Sponsored by
Brought to you by Nokia phones.
Sponsored by
Brought to you by Nokia phones.

Android Device Security: Perception vs. Reality

By Phil Hochmuth, Program Director, Enterprise Mobility, IDC

Mobility has always challenged enterprise IT and security, dating back to the first days when sparingly-deployed Wi-Fi and USB drives were the main concerns. When the smartphone came on the market, IT professionals, already skittish about increased mobility and portability of end-user technology, went to red-alert levels of concern.

Today, security is still the top challenge cited by enterprise IT professionals with regards to mobility, according to IDC research. Nearly 40% of those surveyed say security is the top challenge to mobility in general, ahead of issues such as the mobile technology integration complexity, management challenges and costs. There’s good reason for concern—businesses now put their most sensitive corporate assets, data, and resources at the fingertip swipe of mobile devices. More than 70% of businesses have deployed at least two mission-critical applications on mobile devices.

There’s a lot at stake for businesses to get mobile security right. Regulatory/compliance challenges are the most frequently encountered issues they face with regards to running a mobile-enabled business. While compliance requirements vary widely by industry, the key factor with most regulations around IT usage is security of data — from PCI-DSS in retail, to HIPAA in healthcare, to the more broad-reaching GDPR in Europe (which affects any business that touches the EU in some form).

Despite the high stakes, however, many businesses take the path of least resistance—or at least the most recent known-good outcome—when it comes to mobile security. They place a somewhat blind trust in the belief that a mobile platform used in the past, without incident, will predict future success in terms of data and IT operational security outcomes. As such, according to IDC’s mobility study, among US businesses that deploy corporate smartphones, Apple iOS is the predominant brand of devices that businesses provide employees. This is also reflected in device shipments — among the 11.8 million business smartphones shipped in the U.S. in 2016, 57% were iOS vs. 41% Android.  Many businesses take this approach with the perception they are making a “safer” choice.

While perception and instinct may influence some business technology choices, data and facts ultimately drive many more decisions. According to IDC data, there is no correlation between device OS type and higher frequencies of mobile security incidents. Among the top four data-related breach incidents enterprises said they experienced in 2016, the numbers do not shift significantly when analyzing subsets of companies employing different mobile operating systems. Businesses do not see less security incidents by using one mobile OS over another because of perceived security benefits or overall “safeness.” According to IDC data, respondents from both “Android-majority” and “iOS-majority” businesses each experienced mobile data loss incidents and other security incidents at roughly the same rate.

And the data and facts on Android security line up much more in favor than against.
Beyond dispelling myths about security or “safer” mobile OSes, what IDC survey data also show is that many businesses are thriving — from a productivity and end-user satisfaction perspective — with majority-Android device deployments. Among businesses where Android devices reign, 50% of IT teams said their mobile deployment efforts met their users’ expectations, and 47% said they exceeded expectations.

For an in-depth look at the facts supporting the Android platform’s security strengths vs. market perceptions, we invite you to download the IDC whitepaper, “Android Means Business – Mobile Security at Enterprise Scale,” sponsored by Google.

This blog is part of a series covering the three key pillars of technology consideration for an enterprise mobile operating system. Starting with an overview of the Android mobile operating system, the series dives into mobile security, solution breadth and platform flexibility and availability, and management/administration functionality in the context of modern mobile workers’ attitudes around control, privacy, and ease-of-use.