Rory Crump
Sep 27, 2012

Apple security protects the BYOD movement

The BYOD phenomenon sweeping enterprise comes with a price. IT professionals agree mobile devices help reach corporate objectives, but don’t want any part of the security threats smartphones and tablets bring to the workplace. Employees want familiar tools and technological freedom. Management likes bring-your-own-device cost savings, and production gains from employees still tethered to work after leaving the office. As IT fights a losing battle, Apple iOS has pushed Android aside to become IT’s lesser of two BYOD evils.

While enterprise builds an arsenal of iPhones and iPads, Google stays busy patching Android security flaws inherent in its open-source design. Apple has shed its consumer image, now chewing up more and more enterprise market share fueled by better security and less fragmentation. Among developers, IDC reports iOS has opened a 16% lead over Android in the enterprise space and demonstrates fewer weaknesses. “We estimate that the number of iPhones in the Fortune 500 has more than doubled in the past year,” said Apple CFO Peter Oppenheimer at a recent earnings call.

Security gurus at Sophos reported an exponential increase in Android malicious apps in 2012, up 41x over 2011. In contrast, according to Kaspersky Labs, the Apple App Store has encountered just one piece of malware in its five-year existence. With so many Android-driven devices, corporate IT finds Android difficult to support. Software upgrades and security patches become an inexact science. With iOS, Apple runs one ecosystem with predictable upgrades and updates.

“Enterprises across the globe continue to choose iPhone as the standard device for their employees,” said Oppenheimer. It makes sense today, but was BYOD and big business always on Apple’s mind?iOS now has a variety of apps that put a new level of trust in device security -- for example the Viper app to unlock and start your vehicle remotely.

Despite lukewarm interest in enterprise, Steve Jobs often gets credit for both BYOD and the bigger movement around consumerization of IT. The iPod and iPhone created a portable universe transcending the PC. iTunes introduced the masses to remote software services administered by unknown sources, requiring zero planning or capital investment. Meanwhile, Apple users became enterprise users conditioned by the same expectations for mobility and access promised by Job’s post-PC era.

Whether IT consumerization was Job’s intent, or employees simply preferred a familiar mobile operating system, a seismic shift occurred in the workplace. The mobile experience fueled by intelligent devices trumped IT’s belief in approved software and desktop security.

BYOD is all about choice. And a few years ago iPhones started surfacing in the office, connecting first to company email and Wi-Fi networks. Seemingly overnight, employees hijacked IT’s domain and challenged networks with disparate devices and foreign operating systems. Call it rapid innovation at its finest, or part of a cultural shift to nomadic employees with fewer benefits and even less allegiance. Maybe, a new breed of worker bypassing the IT police state for leaner, more ubiquitous tools for the job.

Regardless of motivation, a perfect storm of behavior and technology spawned consumerization of IT, shaking a decades-old data processing model. And it happened so fast.

Tech-savvy, self-reliant workers chose owned devices over static infrastructure and help desk calls. IT struggled to close the consumerization gap, yet helped accelerate BYOD by adopting the same practices. targeted executives with cloud services that leapfrogged IT. Blackberry and RIM, previously the enterprise mobile weapons of choice, disappeared from meeting rooms, airport terminals and business vernacular. Facebook and Twitter pushed consumerization beyond the device. Buoyed by executive support, the traditional IT model of control and standardization flew out corporate windows.

But this transformation would not have taken place unless BYOD made good business sense. If information drives today’s products and services, then make sure it’s available to employees anywhere, anytime. Heavy computing can be done at the office. With BYOD, sharing and disseminating data has fewer boundaries. Employee productivity jumps at no additional cost to the employer.

Not only are company-owned mobile devices becoming obsolete, but a report from Good Technology, a BYOD-focused security provider, painted a curious picture of where BYOD is king. The bigger the company, the more regulated the environment, the higher the BYOD adoption. Finance, insurance and health care must adhere to heavy compliance, security and regulatory requirements. Yet BYOD thrives. Seems backward unless you consider the volume of data those three industries produce and manage.

So data-intensive industries where security breaches are unacceptable encourage employees to use personal smartphones and tablets for sensitive business transactions. You better buy serious protection.

When given an ultimatum, Apple’s security record -- relatively free of malware and malicious hacks -- inspires more confidence in paranoid IT gatekeepers. Android remains a risk.

At the moment, Apple’s security architecture makes iOS the safest play in the market. Apple’s secret sauce is the Advanced Encryption Standard algorithm (AES), also approved by the National Security Agency. A Department of Justice’s cyber-crime lab claims Apple’s AES 256 crypto engine remains unbreakable using today’s computing power.

Although app enthusiasts fiercely debate iOS vulnerabilities, and jailbreaks test Apple’s closed system, hacks and security aren’t mutually exclusive. Corporate espionage is a rampant, global event and hackers move faster than IT -- which has yet to fully protect the desktop. Information security, both internal and external, is now an exercise in risk management. In the world of corporate security, when choosing one over the other, Apple scales and standardizes best for both BYOD and company-issued mobile devices.

Developers do look forward to Windows 8 phone and tablet alternatives. And the mobile deck may be reshuffled if Microsoft can influence both users and IT with a legacy of business success. At this point, however, the stage is set. According to IDC, “Apple's significant lead, reflected both in developer mindshare for those enterprise apps, and in the enterprise adoption of iOS devices, clearly shows the weakness of Android in the enterprise, primarily because of security, management, and fragmentation issues on that platform.”

The bigger story isn’t another Apple parade, but a deeper engagement with tools and technology enabling workers to forge a new path. Utilize resources IT can’t provide. And solve problems beyond the scope of traditional IT architecture. However, smartphone or tablet, IT consumerization starts at the device.

Android dominates the consumer share, but Apple walked in the backdoor and offered a solution for democratizing enterprise IT. One BYOD employee at a time.