Examining The Security Approaches Employed In Apple’s Ios And Google’s Android
Páginas: 53 (13202 palabras)
Publicado: 21 de julio de 2011
Security Response
A Window Into Mobile Device Security
Examining the security approaches employed in Apple’s iOS and Google’s Android
Carey Nachenberg VP, Fellow Contents
Executive Summary
The mass-adoption of both consumer and managed mobile devices in the enterprise has increased employee productivity but has also exposed the enterprise to new security risks. The latest mobileplatforms were designed with security in mind—both teams of engineers attempted to build security features directly into the operating system to limit attacks from the outset. However, as the paper discusses, while these security provisions raise the bar, they may be insufficient to protect the enterprise assets that regularly find their way onto devices. Finally, complicating the security picture is thefact that virtually all of today’s mobile devices operate in an ecosystem, much of it not controlled by the enterprise—they connect and synchronize out-ofthe-box with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise’s control.
Executive Summary ........................................... 1 Introduction....................................................... 1 Mobile Security Goals ........................................ 2 Web-based and network-based attacks ..... 2 Malware ....................................................... 2 Social Engineering Attacks .......................... 3 Resource Abuse ............................................ 3 Data Loss ..................................................... 3 DataIntegrity Threats .................................. 3 Device Security Models ..................................... 3 Apple iOS ...................................................... 4 Android ....................................................... 10 iOS vs. Android: Security Overview ..................17 Device Ecosystems ...........................................17 Mobile Security Solutions............................... 20 Mobile Antivirus ......................................... 20 Secure Browser .......................................... 21 Mobile Device Management (MDM) .......... 21 Enterprise Sandbox .................................... 21 Data Loss Prevention (DLP) ....................... 22 Conclusion........................................................ 22
IntroductionWith so many consumer devices finding their way into the enterprise, CIOs and CISOs are facing a trial by fire. Every day, more users are using mobile devices to access corporate services, view corporate data, and conduct business. Moreover, many of these devices are not controlled by the administrator, meaning that sensitive enterprise data is not subject to the enterprise’s existing compliance,security, and Data Loss Prevention policies. To complicate matters, today’s mobile devices are not islands— they are connected to an entire ecosystem of supporting cloud and PC-based services. Many corporate employees synchronize their device(s) with at least one public cloud based service that is outside of
Security Response
A Window Into Mobile Device Security
the administrator’scontrol. Moreover, many users also directly synchronize their mobile device with their home computer to back up key device settings and data. In both scenarios, key enterprise assets may be stored in any number of insecure locations outside the direct governance of the enterprise. In this paper, we will review the security models of the two most popular mobile platforms in use today, Android and iOS, inorder to understand the impact these devices will have as their adoption grows within enterprises.
Mobile Security Goals
One thing is clear—when it comes to security, the two major mobile platforms share little in common with their traditional desktop and server operating system cousins. While both platforms were built upon existing operating systems (iOS is based on Apple’s OSX operating...
A Window Into Mobile Device Security
Examining the security approaches employed in Apple’s iOS and Google’s Android
Carey Nachenberg VP, Fellow Contents
Executive Summary
The mass-adoption of both consumer and managed mobile devices in the enterprise has increased employee productivity but has also exposed the enterprise to new security risks. The latest mobileplatforms were designed with security in mind—both teams of engineers attempted to build security features directly into the operating system to limit attacks from the outset. However, as the paper discusses, while these security provisions raise the bar, they may be insufficient to protect the enterprise assets that regularly find their way onto devices. Finally, complicating the security picture is thefact that virtually all of today’s mobile devices operate in an ecosystem, much of it not controlled by the enterprise—they connect and synchronize out-ofthe-box with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise’s control.
Executive Summary ........................................... 1 Introduction....................................................... 1 Mobile Security Goals ........................................ 2 Web-based and network-based attacks ..... 2 Malware ....................................................... 2 Social Engineering Attacks .......................... 3 Resource Abuse ............................................ 3 Data Loss ..................................................... 3 DataIntegrity Threats .................................. 3 Device Security Models ..................................... 3 Apple iOS ...................................................... 4 Android ....................................................... 10 iOS vs. Android: Security Overview ..................17 Device Ecosystems ...........................................17 Mobile Security Solutions............................... 20 Mobile Antivirus ......................................... 20 Secure Browser .......................................... 21 Mobile Device Management (MDM) .......... 21 Enterprise Sandbox .................................... 21 Data Loss Prevention (DLP) ....................... 22 Conclusion........................................................ 22
IntroductionWith so many consumer devices finding their way into the enterprise, CIOs and CISOs are facing a trial by fire. Every day, more users are using mobile devices to access corporate services, view corporate data, and conduct business. Moreover, many of these devices are not controlled by the administrator, meaning that sensitive enterprise data is not subject to the enterprise’s existing compliance,security, and Data Loss Prevention policies. To complicate matters, today’s mobile devices are not islands— they are connected to an entire ecosystem of supporting cloud and PC-based services. Many corporate employees synchronize their device(s) with at least one public cloud based service that is outside of
Security Response
A Window Into Mobile Device Security
the administrator’scontrol. Moreover, many users also directly synchronize their mobile device with their home computer to back up key device settings and data. In both scenarios, key enterprise assets may be stored in any number of insecure locations outside the direct governance of the enterprise. In this paper, we will review the security models of the two most popular mobile platforms in use today, Android and iOS, inorder to understand the impact these devices will have as their adoption grows within enterprises.
Mobile Security Goals
One thing is clear—when it comes to security, the two major mobile platforms share little in common with their traditional desktop and server operating system cousins. While both platforms were built upon existing operating systems (iOS is based on Apple’s OSX operating...
Leer documento completo
Regístrate para leer el documento completo.