At the application level, Android developers can add security features, such as disabling screen capture and copy-paste controls on a per app basis. That's not the case with Apple, which doesn't give developers this capability, probably because it interferes with usability.
"The more fragmented Android handset space is less consistent in terms of hardware capabilities, but many modern handsets expose access to a trusted execution engine based on the ARM processor's TrustZone capabilities and this allows app developers to have access to security hardware that is very powerful," says Nicko van Someren at Good Technology. "Apple may have similar hardware but does not give developers access to it."
CIOs Learn to COPE With Mobile Devices
Two mobile market trends play in Samsung's favor.
First, Samsung's dominance in the Android market means that CIOs can invest in Knox and support a good chunk of their Android devices rather than only a handful. Second, a new mobile model called company-owned-personally-enabled devices (COPE) threatens to derail BYOD movement, and so companies can issue Knox-enabled devices while still keeping employees happy with a popular consumer choice.
While this bodes well for Samsung and Android in the long run, Knox still has a ways to go. Knox supports only a handful of apps on Google's Play Store. Not all carriers support Knox. And you'll need a Knox-supported mobile management server from an MDM vendor, such as MobileIron or AirWatch. There's also an annual activation fee.
Then there's the fact that it's not widely available yet. While Knox was announced nine months ago, " the truth is it doesn't fully exist," reports Infoworld.
Apple Fights Back With iOS 7
Apple hasn't exactly been standing idly by, either. Apple's newly introduced iOS 7 is full of enterprise security features no doubt meant to counter Samsung's professed love for the enterprise, says Andrew Borg, research director at Aberdeen Group.
For starters, iOS 7 provides single sign-on, which allows user credentials to be used across enterprise apps for data protection, and "open in" management. Each enterprise app can be configured to automatically connect to a specific VPN upon launching, Gupta says.
Apple is also expected to release a critical "supervised device" service for auto enrollment in MDM and configuration with corporate settings and policies.
Gupta is quick to point out that both Apple and Android have certified FIPS 140-2 compliance, making them both eligible for secure enterprises. Van Someren agrees that Apple and Samsung are both fairly secure.
So who's more secure in the enterprise? It depends on what threats concern you, van Someren says. But one thing is clear: Samsung has helped shake the reputation of insecure platform that had weighed heavily on Android in the enterprise.
Sign up for CIO Asia eNewsletters.