BlackBerry has been my organization's smartphone of choice for years, simply due to its security features, but users are growing increasingly frustrated with not having more sophisticated smartphones. We're intrigued with Microsoft's new line of Windows 8 smartphones, as they seem to balance users' desires for a more modern smartphone with the organization's need for familiar devices with security. Could you delve into some of the security features on Windows Phone 8? Is securing a Windows Phone as easy as securing any other Windows 8 device, like a laptop, or does it require special precautions?
Ask a Question
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email at email@example.com.
BlackBerry's dominance of the enterprise smartphone market was built on security. Over the last few years though, enterprises like yours have been forced to open up their networks to other smartphones because of pressure from employees. The rise in bring your own device (BYOD) has seen BlackBerry's market share tumble, but enterprises are still concerned about the security of other smartphones, such as Android devices, and the risks they introduce to the enterprise network.
With the launch of the Windows Phone 8 (WP8) operating system (OS), enterprises finally have the option of a smartphone that more easily integrates with existing infrastructures. WP8 shares its kernel with the Windows 8 PC operating system -- not the aging Windows Mobile platform -- so users and administrators alike have both a unified user interface and familiar applications across all devices: smartphones, PCs and Microsoft Surface tablets.
WP8 uses the same built-in SkyDrive cloud service as Windows 8, so users can edit a document on their WP8 phone and pick up where they left off on their PC when they get back to the office. Collaboration is easier, too, due to SharePoint integration. The Windows Phone Store has vetted 120,000 apps, and there is the option to create a private marketplace to distribute apps to employees.
In terms of Windows Phone 8 security, the Windows 8 OS features new and improved security controls, and many analysts see this as Microsoft's most secure OS yet. There are improvements to Address Space Layout Randomization (ASLR) and the SmartScreen Filter technology, which first appeared in Internet Explorer. It has been integrated into Windows 8 as Windows SmartScreen to offer the same level of protection throughout the OS. WP8 also includes the Unified Extensible Firmware Interface (UEFI) Secure Boot feature, making it resistant to low-level malware like rootkits.
Updates to the phone can be delivered over the air, eliminating the need to plug the phone into a PC; there's also support for remote device management similar to the management of Windows PCs. Organizations should be aware that there is no VPN support in WP8 though, which may be a show stopper for some enterprises. Microsoft feels that secure connections from mobile devices are better served by SSL, which is easier to use and more practical in many situations.
Once an enterprise moves away from BlackBerry, it will have to rely on third-party mobile device management (MDM) and mobile application management (MAM) for data security, which is an added cost. WP8, iOS and Android all offer encryption and device wipe, for example, but AirWatch offers the additional security of a selective wipe, an enterprise-wide wipe and a full-device wipe.
You will need to build a business case for making the change to WP8. Don't forget to assess the initial drop in productivity and increased support calls as users become familiar with the new user interface, but the ability to leverage existing Microsoft-based skills and the phone's unparalleled support for Microsoft Office should offset these costs in the longer term.
This was first published in February 2013