Analysts Question Nexus One Enterprise Security

Google pulled the covers off its Nexus One smartphone today at a press event at its corporate headquarters, touching off for some talk about whether or not it will be able to compete with other smartphones in the enterprise.

This of course leads to a larger question of how Google’s latest play in the mobile space stacks up security-wise with other smartphones, as well as how enterprises should secure the devices when their employees bring them into the workplace.

“Nexus One is running on Android 2.1, the latest update, so is equivalent to iPhone 1.0 and the first version of webOS,” opined Dan Dearing, vice president of marketing at Trust Digital. “webOS has improved its security to be on par with iPhone 2.0. (But) the iPhone 3GS provides the most comprehensive security controls with the addition of hardware-based encryption.”

Businesses are increasingly adopting the iPhone 3GS because of its security and management features, Dearing said. iPhone 3GS however has had its security issues as well, as a researcher demonstrated last year in a pair of YouTube videos.

“Nexus stacks up favorably against other smartphones,” said Forrester Researcher analyst Andrew Jaquith. “Each running application runs in its own process, and is isolated by the OS from other apps. The applications themselves are self-contained and must be digitally signed, so they can’t be tampered with. Perhaps most important, inter-application communications can be restricted by creating a manifest that enumerates what parts of an application other apps can access. There is a lot of granularity in the security policy, underpinned by the Java Runtime Environment that all apps run on top of. As a Java dork, it’s actually quite cool what they are doing.”

Unlike the iPhone however, Android does not have a centralised model for distributing signed applications, he added.

“In Android, you can sign your own applications, and what those applications do is left up to the developer, for good or ill,” he said, adding both models have their pros and cons. “With the iPhone, Apple’s stated intent with their approval process is to make sure the applications aren’t doing anything naughty or using banned APIs. Unlike Android, Apple can yank a developer’s certificate if it needs to.”

Google did not comment on any security features it built into the phone. However, analysts agree the single biggest threat to smartphones remains the physical loss of the device.

“With Blackberry and later generation Windows Mobile phones, enterprises can enforce the needed security policies – mandatory password, mandatory timeout timer, data encryption on device, remote wipe,” said Gartner analyst John Pescatore. “However, we estimate that less than 30 percent of enterprises actually enforce these polices on those devices and worse – until very recently on the iPhone you couldn’t do all four.”

“Android phones should have all four available through 3rd party software, it all depends on how the phone will be setup, he added.

When it comes to managing smartphones, here are some common best practices for enterprises to consider:

  • Basic security facilities such as password/pin and remote wipe to protect information when an Android device is lost. These settings must be set remotely via policy.
  • Encryption (data at rest) support to protect information on the whole device if lost.
  • Add a password lock to the phone, which should kick in after a reasonable amount of time, for example, 30 minutes. “You want to protect against the case where a stranger swipes the phone,” Jaquith said. “But you don’t want to annoy the user who has to do a lot of things with quickly in succession.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises $6.6bn Award For TSMC Arizona Plants

US Commerce Department finalises $6.6bn subsidy to TSMC for leading-edge chip plants in Arizona, as…

18 hours ago

SpaceX Prepares Tender Offer At $250bn Valuation

SpaceX to begin tender offer in December valuing company at $210bn, as Elon Musk's xAI…

18 hours ago

US Releases Security Advice For AI In Critical Infrastructure

US Department of Homeland Security releases advice for development and deployment of AI in critical…

19 hours ago

Lenovo Beats Estimates, Raises Projections As PC Sales Recover

World's biggest PC maker Lenovo beats sales predictions, raises forecast for 2025 as AI capabilities,…

19 hours ago

China Chip Production Slows Ahead Of New US Sanctions

Chip production slows in China in October ahead of expected export controls, while annual EV…

20 hours ago

Which? Seeks £3bn In Apple iCloud Competition Claim

Apple effectively locked 40 million UK users into iCloud and overcharged them, claims £3bn legal…

20 hours ago