September 1, 2020

Managing mobile patches and updates with E-FOTA adds security

Joel Snyder

Most IT managers take a pretty authoritarian view on patches and updates for their desktop and laptop computers. Systems get patched when IT says they should be patched, how IT says they should be patched, and everything has to be kept up-to-date … or else.

This approach increases security by ensuring that systems are protected from the latest threats, but it also increases reliability: By synchronizing application and operating system updates, IT can make sure business-critical applications are fully tested in the target desktop environment.

So why don’t IT managers apply this same approach to enterprise mobile devices?

The answer is, they can, they should and many do. All the major mobile phone platforms no longer require physical connection to a desktop device for software updates. Instead, software updates and security patches have moved to an Over-the-Air (OTA) model. This means that devices can download updates using Wi-Fi or, if data quotas are not a problem, even cellular networks. In the world of OTA updates, this detethering of mobile devices suddenly gives IT managers a lot of opportunities for managing and controlling the update process, because when a device can download updates at any time, everything gets a whole lot simpler.


What is FOTA?

When updating Android platforms, developers and system vendors use the acronym FOTA for “Firmware Over the Air,” to make it clear they’re talking about updating not just applications, but the underlying operating system of the smartphone, tablet or any other Android device.


How to build an effective incident response plan

In the U.S., most Android phones get their updates through the carriers’ networks, with versions and timing determined by the carriers. However, IT managers can take control of the update process. Samsung, for example, calls this “E-FOTA,” for “Enterprise FOTA,” indicating that the control shifts from the carrier to the enterprise.


How E-FOTA gives IT greater control over updates

Because FOTA mostly happens in the background, the IT manager has the option to control exactly what updates are pushed, when they are pushed and how users are prompted to reboot their devices to make use of the patched or upgraded operating system. FOTA has the same security infrastructure as the rest of Android — all updates have to be properly signed to let the user device check that it is receiving only authentic and verified updates.

FOTA moves smartphone patching and updating from the users, who used to drag their phones to a desktop and plug it into a USB port, to an OTA process controlled by carriers and enterprise IT departments. With tools such as Samsung E-FOTA, the IT manager uses a cloud-based console to take control of the entire patching process. This improves security and reliability of mobile devices to match expectations of desktop devices: synchronized updates managed in such a way that applications and operating systems all mesh together.

There are a few advantages of enterprise IT taking control of firmware updates for mobile devices:

  • Users don’t have to take any specific action
  • Software versions can be synchronized across groups of users
  • Update testing and approval are managed and predictable rather than chaotic and reactive
  • Updates can be done on a schedule — out of working hours if appropriate, or immediately if an urgent need comes up

IT leaders will find that these make up an exact reflection of the benefits they saw in managing updates on desktop devices.

IT managers who want to make sure that mobile devices — now as mission critical as laptops and desktops in many organizations — are secure and reliable should consider taking control of FOTA as a first step in building a solid mobile computing base.

Keeping devices and their data truly secure requires comprehensive lifecycle device management. Samsung combines device security, deployment and management in Knox Suite, which includes Knox Platform for EnterpriseKnox Mobile EnrollmentKnox Manage, and Knox E-FOTA in a single license with one sign-on.

Learn more about
Samsung E-FOTA One and take better control of your managed devices.