Every week, it seems, we seem to hear of another breach at a retailer or other provider. This week, it was the U.S. Postal Service's turn to get its data center hacked, exposing personal data of 800,000 employees. Data centers aren't alone in being vulnerable: The state of California's annual breach report showed that lost or stolen unencrypted computers and USB thumb drives remain the biggest security threat outside of hacked data centers. The national breach database run by the Privacy Rights Clearinghouse shows the same pattern.
But rarely do you see smartphones and tablets in these reports. Why? Because they're more secure than computers and data centers. That fact must be galling for the IT security pros fretting over the alleged perils of mobile devices while the PCs and data centers they manage leak like sieves. (IT shops have been told for years to encrypt PCs, yet few do.)
But it's true: Mobile devices are safer than PCs and servers.
Let's be clear: Nothing is fully secure. Last week, we learned of Masque Attack, an iOS attack approach that takes advantage of Apple's feature that lets enterprises install their own apps rather than use the vetted App Store. If a hacker uses the same bundle ID for his malware as used by an iOS app, the pretender can be installed over the legitimate app and go undetected by mobile management tools. (It's ironic that to escape the grip of the App Store, enterprise inadvertently enabled this attack vector.)
Apple says it has no reports of actual attacks using this technique and notes that iOS will warn users if they try to override an existing app through Masque Attack.
Still, the clear reality is that mobile devices are more secure than PCs and servers, because — outside of Android — they are less open. For example, we hear of a handful of security threats in iOS each year versus a handful every week in Windows.
BlackBerry phones have the strongest security, but they're not able to act as replacement computers as an iPad can. After BlackBerry, the highest security comes from Apple's iOS.
If you're concerned about endpoint security, you should replace as many PCs as you can with iPads and iPhones. Depending on how Android Lolliop's Android at Work security turns out, maybe you'll be able to add Android devices to the secure mix.
Using an iPad as a computer replacement is more realistic than ever, thanks to Apple's iWork suite and Microsoft's Office suite for iOS — especially now that Microsoft's good iPad Office apps also run on iPhones.
Of course, a computer can tackle many tasks a tablet or smartphone can't — taking advantage of a big screen for complex documents and work processes is an obvious one. But using a computer also carries much a higher risk.
For employees who need to run PC-only apps and/or require more screen real estate and input flexibility than a tablet provides, the PC may be the sole viable choice as their primary computing platform. For those who don't, make the move to mobile.