Apple's walled-garden approach to iPhones and iPads -- along with significant enterprise enhancements to its operating system, especially in the latest version iOS 7 -- has been a security nirvana for CIOs. In contrast, Android's open-source environment has been viewed as a breeding ground for malware and risky apps.
However, signs now point to a changing of the guard. Samsung, for instance, has become the dominant Android player -- more than 60 percent of the market, according to Localytics -- and has gone on an enterprise offensive with security offerings such as Knox, a containerization technology for Samsung's high-end devices.
"Many modern Android handsets expose access to a trusted execution engine based on the ARM processor's TrustZone capabilities and this allows app developers to have access to security hardware that is very powerful. Apple may have similar hardware but does not give developers access to it." --Nicko van Someren,Good Technology.
"It is neck-and-neck between Samsung Knox and Apple iOS 7," says CEO Pankaj Gupta at Amtel, a provider of cloud-based mobile device management services. He adds that Samsung has taken "security up a notch, supporting many types of secure access via VPN, dual persona and containerization."
The idea that Android could get on par and perhaps even overtake Apple in the enterprise security space would have been outrageous only a year ago. In the fast-moving world of mobility, though, anything can happen.
Samsung Emerges as Leader of the Android Pack
The emergence of Samsung as Android leader helps defray some of the concerns over multiple Android flavors, and Android's natural openness gives developers access to the OS and a deeper security level than Apple currently allows.
When Samsung unveiled Knox earlier this year, it became a serious mobile security player in the eyes of many CIOs and put Samsung ahead of Apple in the courtship of enterprises. After all, containerization appears to be the way mobile security is heading; Apple later built containerization into iOS 7.
While Knox will work only on a few high-end Samsung devices such as the Galaxy S4 and Note 3, the technology eventually should make its way into future Samsung devices, Gupta says. "The ecosystem can benefit more by having the innovations trickle down into the standard Android platform."
[Related: How CIOs Can Navigate Treacherous BYOD Waters]
By having access to the Android OS, developers can build security extensions, such as Knox, at the application layer. At its core, Knox is a secure container for work apps to reside on a device separate from personal apps. In contrast, another extension is AppConnect from mobile device management (MDM) vendor MobileIron, a technology for wrapping individual apps and data in a kind of security blanket.
At the application level, Android developers can add security features, such as disabling screen capture and copy-paste controls on a per app basis. That's not the case with Apple, which doesn't give developers this capability, probably because it interferes with usability.
"The more fragmented Android handset space is less consistent in terms of hardware capabilities, but many modern handsets expose access to a trusted execution engine based on the ARM processor's TrustZone capabilities and this allows app developers to have access to security hardware that is very powerful," says Nicko van Someren at Good Technology. "Apple may have similar hardware but does not give developers access to it."
CIOs Learn to COPE With Mobile Devices
Two mobile market trends play in Samsung's favor.
First, Samsung's dominance in the Android market means that CIOs can invest in Knox and support a good chunk of their Android devices rather than only a handful. Second, a new mobile model called company-owned-personally-enabled devices (COPE) threatens to derail BYOD movement, and so companies can issue Knox-enabled devices while still keeping employees happy with a popular consumer choice.
While this bodes well for Samsung and Android in the long run, Knox still has a ways to go. Knox supports only a handful of apps on Google's Play Store. Not all carriers support Knox. And you'll need a Knox-supported mobile management server from an MDM vendor, such as MobileIron or AirWatch. There's also an annual activation fee.
Then there's the fact that it's not widely available yet. While Knox was announced nine months ago, " the truth is it doesn't fully exist," reports Infoworld.
Apple Fights Back With iOS 7
Apple hasn't exactly been standing idly by, either. Apple's newly introduced iOS 7 is full of enterprise security features no doubt meant to counter Samsung's professed love for the enterprise, says Andrew Borg, research director at Aberdeen Group.
[Related: In Wake of BlackBerry's Demise, CIOs Look to Samsung, Apple and Microsoft]
For starters, iOS 7 provides single sign-on, which allows user credentials to be used across enterprise apps for data protection, and "open in" management. Each enterprise app can be configured to automatically connect to a specific VPN upon launching, Gupta says.
Apple is also expected to release a critical "supervised device" service for auto enrollment in MDM and configuration with corporate settings and policies.
Gupta is quick to point out that both Apple and Android have certified FIPS 140-2 compliance, making them both eligible for secure enterprises. Van Someren agrees that Apple and Samsung are both fairly secure.
So who's more secure in the enterprise? It depends on what threats concern you, van Someren says. But one thing is clear: Samsung has helped shake the reputation of insecure platform that had weighed heavily on Android in the enterprise.
Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at email@example.com
Read more about byod in CIO's BYOD Drilldown.