Image via CrunchBase
Nokia sales of the Lumia are doing quite well. Last week the company posted solid fourth quarter numbers, reporting that it sold 4.4 million units of the Lumia line, up from the 2.9 million that traded in the third quarter.
Not surprisingly Nokia is trying to build on this success, by emphasizing its security bona fides. It's not a bad approach, in general. Security fears, especially where BYOD is concerned, is always good copy. Also, Microsoft, which Nokia joined forces, has been heavily marketing Windows Phone 8's security features.
But can Nokia top RIM, which for all its problems, still is seen as the mobile device of choice for companies that want to make sure their employee communications are secure? Just to cite one example of RIM's security creds, the BlackBerry Balance feature will allow users to keep two sets of information on the same device—personal and business—with the same level of security.
Nokia is makes a good case in its post, " Nokia Lumia: The secure business smartphone."
Its argument is the same one Microsoft makes-- the Windows Phone 8 is a very secure device.
Security features on Windows Phone 8 include secure boot, which ensures the phone only runs authentic software and passwords with the ability to pre-define the number of failed password attempts. There’s also hardware accelerated encryption for all your data and the operating system itself and encryption for network traffic such as with Exchange Server and SharePoint.
And:
The Internet Explorer 10 browser and all other apps run in their own isolated chambers. This chamber mode means that the apps, like the browser, don’t have access to other applications or to camera, location or microphone, for example, without the user’s permission.
Good points, all, but again, are they enough to dislodge the perception that the safest phone is a Blackberry? Especially with upcoming launch of BlackBerry 10, which RIM has thrown its all into?
For that I turn to Lamar Bailey, director of security research and development for nCircle. Take it away Lamar:
Secure boot and authenticating the software on the device are good features but neither are new to the industry. Hardware accelerated encryption is the biggest security feature, but for hardware encryption to be effective it has to be implemented correctly. Apple learned this the hard way when their hardware encryption was broken in iOS 4. Based on the info in this blog post, we don’t know enough about the Lumia’s hardware encryption implementation to make a definitive statement about it one way or the other. Either way they certainly aren’t the first handset vendor to offer this functionality.
Bailey also notes that while Internet Explorer 10 browser is nice, it doesn’t really solve the secure browsing problem – "Secure browsing is not a problem handset vendors are going to solve."
I don't mean to disparage Nokia or its claims. Even Bailey says that real security isn't a feature specific to any handset. Rather, it comes from choosing the right management solution and setting up and enforcing good mobile security policies.
Bailey, though, did offer a great idea on how to improve mobile security no matter which handset is being used.
To really make a ground-breaking shift in mobile app security someone should open an app store that requires apps to run through a suite of security checks including code audits, fuzz testing and vulnerability assessments. That would change the game with mobile app security.
Are you listening Nokia and RIM?
