Security Shootout: PlayBook, iPad, Android

By now, CIOs everywhere have felt at least a little pressure to bring new-fangled tablets to the enterprise: Apple iPads, BlackBerry PlayBooks, even Android machines. But many claim security on tablets remains woefully immature--or is it?

BoxTone, a mobile device management vendor, says security concerns over iPads and PlayBooks can be a bugaboo. And because there are so many flavors of the Android OS, those tablets in particular lack critical enterprise security features.

The debate over tablet security, especially on the iPad, rages on even within the same industry. Earlier this year, Sharon Finney, corporate data security officer at Adventist Health System (AHS), a not-for-profit Protestant healthcare provider with 44 hospitals across 10 states, described to her "sandbox" network approach for dealing with iPad's security shortcomings.

Late last year, CIO Dick Escue of RehabCare, which operates 35 acute care hospitals and rehab facilities, and outsources therapists around the country, told that iPad security was ready for primetime. "There's this myth IT people perpetuate that these Apple devices can't work in the enterprise," he says.

BoxTone, which has deployed 75,000 smartphones and tablets in the enterprise, sees tablets gaining ground in the enterprise in three main markets: healthcare, retail and field services. Sixteen months ago tablets weren't something BoxTone really dealt with, "but by the end of this year they'll account for half of our business," says Brian Reed, vice president of products at BoxTone.

So what about the security of the three major tablet platforms? BoxTone breaks down each:

BlackBerry PlayBook: Security Stalwart

Many of BoxTone's new deals will have the PlayBook as the centerpiece, says Reed. BoxTone's installed customer base consists mainly of BlackBerry shops eyeing the PlayBook as a natural extension in their environment.

BoxTone ranks the PlayBook as the most secure, enterprise-ready tablet on the market today. The PlayBook attaches itself to the enterprise through the BlackBerry, thus instantly inherit all of BlackBerry's legendary security and control.

BlackBerry has more than 400 settable policies, whereas iPhone has 250. IT organizations are able to manage BlackBerries and PlayBooks (and, unlike the iPad, the apps that run on them) using RIM's BlackBerry Enterprise Server.

Apple iPad: Pros and Cons

In terms of security, the iPad isn't far behind the PlayBook, says Reed. BoxTone contends that the iPad is enterprise-ready because it covers security's essentials.

"If you really distill down a device's enterprise readiness, it's about protecting against loss," says Dan Dearing, group director of mobile security strategies at BoxTone. "This means three things: Can the device be encrypted? Does the device have a passcode on it that's settable via policy such that you can restrict access? Can you wipe the device in the event that it gets lost?"

Over the years, Apple has delivered APIs (especially in iOS 4) to protect against device loss, including enforcement of passwords, network access restriction, and the ability to disable certain features such as the camera. Apple has also built in encryption on the hardware side.

The iPad, however, lags the PlayBook in native app management features. Simply put, IT can't control or manage every single app on the iPad without help from third-party software. "In the land of the iPad, you cannot block or remotely delete apps that are installed by the user from the App Store," Reed says.

Even worse, new research from Forrester warns that many commercial iOS apps are a security risk for companies. These apps might not tap into the native iOS management and security capabilities. Or maybe they're intentionally leaking data for marketing and advertising reasons, Forrester says.

Android Tablets: Too Early

BoxTone believes the PlayBook and iPad are ready for the enterprise, at least from a security standpoint. Not true with Android tablets.

The Android market of devices has sprouted a wild garden of sorts. Multiple handset vendors implement the Android OS in various ways, many using Android 2.2, which doesn't support encryption.

On the Android tablet front, only 2 percent of devices use the tablet-specific Android 3.0, also called Gingerbread, which does support encryption. Google reportedly plans to merge the Android OSes perhaps by the end of this year, but then this would introduce yet another Android OS version.

"It's very complicated for IT to figure out which Android devices are actually ready for their environment in regards to its ability to protect sensitive data," Reed says.

Like the PlayBook and iPad, Android tablets will eventually mature and pick up enterprise-class features--particularly the ones that protect against device loss. But it will take time, perhaps years, says Reed.

Until then, there are only two tablets on the market today with enterprise-class security, PlayBook and iPad.

Tom Kaneshige covers Apple and Networking for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline and on Facebook. Email Tom at

Join the CSO newsletter!

Error: Please check your email address.

Tags Applesecurityhardware systemstablet PCslaptops

More about AppleBlackBerryetworkFacebookGoogleResearch In Motion

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tom Kaneshige

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts