February 6, 2019

Android security in the enterprise: Fact or fiction?

Joel Snyder

Information Technology may be a fast-moving field, but reputation and rumors can live on long past their “sell by” date, and may never match up with reality. In the world of mobile devices, it took nearly five years for Android to really start firing on all cylinders when it came to enterprise-class security. IT managers are now coming around to understanding that they can trust mobile devices based on Android to be as secure as — if not more secure than — their Windows desktops and laptops.

Couple strong security with high speed multi-core CPU architectures, plenty of RAM and ample storage, and suddenly smartphones are becoming a credible replacement to laptops for mobile users (and sometimes even desktop workers). If you ask end users to choose between their smartphone and their laptop, guess what would get the boot? Yes, laptops are still extremely useful, but there’s one thing that everyone picks up in the morning and keeps with them all day — and sometimes even all night: their smartphone.

 

How did we get here?

Even if you know most of this history already, your CIO may not, so it’s worth taking a brief detour to see how we got here.


When Android first hit the streets, no one knew exactly where it would go, but it was quickly embraced by technology tinkerers and enthusiasts as an alternative to options from BlackBerry, Apple and Microsoft. The free and open-source OS option encouraged hardware vendors to explode on the market with new products to take advantage of this mobile-optimized operating system.

Enterprise IT administrators were slower to jump on the bandwagon. Knowing that Google couldn’t guarantee a path forward, even after purchasing Motorola, Android made few enterprise inroads. And, like all infant platforms, Android suffered from malware and other security problems, and so gained a problematic reputation.

Samsung, in a major “why not” moment, dove in to solving Android’s security concerns in an enterprise context with SAFE (Samsung for Enterprise), now known as Knox. Samsung pushed forward a broad-based program that eventually included hardware redesign, firmware changes, operating system and VPN security additions, as well as APIs to help the Mobile Device Management (MDM) marketplace build products to manage Android smartphones.

Fortunately, in addition to bringing considerable security expertise to the task, Samsung also embraced the open source spirit of Android along the way. That means that the security innovations out of Samsung’s Knox teams were constantly being fed back to Google and became widely available to all Android users.

Security-Enhanced Linux is a good example: first pushed into Linux by the US National Security Agency (NSA) in 2000, they were adopted into mainstream Linux in 2003. Samsung, in collaboration with the NSA, activated the mandatory access controls within SE for Android in 2012, with Google’s Android team going along with full adoption in Android 5 in 2014.

 

Android continues to strengthen

With years of accumulated development from security-conscious developers and companies like Samsung, Android users now have an enterprise-class security program surrounding their preferred smartphone, and for MDM vendors, who can deliver management of a wide variety of security features using a single API that works across multiple vendors.

The Android community continues to innovate in the field of enterprise mobile security. Developers and contributors are taking feedback from enterprise IT managers and deploying new security into Android to solve their needs.

For IT managers, the benefits are strong. Android security meets enterprise requirements and hardware manufacturers offer a broad spectrum of options — not just smartphones, but tablets, wearables, embedded devices and more. With Google’s Android Enterprise and Android Enterprise Recommended, as well as a surrounding MDM infrastructure, Android is now at a level where it’s a credible and secure platform for enterprise IT deployment.

The end result is that IT managers have a solid and manageable platform that can meet many needs. Obviously, smartphone users make up the largest fraction of Android users. With a combination of baked-in security (both hardware and software) and enterprise manageability through MDM tools, Android can be a base to widely deploy secure applications to mobile users — applications that used to be firmly glued to Windows desktops inside the corporate LAN.

In addition, the Android hardware and software base create new opportunities for embedded devices and applications that used to require specialized hardware and software. For example, rugged Android tablets in kiosk mode can be used for specialized factory floor or sales floor applications at a fraction of the cost of previous hardware/software platforms — with an even higher level of security features and management.

Android hardware and software isn’t always the answer to all questions. But for IT managers, the serious security infrastructure that has grown around the Android operating system creates an alternative platform that can simplify application deployment, reduce development and operations costs, and speed their ability to deliver mobile solutions for enterprise users.

Learn all the different ways Samsung Knox can support your enterprise’s security efforts.