Site icon IT World Canada

Android market could be RIM security ‘death knell’

As Apple Inc. sees the whites of RIM’s eyes in the battle to secure the mobile enterprise market, Research in Motion Ltd. might turn to the thriving Android marketplace. But Android apps could be “a death knell” for RIM’s security, one analyst says.

For now, in the enterprise market, BlackBerry isn’t in danger of losing a toe-to-toe fight over security, says Graham Thompson, president of Ottawa-based Intrinsec Security Technologies.“Given today’s technology versus today’s technology, no.”

But he cautions that RIM’s plans to tap into the Android marketplace could place a serious security burdern on the beleaguered company.  An Android adherent himself, he nevertheless says the potential for breaches with Android apps threatens the core of RIM’s business strategy.
“I don’t understand why an [Android] application, for example, like a flashlight, requires Wi-Fi access or Internet access. It just makes no sense to me. Yet people are willing to say, ‘Yeah, go ahead. I don’t care about the privileges that this application is looking for. I just want my flashlight.’ And what impact does that have on corporate data is one of the main questions.”
Android’s comparatively casual approach to security wouldn’t mesh well with the way RIM [Nasdaq: RIMM; TSX: RIM] operates and could harm its reputation in the industry, he says. “That could be the death-knell for their security, which is kind of an interesting little angle. Because they’re talking about, for example, the Playbook, having half a million apps delivered by Android. But, on the flip slide, you’re also looking at, ‘okay, well, how many of those apps are the flashlights that require, you know, Internet access?’”
 
A possible solution, he says, would be for RIM to draw a clear line between enterprise and personal use of its devices, and find a way of integrating the two, safely. “My vision of BlackBerry is to basically have the integration with Android, but to really split the phone into two separate profiles: one for business use, and then the other, you have access to the Android marketplace, you have access to all those apps, but it’s completely shielded from the business side.
“Either you would have to do a reboot or something along those lines. Obviously, try to make it seamless, but have it run as if it’s a little sandbox, so it can’t gain access to anything else that’s on the phone. So, you have your security, for your business guys, and then you have your toys for when you’re taking the bus in or whatever you’re doing.”
And with RIM in a weakened state, its rivals, especially Apple [Nasdaq: AAPL], are growing stronger and getting smarter, says Dave Millier, CEO of Toronto-based Sentry Metrics.They’re starting to take a page out of RIM’s own enterprise security strategy book.
“If you look at iOS now, they actually do encrypt. For example, if it’s in [Microsoft] Exchange or using e-mail, it actually does encrypt the email on the device itself.
“They do proper active sync with things like Exchange, where you can control an iOS the exact same way you control a BlackBerry device. You can actually enforce policies on it so that you can do remote wipes and things like that.”
The wide-ranging popularity of iOS-based devices and the bring-your-own-device phenomenon has put Apple in just the right position to learn the ropes, he says.
“Apple’s had to grow up over the last couple of years in order to accommodate that, “ Millier says. “It hasn’t been just a consumer device. They’ve got an opportunity to really penetrate enterprise and they’ve been working hard to do that.”
Apple is “more mature” than Android is in terms of its appeal to security-conscious organizations, and is probably closer to posing a real challenge to BlackBerry in the corporate market, he adds.
 “Android’s not really been doing that good a job. They didn’t target it. They’re much more focused on using the Google technologies. They want to use the Gmails and the Google apps and things like that. They’re more focused on their own things. What they’re trying to do is bring their applications into the global environment and then have their device talk to their applications in the enterprise, or the global environment, versus what Apple is trying to do, [which] is [to] conform to what most companies already have, things like Microsoft Exchange, things like the Active Directory.”
“Two very different approaches. And Google’s had some success but I think Apple’s had a lot more, and certainly done a much better job in conforming to the corporate security requirements.”
Exit mobile version