四款主流操作系统安全性横向评测.pdf

《四款主流操作系统安全性横向评测.pdf》由会员分享，可在线阅读，更多相关《四款主流操作系统安全性横向评测.pdf（18页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Enterprise Readiness of Consumer Mobile PlatformsContentsExecutive Summary.3Mobile Roles and Postures.4Mobile Platforms Ratings.6BlackBerry OS.9Apple iOS.11Google Android.13Microsoft Windows Phone.15Appendix Security and Management Criteria.17ENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE

2、 PAPERPage 2Executive SummaryAn increasing number of companies are opening corporate networks and data to consumer mobile technology.The resulting trend,usually referred as the consumerization of enterprise mobility,assumes even more disruptive connotations when the employees are allowed to use thei

3、r own smartphones and tablets to workcommonly referred as BYOD or Bring Your Own Device.Consumer technology is convenient,easy to learn,and fun to use.However,consumer technology is generally not as secure and manageable as required by the enterprise.Consumer technology brings real business value in

4、 terms of productivity and business agility.However,the lack of a strategic approach to the consumerization of IT creates security risks,financial exposure,and a management nightmare.Rather than resist it,organizations should embrace consumerization to unlock its business potential.This requires a s

5、trategic approach,flexible policies,and appropriate security and management tools.A strategic approach to consumerization starts with a clear understanding of the security and management capabilities of each mobile platform.While no mobile platform is immune from security vulnerabilities and managem

6、ent limitations,some platforms are more mature than others with regard to supporting the most appropriate set of policies required by the different mobile roles within the organization.This independent study offers an impartial and objective evaluation of todays four leading mobile operating systems

7、:BlackBerry OS,Apple iOS,Windows Phone,and Android.In addition,it offers a comprehensive framework of analysis including 60 security and management criteria organized in 12 categories and a corollary guide for defining mobile roles and postures.This document is not intended to forecast adoption or m

8、arket fate of individual platforms,because these are irrelevant to the IT managers who will likely have to consider some level of support for all of them anyway.Instead,the analytical framework and the experts ratings are intended to provide a valuable tool for the definition of sound mobile policie

9、s.This allows IT managers to embrace consumerization with confidence and to turn it into a competitive advantage for their organizations.ENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAPERPage 3Mobile Roles and PosturesThe role-based methodologyby which a devices management and data prot

10、ection are dictated by the role of its user or owneris a trend taking place in many organizations that are thinking of new ways to profile the risk of mobile devices and their users.Mobile device management tools have centered,to date,on device remediation.In many cases,the ability to lock or wipe a

11、 lost device,while important,does not do much to protect the data on the device or restrict the way in which the device can be used in terms of capture,storage,and transmission of information.Roles such as general knowledge worker,contractors,occasional users,and,to a certain extent,managers are oft

12、en exempt from the most stringent controls which require complex device authentication and encryption.That said,there are managerial roles that require ready access to highly sensitive information such as compensation/salary,details which,when stored on the mobile device of a manager,requires a more

13、 stringent set of controls.In the case of the contractor or occasional user,device risk profile may be heightened due to the sharing of devices among multiple,occasional users or the introduction to a personal or other organizations owned device in the case of a contractor.RoleDescriptionKey Executi

14、veDue to the high visibility of this user,they are susceptible to targeted attacks and planned device compromise.Of highest value may be email and contact data stored on the device for the launch of further spear-phishing attacks and blackmail efforts.ManagerHandling employee personnel data and subs

15、tantial amounts of product Intellectual Property,managers should be viewed in a similar light to compliance-centric workers.Compliance-subject WorkerWorking in operations areas such as HR and Finance,these users are regularly in possession of data subject to security controls dictated and enforced b

16、y various compliance requirements.General Knowledge WorkerDue to the nature of their work,general knowledge workers like to have access to basic PIM functionality on their devices.Field WorkerSimilar to general knowledge workers,field employees may store data on devices when they are out of cellular

17、 network range.These users may require additional security controls as a result.Contractor/Occasional UserContractors and other trusted non-employees have access to company data but are not subject to the same controls and policies due to their third-party status.While requiring data to perform thei

18、r jobs,these users present a management challenge.Table 1 Mobile Roles DefinitionENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAPERPage 4It is also possible for a user to be a member of multiple groups.For example,many key executives also function in a manager role and many managersor e

19、ven general knowledge workers,because of their industrymay be compliance-subject,in the cases of multiple group membership,an employees device security posture should default to the most stringent level of controls.The table below is intended to serve as a catalyst towardand not a substitute forpoli

20、cy generation.Detailed profiles of the various user groups inside of any organization will likely bear resemblance to many of the groups outlined here but also differ in many ways and require more granular,less binary policy decisions.The granularity in decisions around device policy should also be

21、driven by any relevant compliance standards that are likely to be far more prescriptive(with associated penalties for lack of compliance to the letter of the specification)in their demands.RoleKey ExecutiveManagerCompliance-subject WorkerGeneral Knowledge WorkerField WorkerContactor/Occasional UserP

22、olicy CoverageRequiredNice-to-haveNot RequiredDevice EncryptionMulti-factor AuthenticationLocal Storage AccessData Filtering(DLP)Complex PasswordsAttachment AccessNon-cellular Radio UseConnection EncryptionTable 2 Mobile Roles and PosturesENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAP

23、ERPage 5Mobile Platforms RatingsThe analysis of the mobile security experts reveals that todays mobile platforms widely differ in terms of security and manageability capabilities.As a group,modern mobile platforms provide substantially better security than traditional desktop operating systems when

24、it comes to built-in security mechanisms,authentication,and data protection;even though they are vulnerable to attacks that dont affect desktop PCs.Application security,device management,and corporate email support are somehow sufficient although they still have room for improvement.The feature sets

25、 that IT managers should give high consideration to include:security certifications,device firewall,and support for virtualization,which are largely still missing.ENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAPERPage 6Figure 1 Ratings by Category14.0012.0010.008.006.004.002.000.00Andro

26、idWindows PhoneApple iOSBlackBerry OSBuilt-in securityAuthenticationData protectionDevice protectionApplication securityDevice wipeMobile device managementCorporate managed emailSupport for ActiveSyncDevice firewallSecurity certifications VirtualizationBLACKBERRY OS.When it comes to individual platf

27、orms,the experts analysis clearly points out that some operating systems are more mature than others.BlackBerry OS scores very highly across the board,clearly separated from the group of the three emerging consumer mobile platforms.Corporate-grade security and manageability make this platform the op

28、tion of choice for the most stringent mobile roles.APPLE iOS.Now at its fifth iteration,the leading challenger is Apple iOS.Apples proprietary approach has become more enterprise-friendly:the strict control exerted by Apple on the overall ecosystemfrom hardware to operating system to applicationsmak

29、es this platform more secure and manageable in the consumer mobile segment.However,in contrast to RIMs fully integrated approach,the back-end components required to secure and manage Apple mobile devices are not provided directly by Apple but by a multitude of third-party vendors usually positioned

30、in the Mobile Device Management segment.When complemented by third-party infrastructure,Apple iOS security and manageability are already good enough to be considered for mobility roles requiring device encryption and policy control.ANDROID.Despite its impressive market performance,Android security a

31、nd manageability are the lowest in the segment.The Google Android operating system is at its fourth commercial iteration and has recently seen some important security additions,such as device encryption support,however good Mobile Device Management APIs and a reliable control of the overall operatin

32、g system versioning and application ecosystem are still conspicuous by their absence.The system is widely exposed to malware and data loss,and the platform fragmentation resulting from the rich OEM ecosystem has proved quite challenging for enterprise adoption.IT managers should definitely consider

33、adding Android to their set of flexible policies but should probably limit its use to the least sensitive mobile roles.WINDOWS PHONE.Although last to enter this segment,Microsoft Windows Phone performs quite well across the board especially considering that version 7.5 has only been out for less tha

34、n 18 months.The system is too new to show a reasonable track record for enterprise adoption,and corporate policies should take this reality into consideration when considering Windows Phone devices for mobile roles other than for general knowledge workers.ENTERPRISE READINESS OF CONSUMER MOBILE PLAT

35、FORMS I WHITE PAPERPage 7ENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAPERPage 8Figure 2 Ratings by Mobile Platform40.0035.0030.0025.0020.0015.0010.005.000.00BlackberryOSAppleiOSWindowsPhoneAndroidVirtualizationDevice firewallSecurity certificationsSupport for ActiveSyncCorporate manag

36、ed emailMobile device managementDevice wipeApplication securityDevice protectionData protectionAuthenticationBuilt-in securityBlackBerry OSWith the advent of Research In Motions BlackBerry OS 7.0 the Canadian smartphone makers devices get a facelift and a handful of novel features such as touchscree

37、ns and Near Field Communication(NFC.)All of these additions are in hopes of resuscitating the handset makers products among users who are increasingly providing and,in some cases,provisioning their own devices.BlackBerry devices,along with their back-end management through the BlackBerry Enterprise

38、Server(BES)have been viewed by many as the bellwether for device security,with many endorsements and approvals of past versions of the OS bearing out that reputation.Many of the recent features added to the BlackBerry smartphone,and its associated OS,have been aimed at growing consumer appeal as it

39、illustrates a large portion of RIMs customer growth both in North America and beyond.A new OS is expected later this year,though it is unknown whether the features set of the upcoming BlackBerry 10 will center more on consumer or enterprise-centric features.Many of the features of the BlackBerry 7 O

40、S are updates on existing capabilities we have seen in previous iterations of the OS.This is good in that RIM is building on a solid foundation for security,however,given the change in OS versioning,it requires a resubmission and testing for features like Federal Information Protection Standards(FIP

41、S)140-2 classification,which had not been completed at the time of analysis but has since been completed.The strength in BlackBerry lies in the granular controlvia IT policiesthat are present on the BES itself.Devices associated with a corporate BES score quite well across security characteristics b

42、ut it is critical to note than many features and protections that are commonly enabled or enforceable via the BES are not present on devices that are user provisioned via the BlackBerry Internet Services(BIS),which is a means for users to sync email,contacts,and calendars with Active Sync-enabled se

43、rvers or personal,POP and IMAP mail servers.In fact,some of the strongest features,which restrict high risk activities that users may undertake,such as removal of password protection for the device,obfuscation of device encryption,and standard levels of complexity for device passwords may be rendere

44、d inactive if a users devices is not provisioned via the BES.For this reason,in scoring the BlackBerry OS,many categories were shown to score in middling territory as their true use and enforcement relies on a complex,back-end infrastructure that not all organizations may have in place or want to ma

45、intain.Research In Motion is at a turning point,both as a company and from a product standpoint.New leadership has re-confirmed that new devices based on the firms upcoming BlackBerry 10 platforma complete redesign of the device softwareshould be expected in the latter half of 2012.Along with this,t

46、he future of the devices connectivity is expected as well,and it is not yet known for sure how BlackBerry devices will be managed in the next iteration of server and device software.BlackBerry 7 OS is likely the last version of“legacy”device OS well see coming out of Waterloo.Its a known quantity fo

47、r enterprise device managers,though likely one that will be short-lived as new,BlackBerry 10-based devices are pushed into the market later this year.ENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAPERPage 9ENTERPRISE READINESS OF CONSUMER MOBILE PLATFORMS I WHITE PAPERPage 10Figure 3 Bl

48、ackBerry OS Ratings5.004.003.002.001.000.00Device firewallDevice wipeAuthenticationData protectionMobile device managementDevice protectionCorporate managed emailBuilt-in securitySecurity certificationsApplication securityVirtualizationSupport for ActiveSyncApple iOSWith the wild success Apple has h

49、ad with the iOS platformboth for the iPhone and the iPadmost individuals would incorrectly attribute the success to either first-mover advantage or the wildly successful App Store that has over 500,000 applications in its catalogue.This is not the true reason why Apple has been so successful with th

50、e iOS platform.The true reason for the success can be attributed to an incredibly focused vision on one thing:the user experience.Even here though,people will think of the user experience in terms of the physical attributes of the hardware(which cannot be underestimated)or the fluidity of the operat