By David Goldschlag
Companies want to leverage BYOD to mobilize more of their employees, granting them the freedom to use the device of their choice for work. As a result, Android is increasingly growing to be a key part of the enterprise IT landscape–and that makes CISOs nervous. They are now searching for what may be the final puzzle piece in their BYOD strategy–a single security standard for both Apple and Android devices that helps mitigate the growing fragmentation of Android operating systems.
The introduction of iOS 7 is a huge step forward, but it only solves half of the problem. For enterprise IT, the iPhone and iPad are the new corporate BlackBerry, providing companies with security protection and application freedom that they can rely and standardize on when they choose mobile devices for employees. But BYOD leaves device choice up to the employee, creating a wrinkle in their otherwise cohesive mobility strategy. Industry analysts recently reported that consumers are increasingly choosing Android smartphones with almost three out of five smartphone buyers opting for an Android smartphone over an iPhone or other device. The iPad continues to dominate the tablet market, but that may also change in the future as Android powered tablets continue to gain consumer popularity.
The diversity of Android devices appeals to consumer buyers, but is a source of angst anxiety for IT security experts. OpenSignal, a UK-based mobile company, recently published a survey of almost 700,000 devices and reported approximately 12,000 distinct Android devices using eight different versions of the Google operating system. For many IT organizations charting out their BYOD strategy, this translates into security risks that are tough to monitor and control.
Enterprises need a BYOD solution that uniformly secures iOS and Android devices. Ideally, this approach must provide a security baseline that protects corporate data against leakage and loss in three key ways:
- protects access to apps and data using a passcode;
- isolates enterprise data by preventing data sharing between personal and enterprise apps; and
- lets enterprises wipes corporate data without affecting personal data.
The advent of iOS 7 delivers these things for Apple devices but leaves a huge security hole for Android.
Enterprise IT has an array of solutions and tools to try and fill the Android void; in general, that can be broken down into two camps: old world solutions and new world solutions. Old world solutions were designed before BYOD, whereas new world solutions were (and are being) made in the context of a world filled with mobile apps and with the challenges of securing corporate information on personal devices.
Old world approaches leverage mobile device management (MDM) or a security container. MDM was designed to give IT similar control and security that they long enjoyed with BlackBerry. These solutions manage the whole device using native device support. As a result, they have been commoditized by Apple iOS APIs and are prone to Android fragmentation. They also ignite users’ privacy concerns since they manage the whole device.
Proprietary container solutions are also old world approaches, but they differ from MDM because they logically sector off a portion of the mobile device that is managed and secured by IT. The container vendor provides the apps used within the container—typically email, contacts, calendar and browser. This approach provides strong isolation of enterprise data, but containers are difficult to extend to third party apps. In addition, users must use the container vendor’s user interface, instead of their favored device’s native user experience.
New world mobility gives app choice back to the enterprise and device choice back to employees. The latest generation of mobile security solutions combines Apple’s iOS 7 app management capabilities with app virtualization technology for Android to create a trusted BYOD workspace that supports any mobile app. The marriage of these two approaches provides a uniform way to protect corporate information against leakage and loss by encrypting all data at rest, controlling data sharing between enterprise apps and connecting directly to the enterprise VPN. IT manages the workspace via policy and can wipe the workspace with its apps and data without affecting the personal data on the device.
Unlike old world methods, IT administrators can select any mobile app for workspace use and assign it via policy, without modification, to tailor work-spaces per employee role while providing a true native user experience that preserves the way apps are licensed, distributed and updated. This approach lets enterprise IT fully leverage consumer mobile innovation for business use. Equally importantly, it eliminates the headaches of Android fragmentation and gives IT the confidence that their BYOD deployment will be secure.