MobieIron's Rege describes three bands of management requirements that IT should be thinking about.
The first set of requirements is around configuration and protection of lost or compromised devices. That typically requires password enforcement, encryption enforcement, remote lock and wipe, remote email configuration, certificates for identity, remote connectivity configuration (such as for Wi-Fi and VPNs, though he says this configuration capability is not essential if usage is just for email and over cellular networks), and detection of compromised OSes (such as jailbroken, rooted, or malware-infected ones).
"Windows Phone 8 in the first Windows Phone release is targeted at No. 1 to get into the enterprise. That means companies can add it to the approved device list for general usage," he says. But Rege notes remote connectivity and compromise detection are still to be determined in Windows Phone 8 -- they're not there out of the gate.
The second set of requirements is around data loss prevention (DLP), which covers privacy controls (such as for user location), cloud-usage controls (such as for iCloud, SkyDrive, and Google Docs), and email DLP controls (such as the ability to restrict email forwarding and to protect attachments). "More regulated environments may require No. 2, and these policies are still TBD for Windows Phone," Rege notes. By contrast, iOS and Android have supported most of these needs since iOS 4 and Android 3, though a few such as managing email forwards are handled outside the OS by MDM clients such as MobileIron's.
The third set of requirements is around apps, such as their provisioning and data security. Although both Apple and Microsoft have mechanisms to do at least basic app management -- iOS can essentially hide an app so that it's no longer available to a user, and Windows Phone 8 can update corporate apps remotely -- mobile application management (MAM) capabilities are mostly up to the mobile management vendors to deploy, Rege says.
Both Windows Phone 8 and iOS have highly curated app stores; Microsoft is copying the Apple approach that has kept malware off iOS. Android has no such rigorous control, and although Google now spends more effort to analyze apps, the Google Play market is full of malware. The feds recently announced that industrial-class spyware used in advanced persistent threats has now entered the Google Play market.
Also, both Apple and Microsoft provide mechanisms for businesses to deploy their own apps directly to users, so they can deploy and manage corporate apps separately from those users get from the app store. Mobile mangement tools can connect these mechanisms to group policies and content-management controls. Again, Android has no equivalents, making its app security much weaker than in iOS or Windows Phone 8, though its device security has been improved.
A quick way to think of Windows Phone 8's device security is that it's at about the same level of Android smartphones made by Samsung and Motorola Mobility (both of which go beyond the stock Android security capabilities). That means it can be used where you'd support Android -- without the malware risk that Android has in its Google Play app store. If your needs go higher, chances are your options will quickly shrink to iOS and BlackBerry, though the latter's app capabilities are very weak, so it's not suitable for the kind of broad knowedge-worker and field force usage of iOS.
At least Windows Phone 8 is finally in the enterprise game, even if it's not at all a star player.
This article, "How Windows Phone 8 security compares to iOS and Android," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.