says.
BoxTone, which has deployed 75,000 smartphones and tablets in the enterprise, sees tablets gaining ground in the enterprise in three main markets: healthcare, retail and field services. Sixteen months ago tablets weren't something BoxTone really dealt with, "but by the end of this year they'll account for half of our business," says Brian Reed, vice president of products at BoxTone.
So what about the security of the three major tablet platforms? BoxTone breaks down each:
BlackBerry PlayBook: Security Stalwart
Many of BoxTone's new deals will have the PlayBook as the centerpiece, says Reed. BoxTone's installed customer base consists mainly of BlackBerry shops eyeing the PlayBook as a natural extension in their environment.
BoxTone ranks the PlayBook as the most secure, enterprise-ready tablet on the market today. The PlayBook attaches itself to the enterprise through the BlackBerry, thus instantly inherit all of BlackBerry's legendary security and control.
BlackBerry has more than 400 settable policies, whereas iPhone has 250. IT organizations are able to manage BlackBerries and PlayBooks (and, unlike the iPad, the apps that run on them) using RIM's BlackBerry Enterprise Server.
Apple iPad: Pros and Cons
In terms of security, the iPad isn't far behind the PlayBook, says Reed. BoxTone contends that the iPad is enterprise-ready because it covers security's essentials.
"If you really distill down a device's enterprise readiness, it's about protecting against loss," says Dan Dearing, group director of mobile security strategies at BoxTone. "This means three things: Can the device be encrypted? Does the device have a passcode on it that's settable via policy such that you can restrict access? Can you wipe the device in the event that it gets lost?"
Over the years, Apple has delivered APIs (especially in iOS 4) to protect against device loss, including enforcement of passwords, network access restriction, and the ability to disable certain features such as the camera. Apple has also built in encryption on the hardware side.
The iPad, however, lags the PlayBook in native app management features. Simply put, IT can't control or manage every single app on the iPad without help from third-party software. "In the land of the iPad, you cannot block or remotely delete apps that are installed by the user from the App Store," Reed says.
Even worse, new research from Forrester warns that many commercial iOS apps are a security risk for companies. These apps might not tap into the native iOS management and security capabilities. Or maybe they're intentionally leaking data for marketing and advertising reasons, Forrester says.
Android Tablets: Too Early
BoxTone believes the PlayBook and iPad are ready for the enterprise, at least from a security standpoint. Not true with Android tablets.
The Android market of devices has sprouted a wild garden of sorts. Multiple handset vendors implement the Android OS in various ways, many using Android 2.2, which doesn't support encryption.
On the Android tablet front, only 2 percent of devices use the tablet-specific Android 3.0, also called Gingerbread, which does support encryption. Google reportedly plans to merge the Android OSes perhaps by the end of this year, but then this would introduce yet another Android OS version.
"It's very complicated for IT to figure out which Android devices are actually ready for their environment in regards to its ability to protect sensitive data," Reed says.
Like the PlayBook and iPad, Android tablets will eventually mature and pick up enterprise-class features--particularly the ones that protect against device loss. But it will take time, perhaps years, says Reed.
Until then, there are only two tablets on the market today with enterprise-class security, PlayBook and iPad.
Tom Kaneshige covers Apple and Networking for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Tom at firstname.lastname@example.org.
Products mentioned in this article