Essential Guide

This Essential Guide is a collection of articles, videos and other content selected by our editors to give you a comprehensive view of this topic.

Enterprise mobile security smackdown: iOS vs. Android vs. Windows

Android, iOS and the Windows mobile operating systems continue to add more tools and features for IT administrators. But which OS is best for enterprise mobile security?

As mobile operating systems continue fighting the war for the title of king of the consumer realm, IT administrators have their eyes on the battle for the enterprise throne.

The mobile OSes that have made their way into the workplace are geared toward consumers, but the OSes have begun focusing on the enterprise too. With each new operating system version and device release, iOS, Android and the Windows mobile OSes have more tools and features for enterprise mobile security. The war for consumer hearts continues to rage, but is the battle for the enterprise won?

Read on to find out which management and enterprise mobile security features iOS, Android, Windows Phone, Windows 8 and RT have to offer, plus where the gaps are. Decide for yourself which is the victor.

The Apple of admins' eyes?

1. Apple's enterprise features

Apple keeps adding management features to its devices, but they usually come with gotchas, at least initially. For example, in iOS 7, IT can restrict AirDrop, but only if devices are in supervised mode. When iCloud first came out, IT could turn it on or off, but those were the only two options. Apple Configurator lets admins control devices, but only if users will let them physically connect devices to a Mac.

Historically, the control over these features improves with time after the initial release -- as was the case with iCloud -- and iOS 7 came with some new tools that IT can use to keep devices and data safe, such as Managed Open In and a revamped MDM protocol.

  • iOS 7's top eight features

    Open in management, per app VPN, enterprise single sign on and an improved MDM protocol are just a few of the management attributes that IT admins can take advantage of in iOS 7.

    Tip

  • Restricting iCloud

    It's easy to manage users' Apple iCloud access with third-party MDM services and Apple's management APIs. Using those tools, IT can control automatic device backups, Photo Stream and document syncing.

    Tip

  • Apple Configurator: One tool in a box of many

    Apple Configurator can help IT manage some aspects of iOS devices, such as configuration profiles, but devices need to be connected to a Mac. Configurator's shortcomings make it more of a supplement to other MDM products than a standalone tool.

    Tip

  • Apple iOS encryption: You might be doing it wrong

    In iOS 7, Data Protection is standard on all App Store apps, which lets IT take advantage of stronger enterprise mobile security features. But if users don't have Data Protection enabled on their devices, the improved security feature doesn't help much.

    Tip

  • Navigating Apple's app distribution isn't easy

    IT can deploy apps that are developed in-house and App Store apps to users' devices, but sending out homegrown applications has a lot of complicated steps. On the other hand, distributing App Store apps is a breeze.

    Tip

  • Apple iOS 7 MDM features require supervised mode

    It has the ability to control some iOS 7 features such as AirDrop and iMessages, but only when users' devices are in supervised mode. That's realistic in schools and kiosk settings, but almost everywhere else, supervised mode isn't a viable option.

    News

  • Volume Purchase Program improvements in iOS 7

    Before iOS 7, when a user left a company he took all his apps and data with him, including corporate applications purchased through Apple's Volume Purchase Program. Now the app licenses purchased through the VPP stay with the company and can be re-appropriated to other workers.

    Tip

Android insecurities

2. Android isn't down for the count

Let's talk about the elephant in the room: Android. Lots of people see the Android OS as being too unsecure for the enterprise, and it definitely has its fair share of problems. A storied history of malware, problems with fragmentation and few or incomplete management tools for IT are just a few of the big-time complaints.

But with each new version of Android, more management features arrive, and some device vendors are even taking it upon themselves to make Android -- or at least certain Android devices -- more secure and manageable. Before you count Android out, consider whether the new and growing management tools can potentially outweigh the risks and headaches.

  • Dealing with Android fragmentation

    Android fragmentation can make it really tough for IT to manage devices. Even in companies that purchase Android devices for workers, fragmentation poses an issue because each device and OS version has different capabilities, and MDM can't manage them all.

    Tip

  • Android manufacturers to blame for fragmentation

    It's up to device manufacturers to develop OS updates for Android, and then wireless carriers have to deploy those updates to users. Unfortunately, device vendors often don't put in the necessary time and money into customizing new versions of the OS for their devices.

    Tip

  • Android management tools improve, but still aren't perfect

    Android management features such as remote wipe, encryption and password options have improved in newer versions of the OS, but IT still needs third-party apps to cover all the management bases.

    Tip

  • Improve enterprise mobile security with third-party Android apps

    There are built-in security features on some Android devices, but they aren't enough. Users will need to install third-party applications to fight viruses and boost enterprise mobile security.

    Tip

  • SAFE-certified devices make Android work for IT

    If employees use SAFE-certified Android devices for work, IT benefits. The Samsung Approved for Enterprise program adds application programming interfaces (APIs) to certain Android devices to make managing and securing devices easier.

    Tip

  • Ice Cream Sandwich tries to make Android palatable for IT

    There are new enterprise features in Android version 4.0 Ice Cream Sandwich. Full-device encryption and a VPN API make the mobile OS a little more IT-friendly.

    Tip

  • Why Android MAM isn't enough

    Mobile application management can help admins see and control which applications workers are using on their Android devices, but MAM won't help IT lock down devices or limit Wi-Fi access.

    Tip

Windows into Windows

3. Windows mobile devices in the enterprise

Windows 8, RT and Windows Phone 8 devices are making their way into the enterprise, and they come with some features that IT will expect from Microsoft operating systems. Tools such as native ActiveSync support and a targeted application distribution program will please admins. But don't forget that the devices are inherently geared toward users, which means they come with SkyDrive integration and other consumer-specific services.

  • Confused about Windows 8 vs. RT?

    When the operating systems first emerged, the differences between Windows 8 for mobile devices and Windows RT weren't plain to see. There are numerous small differences, but the biggest takeaway is that RT tablets can't be domain-joined, while Windows 8 mobile devices can.

    Q&A

  • How does Windows RT fit in the enterprise?

    Windows RT tablets have a place in the enterprise, but IT pros can't treat them like Windows PCs. RT tablets are mobile devices, and locking them down like a desktop takes away some of the things that make them a good device for enterprise workers.

    Tip

  • Windows 8, SkyDrive integration causes concern

    Workers' Microsoft accounts link Windows 8 and SkyDrive, which is great for users trying to be productive. But connecting desktops and the cloud could be a big problem for IT.

    Tip

  • Don't turn up your nose at native ActiveSync support

    Windows RT and Windows 8 mobile devices have native support for ActiveSync, which many admins consider a secondary or even tertiary method for connecting personal devices to users' Exchange mailboxes. In reality, this ActiveSync compatibility could make managing Windows mobile devices easier for admins in BYOD settings.

    Tip

  • Plan for Windows Phone 8 security

    Every company should have a strong enterprise mobile security strategy that includes details on how IT will handle all of the devices that access the network. Don't count Windows Phone 8 devices as secure just because they bear the Microsoft stamp.

    Tip

  • Windows Phone 7.5 app distribution gives IT control

    The targeted application distribution program available in Windows Phone 7.5 helps IT build and deliver applications. But if users don't have Windows Phones, admins don't have devices to distribute apps to.

    Tip