At the heart of enterprise mobile security concerns are email security—and there are more threats to enterprise email security on mobile devices than just careless forwards or malicious insiders. From data-stealing malware apps to sophisticated social engineering, sensitive corporate emails are at risk of theft or exposure every day. When it comes to email security issues, the key question for many IT decision-makers is, which platform is more secure: Android or iOS?
1. Wolves in sheep's clothing: the rogue app threat
When it comes to mobile security, one of the enterprise's greatest concerns is malware posing as legitimate apps, stealing onto mobile devices via mobile app stores and silently tracking log-in credentials or exfiltrating corporate data and emails from within. The problem is especially grave considering the all-too-common tendency to grant apps permissions without understanding their implications, simply to close a dialog box. And while it's widely accepted that Android devices are far more vulnerable to such impostors, thanks to the openness of the Google Play Store and the tight restrictions on software distributed through the iOS App Store, Apple devices aren't immune. Enterprise app stores can become unwitting accomplices in the compromise of an iOS device.
Winner: iOS, but it's not a shutout.
2. Castle walls: keeping corporate emails within containers
Of particular importance to “bring your own device” (BYOD) environments is the separation of corporate email, data and documents from personal apps and services. If secured behind strong walls, corporate data should remain safe even if the device owner's personal applications become compromised. The question is: Which mobile platform does it better? iOS has been keeping apps separate from each other for some time now, sandboxing each application in order to keep it from accessing other applications and restricting document-sharing in order to help prevent the spread of malware. But with the introduction of Android for Work, Android devices may not be far behind. Android for Work uses containers to run business applications in a more secure—and IT-manageable—workspace, bringing additional visibility and control into Android devices in BYOD settings.
Winner: With Android for Work in the mix, it’s a tie.
3. The traitor within: preventing employees from inadvertently (or purposely) leaking corporate emails
Often overlooked in the scramble to secure corporate emails on Android and iOS devices is the employee's role in the exposure of sensitive or confidential information. Insider threats are often the top suspect behind corporate data and email leaks. Who has more access, or better opportunities to expose private emails, than the recipients of those emails or someone else already privy to them? But the carelessness of the well-meaning employee can pose just as many risks. Mistakes as simple as forwarding an email to the wrong address or hitting "Reply to all" can result in embarrassment, or even compliance violations and public disaster. And here, no matter what device employees are using, it's up to IT to ensure that the appropriate controls are in place to prevent mishaps. Both iOS and Android devices integrate well with popular mobile device management (MDM), enterprise mobile management (EMM), and data loss prevention (DLP) solutions.
Winner: It's a tie!
Ultimately, both Android and iOS devices can be secured against the most common email security threats—but only if the right solutions are deployed and the proper monitoring and policy enforcement protocols are implemented.
Are you ready to lead your customers toward better mobile email security? If you need more resources or guidance, speak to an Ingram Micro specialist today.