Which Tablet Offers The Most Secure BYOD Experience?

Which Tablet Offers The Most Secure BYOD Experience?

If your workplace is going to support a bring-your-own-device (BYOD) approach for tablets, security will be a vital consideration. An analysis of security options for tablets by Context Information Security suggests that the BlackBerry PlayBook offers a more secure environment than the Apple’s iPad or 2 Samsung’s Android-based Galaxy Tab, but all three platforms have security challenges.

Picture by Kevork Djansezian/Getty Images

There’s no single best solution to introducing a BYOD policy for tablets (or any other device). Businesses need to weigh a variety of criteria when choosing which devices to support, and existing software systems and security policies will often play a major part. Despite the popularity of tablets, they’re rarely used for more than email, and that needs to be considered as well.

Context’s analysis didn’t include Windows 8 tablets, which haven’t yet gone on sale but which will become increasingly visible following the official October 26 launch of Windows 8 (they will be included in an updated version of the research, Context said). Microsoft is hoping that the ability to offer the full managed Windows experience on tablets and hybrid tablet/notebook devices will help it retain market share.

That said, Microsoft’s existing software plays a key role in Context’s analysis. All three platforms support integration via Exchange ActiveSync with existing corporate email and business information systems, and all offer options for encryption and remote wiping. The devil is in the details.

The iPad, for instance, is routinely ‘jailbroken’ after each new iOS software update, which makes it much more difficult to enforce security policies, Context noted. Both the PlayBook and iPad default to using plain text for backups, though this option can be switched. Samsung’s device doesn’t have a locked bootloader, and it is possible for potentially sensitive information to be stored on an unencrypted SD card. The report was fairly scathing in its analysis of Android:

The Galaxy Tab was shown to suffer from some serious security failings that make it difficult to recommend as a tool for enterprise use. As well as the documented security problems, a lack of enterprise-level management tools beyond ActiveSync means that it is difficult to manage more than a small number of these devices effectively.

The rapid rate of change in the tablet market is another problem. Context’s analysis covered an iPad 2 running iOS 5.0.1, a Galaxy Tab running Android 3.2 and a PlayBook running Tablet OS 2.0.1. There are newer versions of all three OSes on the market.

For managing large numbers of devices, the PlayBook has far more granular options available and makes it easier to separate work and personal data, a point BlackBerry developer Research In Motion has understbeen keen to stress. Despite that, uptake for the PlayBook has been soft, and RIM is relying on next year’s BlackBerry 10 update to make it more appealing to consumers (rather than IT managers).

We haven’t yet seen a major corporate scandal emerge regarding the loss of data from a tablet device. That might be the trigger that pushes more companies into enforcing stricter policies and makes tablet manufacturers more serious about offering options in that department. As report author Jonathan Roach noted in announcing the analysis: “Context’s research suggests that most tablet manufacturers still have a way to go before their products can deliver the high levels of security required for use in most corporate enterprises”

Evolve is a weekly column at Lifehacker looking at trends and technologies IT workers need to know about to stay employed and improve their careers.


  • One of the many problems with BYOD (besides that it isn’t ready) is that most of the tablets that are available now don’t have much in the way of security expect for wiping the devices remotely. That doesn’t help when you have to connect them to a network.

    Microsoft (when released) will be able to provide greater security due to it being designed for businesses. Being able to connect to the Windows network correctly, connect to the AD and policies brings more security than what Apple and Google can provide. The tablets that are available today are designed for home users only and not business. (most of the article did cover most of these issues)

    • Thats not correct. Android and apple all offer PIN locking, device or file system encryption and password complexity policies out of the box.

      One tablets and people’s devices start acting like windows PC people are just going to stop using them and go back to their laptops because it’s easier.

      Business doesn’t understand that. BYOD users don’t understand that. Once it happens and the company has outsourced it’s it to you its too late. Suddenly you realize you’ve lost all the ease of use and flexability you used to have when you were free to have company data on your device without all the stupid restrictions. Want your old company device back so you can’t can print documents to your home printer. Sorry we no longer offer that option.

  • Both the iPad and Android Tablets can be successfully managed by multiple different 3rd party MDM tools. Most of them are more canted towards iOS than Android at the moment but they are still fairly accomplished.

    We are using MobileIron in our Enterprise Deployment – for both Company-owned (iOS only) and BYO (mixture) devices – a solution that I have been responsible for implementing and then managing for the last 12 months.

    It has numerous security improvements over the standard Exchange Active Sync Policy – including:

    – The ability to set minimum Firmware/OS level
    – Accepted Hardware (in the case of iOS I’ve configured it to not allow anything below a 3Gs so as to ensure the clients have on-device hardware encryption.)
    – Jailbreak/Root-kit detection (it can prevent the initial connection of a compromised device and quarantine anything that’s questionable thereafter).
    – The ability to enforce encrypted backups and whatever password standards you choose.

    And that’s just the start…

    Saying that a Tablet isn’t suitable for Enterprise without considering the 3rd party management solutions available is like saying that a PC is not fit for enterprise because it doesn’t have built-in virus/malware protection.

    Any product is only as good as it’s implementation and in enterprise that almost always means multiple hardware/software solutions working together.

Show more comments

Log in to comment on this story!