The latest research shows that selling bring your own device solutions to companies might be a risky sale for the reseller and the customer
As companies are facing pressure to configure their networks to allow for bring your own devices, research is showing that it could be bad for both them and their supplier.
When networking companies bid for work within UK corporates they are finding that setting up BYOD requirements are appearing on the list of corporate wants.
But Context Information Security has identified found security failings in three of the most popular tablets, raising concerns for organisations looking to introduce BYOD (Bring Your Own Device).
According to the research, the Samsung Galaxy Tab was found to have serious weaknesses that make it difficult to recommend for use in the enterprise.
The iPad and BlackBerry PlayBook performed better, they both have security problems which could cause a company problems if they recommend them for their business partners.
The BlackBerry was the only device found to have a workable solution to BYOD and provide good separation between personal and work data.
According to the report, The full Context report Tablets – A Hard Pill to Swallow all three tablets could be fitted snuggly into corporate networks.
They all have reasonably good support for Exchange ActiveSync, which means that the core security configurations can be managed from a central Exchange server.
But the report found that there were significant differences in security levels between the Galaxy tablet, the iPad and PlayBook. Context looked at issues like data protection, software integrity and updates, access control, security configuration profiles and connectivity, along with backup and synchronisation.
The iPad was shown to have robust data protection and damage limitation facilities, but it was bedeviled by vulnerabilities and the regularity of new jailbreak attacks and ineffective disk encryption.
A company preparing a package for a corporate which wanted a BYOD police would have to have a strong passcode policy if it wanted to allow Apple gear onto the system. They would have to insist that each iPad was configures so that that iTunes backups were not stored in clear text.
The Samsung Tablet does not ship with a locked bootloader and the disk encryption provides weaker support, which is more intrusive to use. Even when encryption is enabled on the Galaxy, it allows badly-written apps to store sensitive information on the unencrypted SD card, the report said.
A lack of enterprise-level management tools beyond ActiveSync also means that it is very difficult to manage more than a small number of Galaxy Tabs in an enterprise environment, a problem shared with the iPad using Apple tools available.
Context found that the BlackBerry is far more advanced in its level of readiness for BYOD than either of the other two tablets. Its Balance architecture in combination with the Bridge application, provide excellent logical and data separation between work and personal modes.
Jonathan Roach, Principal Consultant at Context and author of the report said that the device format is perfect for social networking and creating and sharing documents, presentations and other content on-the-fly. But the same characteristics also present tough security challenges for organisations. Our research suggests that most tablet manufacturers still have a way to go before their products can deliver the high levels of security required for use in most corporate enterprises.