IBM: BYOD Brings Security Woes, Consumerization & Hassles Over iPhone Vs. Android OS

by Reads (11,582)

With more and more employees bringing their own personal smartphones and tablets in to work, employers are weighing differences between Apple’s iOS and Google’s Android OS, including security and management features, said officials of IBM — a company that’s just announced intentions to acquire Worklight to help deal with BYOD (bring your own device) issues.

BYODBYOD is getting more popular with workers at companies of all sizes. Worklight’s tools are already in use among big employers, or enterprises; this includes AT&T and Best Western, for instance.

In an IBM podcast this week, Caleb Barlow, IBM’s director of application and data security, raised questions around whether the ever-rising prevalence of smartphones, iPads, and other mobile devices should be seen “through a different lens” from the consumer and enterprise perspectives.

“The problem with just looking at [this] from an enterprise perspective is that all of these people who have mobile phones and are using them from work also have [the phones] as consumers,” replied Dr. Robert (Bob) Sutor, VP, WebSphere Foundation/IBM Mobile.

Workers are Influenced by Consumer App Stores

Employees are influenced by the fun software they’re able to download from app stores as consumers, and IBM is investing resources into these “consumer expectations,” according to Sutor.

People like to use their own phones and tablets rather than company-issued devices because they’re familiar with “the environment,” whether that’s iOS, Android, or some other mobile OS. Meanwhile, the fact that many BYOD employees are paying for their own devices is something else that’s new.

Android vs. AppleFurthermore, employers are traditionally accustomed to replacing hardware only once every two or three years, a pace doesn’t come close to keeping up with today’s ongoing onslaught of new phones and tablets, he indicated.

Even within IBM, about 100,000 BYOD phones, tablets and laptop PCs are now hooked up to the corporate network. “That only leaves about 300,000 [employees] to go,” Sutor quipped.

Apple is ‘Conservative,’ but Android is ‘Fragmented’

Yet with so many workers turning to their own mobile devices, problems can crop up in outfitting employees with corporate apps. IT managers at companies are used to rolling out operating system updates and new applications over the corporate network. With iPhones and iPads, however, users initiate downloads of iOS updates, and these are controlled by Apple, said Naveed Makhani, senior product manager in IBM’s Tivoli organization.

On the Android side, even when Google completes an OS update, specific phone models aren’t able to install it until carriers and phone manufacturers let this happen. Meanwhile, manufacturers sometimes make modifications to the Android OS, Makhani noted.

Sutor also pointed to “fragmentation” in Android devices. On the other hand, Apple is more “conservative,” he maintained. Essentially, Apple tells app developers, “You will do what the Apple SDK (Software Development Kit) allows you to do, and no more,” according to the IBM exec.

iPhone: Road Closed“What about the others?” asked Sutor, who contended that BlackBerry hasn’t gone away, and Windows phones are out there, too.

Differences among mobile platforms is the main reason behind IBM’s Worklight buyout, he indicated. The Israeli-based software company produces app development tools that let corporate programmers work in a variety of languages — such as Java and Objective C, for example — while delivering apps designed to run across multiple mobile OS.

Worklight’s currently supported mobile OS include Android 4.0 (“Ice cream Sandwich”), iOS 5.0, and Windows Phone 7.5 (“Mango”), for instance.

Worklight’s tools are also “extremely compatible” with the IBM-spearheaded Eclipse crossplatform development environment, IBM’s Rational programming tools, and the IBM WebSphere middleware products that run on IBM server hardware, according to Sutor.

Android FragmentationFor Employers, Opportunities and Security Threats are Intertwined

For employers, BYOD delivers new “opportunities” such as location-aware corporate apps and apps that allow for on-the-go social networking and business transactions, he said.

However, security and management across these multiple types of devices can also pose obstacles. “Security wasn’t invented with mobile,” Sutor said. Needs for security mechanisms like authentication and ID management are “things that don’t go away.” Moreover, in a new twist on security threats, “People lose their phones.”

Vijay Dheap, product manager in IBM Security Solutions pointed to a “couple of very interesting” security capabilities in Worklight’s tools. One of these is an encrypted local cache which allows encrypted corporate data to be moved from the enterprise to a mobile device, where it can’t be accessed without corporate permissions. The encrypted cache is also able to store user credentials that allow for offline access, meaning that employees don’t need to be connected to the company network in order to work with company information in a secure way.

Looking ahead, the tools offer an anti-malware capability involving use of a corporate server to validate that apps running on a phone or tablet are actually doing “what they’re supposed to do,” said Dheap.

In conjunction with the Worklight announcement, IBM also unveiled a new software product called Endpoint Manager for Mobile Devices. Currently in beta, the new release expands security policies and IT management beyond the Windows PCs, servers and phones supported in earlier editions of Endpoint Manager to now encompass iOS, Android, and Symbian devices. Also with the new edition of Endpoint Manager, businesses will be able to delete data if a mobile device is lost or stolen, and to enforce policies for pass codes, encryption, and VPNs on phones and tablets.

‘Selective Wipe’ Can Spare Personal Contacts from Getting Wiped

In addition, IBM’s Barlow cited “huge differences between what you can do on Android vs. iOS” from an app management perspective.

IBMApple’s management DPI set “exposes quite a lot of enterprise capability,” Makhani concurred. In contrast, Android “does allow an agent, although it’s limited.”

Consequently, Apple’s iOS already supports a capability called “selective wipe,” which allows IT organizations to spare an employee’s personal contacts from getting wiped if the employee leaves the company. To the contrary, Android phones require a third-party app such as Lotus Traveler to handle selective wipe, he said.

Makhani also predicted that, in future releases, Android and iOS will come closer together in terms of security and management features.

Also during the podcast, though, Sutor cautioned that, going forward, lots of businesses won’t be allowing workers to use just “any old device” on their company networks.




All content posted on TechnologyGuide is granted to TechnologyGuide with electronic publishing rights in perpetuity, as all content posted on this site becomes a part of the community.