包含高危險和極危急等級的 App 占比,iOS 的 40% 比 Android 來的更高(圖片來源/BGR)
[
Android or iOS is one of the biggest decisions you'll make for your company, especially regarding security. Here are the latest security updates from both ecosystems.
[size=14.9999px]By [size=14.9999px]Conner Forrest[size=14.9999px] | July 11, 2016 -- 11:02 GMT (04:02 PDT)[size=14.9999px] | Topic: [size=14.9999px]Securing Your Mobile EnterpriseMajor players in the mobile market have been making leaps and bounds over the past few years in order to position themselves as enterprise-ready. But, no matter how many updates the user experience gets, or what cool new features are added, security remains the ultimate battleground for enterprise mobility.
Nowhere is this seen more clearly than in the two leading mobile ecosystems -- Apple's iOS and Google's Android. Both are fresh from their annual developer events, bringing new approaches to security along with a host of new features.
SEE: Mobile device computing policy template (Tech Pro Research)
Let's examine both companies' mobile OS strategies, their recent announcements regarding security, and how they are approaching the enterprise. Is there a clear winner?
The landscapeAccording to Gartner analyst Dionisio Zumerle, mobile security is in a "relatively good place today." The biggest reason, he said, is that mobile platforms were built from the ground up, with the existing knowledge of the previous few decades of personal computing. Security mechanisms such as app sandboxing, app store distribution, and user permissions are getting stronger.
Still, cyberattackers are getting more sophisticated as well. Zumerle cited the Stagefright vulnerability and xCodeGhost as key examples. However, both Apple and Google have recognized this shift and are taking steps to mitigate the additional risk, said John Pironti, president of IP Architects, LLC.
ADVERTISING
[color=rgb(170, 170, 170) !important][color=rgb(121, 187, 233) !important]inRead invented by Teads
"They are actively working against motivated and capable adversaries who are attempting to identify and exploit vulnerabilities in their mobile offerings. Both Google and Apple now are accelerating efforts to enhance security, including the integration of third-party offerings and enforced use of leading security practices."
Both parties are addressing security, but their approaches are different.
The biggest mobile security news of the past year concerned the iPhone and Apple's approach to security. When Apple refused to unlock an iPhone 5C for the FBI, the conversation around its encryption practices moved center stage.
Apple's iOS devices are known for their strong security, partly because Apple controls the entire device ecosystem -- hardware, firmware, and software. It also relies on strong encryption practices throughout the platform. In response to the FBI requests to unlock an iPhone, Apple reportedly strengthened its encryption around iCloud and hardware to make it even harder to hack.
"Apple is working hard to ensure it can demonstrate that it's constantly trying to improve security to its global constituency while it's under scrutiny by the US and other Governments to provide methods to circumvent their capabilities," Pironti said.
Recently, at Apple's 2016 WWDC event, the company announced that it would require the use of its App Transport Security (ATS) feature in all apps by January 1, 2017. This would essentially force all app traffic to run through encrypted HTTPS connections from now on.
While these are welcome updates, Zumerle said he would like to see "greater manageability for enterprises." As an example, he said, this could include "more granular controls for iOS managed apps, as well as the possibility to block copy/paste on an enterprise email account on the native email client."
AndroidIn realizing Android's business potential, Google has also made a plethora of changes to its mobile OS recently to beef up its security. For starters, Zumerle said, Google has worked hard to rid its app stores of harmful apps.
The improved hardware-backed security functionality, which leverages ARM's TrustZone, is one of the most important security-related Android updates. Now, said Zumerle "enterprises will increasingly be able to perform device attestation, device integrity checks, device binding, and other delicate operations with increased assurance."
Google also recently announced automatic security updates for Android, which makes it quicker and easier to patch applications. Android N will also be getting a new update system, similar to Chrome OS, where apps will be patched in the background. Changes have also been made to its app permissions model, making it more granular.
"An app that asks for a specific permission at the point when it needs that permission to perform a user-invoked action is more likely to be trusted by the user. Also, the user may by that time have been using the app for a while, and might have started to trust it," Zumerle said.
Of course, Samsung also opened up its Knox security system to be used by Google on Android devices as well. But Knox was found to be suffering from a host of security problems, itself, in early 2016.
As Pironti notes, Android will always be limited in its capabilities because of a lack of control of its potential integrations. That, and the additional issue of fragmentation, can make it difficult for users to access the newest updates.
Fragmentation is far more of a problem for Android than it is for iOS, which is totally under Apple's control.
Image: StatistaSEE: BYOD (Bring Your Own Device) Policy Template (TechRepublic)
The winnerSo, the big question is: who takes the gold? While Android has made significant progress, iOS remains more prevalent in the enterprise, Zumerle said, with the consistency of experience being a major factor.
"The majority of enterprises still feel it is easier for them to secure their enterprise data on the iOS platform," Zumerle said.
That may be the case now, but it could change over the next year or two, depending on the trajectory of the two companies' mobile strategies.The real winners in all this are the users, who will continue to benefit from enhanced security as Apple and Google seek to stay ahead of continuing threats.
如果你想選擇一個放心的系統來維護企業的移動應用程序的安全,那麼iOS可能是最安全的,因為蘋果的徹底的應用程序審查過程,會阻止大多數惡意應用程序。但如果你對開源的快速更新能力有信心,相信在開源的系統中漏洞可以被快速的修復,那Google Android就是最好的選擇。
但是 Android 在安全保護方面會一直受限,因為其對潛在的整合缺少控制權。而且安卓系統的破碎性也讓用戶更難獲得最新的系統更新。
總的來說,目前雖然 Android 在安全保護方面有很大的進步,但 iOS 還是更受企業用戶的喜歡,體驗的一致性也是原因之一。至於10年、20年後,誰才是贏家,這就取決於蘋果和谷歌的移動戰略了。但是最終只要蘋果和谷歌不斷完善保護機制,用戶才會是真正的贏家。
獻給每一位讀者,為了你設備的安全,你可以也應該這麼去做。
如果你有iPhone或iPad:如果你非常關注安全問題,你也不想一直擔心這個問題,還是購買iPhone或iPad吧。蘋果公司的iOS相比Android (特別是舊版本的安卓系統)具有與生俱來的安全性。
有新一代的Nexus 手機或平板電腦:如果相比iOS你更喜歡安卓,那就購買 Nexus 設備吧。它比其它任何安卓產品都能得到更快的更新,現在還包括日常的漏洞修補。三星雖然也承諾了相關服務,但細節仍然不清楚。
安裝一個安全軟件吧,由于大多數設備都無法得到及時的更新,為你的手機裝一個安全軟件吧。雖然安全軟件不能做太多,其效果也比不上“沙盒”。
安全底線:移動安全形勢正愈發嚴峻。首先,手機還是沒有電腦那麼容易受到攻擊;其刺激,安卓設備終有一天會趕上在安全領域深耕多年的蘋果,不過目前還沒有。因此,從整体安全上來說,蘋果產品依然是最好的選擇。
原文作者:Sean Captain
原文鏈接:
https://www.yahoo.com/tech
歡迎光臨 伊莉討論區 (http://1.eyny.com/) | Powered by Discuz! |