Embracing Android in the Enterprise
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
........................................ EMBRACING ANDROID™ IN THE ENTERPRISE WHITE PAPER: Embracing Android™ in the Enterprise Who should read this paper This white paper is intended for CIOs, CISOs, VPs or Directors of IT Operations, Directors or Managers of Mobile Strategy, Mobile Architects, and Mobile Program Managers. This paper provides an overview of the challenges related to managing Android devices, gives snapshots of how organizations are handling Android in their businesses today, and provides a brief review of the different options available that enable organizations to confidently embrace Android in the enterprise.
Embracing Android™ in the Enterprise Content Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 The challenges of being an enterprise pioneer in the “Wild West” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Enterprise responses to Android . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Meeting the Android challenge: a brief review of enterprise options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Embracing Android™ in the Enterprise Introduction Prolif Proliferation eration of Android devices is no longer jus justt a consumer phenomenon Today, mobile devices and apps play a growing role in business. Yet the speed of mobile device and app adoption may be even greater than many enterprises realize. Perhaps more than any other technology, mobile devices and apps have swept into the enterprise at a rapid rate. According to IDC’s “Mobile World Congress 2014: The Enterprise Mobility Perspective,” “Enterprise mobility has so far been mostly characterized by consumerization. Smartphones, apps, mobile broadband, personal cloud storage, and social media have combined to transform consumers' everyday lives. Consumers have taken these benefits into their working lives too, and enterprises' IT departments have 1 been working to handle the impact on their organizations in areas such as data security, legal liability, and telecommunications costs.” And this movement is global. Recognizing that employees may be most productive on devices of their choice, bring your own device (BYOD) is expanding worldwide. In regions or industries where BYOD is growing at a slower pace due to privacy concerns, regulatory and compliance issues, and cultural differences, organizations are seeking to offer their employees device choice or a “choose your own device” (CYOD) model. As an open source platform, Android devices are available at a number of price points, offering attractively inexpensive options for both consumer users and cost-conscious enterprises issuing corporate-owned devices. Android dominates the consumer market with 78.4 percent global market share in 2013, an increase of 68 percent over the previous 2 year. The enterprise market is a different story. iOS appears to be the preferred mobile platform, especially for corporate-owned 3 devices. However, Android is gaining traction in the enterprise market. In the coming years, analysts anticipate the growth of two trends with enormous consequences for enterprise IT security: greater acceptance of BYOD in countries outside of North America, and greater Android market penetration in North America and beyond. According to IDC, as many as 58 percent of all Android devices shipped in North America will be for business purposes; in the Asia-Pacific region, that number is 4 expected to be 45 percent. Business acceptance of Android as a low-cost option for corporate-owned devices will grow, particularly in regions or industries experiencing economic downturns, but the greater reluctance to embrace BYOD outside of North America may dampen overall Android adoption figures. Worldwide, both trends are projected to expand. According to its recent paper, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” IDC expects the share of Android phones to increase from approximately 20 percent of the corporate-liable shipment share in 2013 to more than 50 percent in 2017. But at the same time, employee-liable shipments as a share of the total are anticipated to grow from 5 18.5 percent to 25.7 percent over the same period. In this employee-liable segment share, Android dominates: It held close to 60 percent of the market in 2012, and is projected to total 6 approximately 75 percent by the end of 2017. For enterprises, the message is clear: As a greater share of smartphone use is employee liable—in other words, BYOD—Android will have a greater significance for enterprise IT. 1- IDC, “Mobile World Congress 2014: The Enterprise Mobility Perspective,” Doc #LM55W, March 2014 2- Gartner, “Market Share: Mobile Phones by Region and Country 4Q13 and 2013,” Doc #2665415, February 2014 3- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013 4- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013 5- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013 6- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013 1
Embracing Android™ in the Enterprise The challenges of being an enterprise pioneer in the “Wild West” The increasing significance of Android for the enterprise becomes more apparent every day. On the plus side, Android's open source platform offers vendor and handset choices that can lead to significant cost savings, which is appealing to both enterprises and end users. Unfortunately, Android has a "Wild West" reputation that can inhibit adoption. The promise of expanded, affordable productivity can be compromised by a number of challenges, including platform fragmentation, multiple app marketplaces, and a growing threat landscape. Platform fragmentation: For starters, each platform upgrade means the simultaneous existence of multiple OS versions. According to 7 OpenSignal, a survey of 682,000 Android devices exposed 11,868 distinct versions, up from 3,997 seen the previous year. While iOS is tamed by Apple's unique control, Android's open platform—which has been a boon to consumers and device manufacturers—has also proven to be a bane to enterprises. Instead of just facing a handful of image variations, IT must secure many dozens of Android images that vary by brand and even carrier. Because of this open model, getting timely patches for all devices can be challenging. For enterprise IT, staying current means pursuing upgrades from a long chain of big companies that do not necessarily have a vested interest in promoting free software updates. From their perspective, why sustain customers on older devices for a longer period of time when there are new models to sell? As a consequence, there is a broad base of users holding older versions of Android. These users cannot take advantage of new features that Google introduces (unless they purchase a new device), and they are left vulnerable to malware and data theft as a result of bugs and vulnerabilities in the code. As an example, consider the recent Heartbleed outbreak. Multiple app marketplaces: Every iOS app must be delivered from a single app marketplace, the Apple® App Store. Apple vets the apps before they become available, which provides a certain level of reliability. But the large number of official app stores and "gray" stores, plus the end user's ability to "sideload" Android apps, adds an unwelcome layer of unpredictability to the Android app marketplace. While Google has an automated system designed to scan apps in its Google Play™ store, many other Android app marketplaces may not vet the apps. Simply put, enterprises have no way of knowing where and how their end users are getting their apps. Growing threat landscape: Between 2012 and 2013, the mobile space was exposed to a 712 percent increase in Android malware. In its "Internet Security Threat Report: 2014," Symantec™ researchers found that each malware family had 57 variants in 2013, up from 38 in 2012. Android alone was hit with 3,262 mobile malware variants. Also worth noting is that mobile malware seemed almost exclusively 8 focused on Android in 2013. Even "legitimate" apps offer no guarantee of security; the proliferation of grayware means that consumers frequently use otherwise legitimate apps that can overstep their bounds, collecting device data—some of it sensitive—without enterprise permission or user awareness. While no enterprise has yet reported a major IT breach via a mobile device or app, app vulnerability represents a security threat that will inevitably compromise data on end users' devices—and open new pathways to targeted attacks on enterprises. 7- OpenSignal, “Android Fragmentation Visualized,” July 2013, http://opensignal.com/reports/fragmentation-2013/ 8- Symantec, “Internet Security Threat Report: 2014,” April 2014 2
Embracing Android™ in the Enterprise Enterprise responses to Android As dramatic as the growth statistics may be, the real Android story is being told and lived on the ground among enterprises weighing their mobility options. While all Android adopters face similar challenges, their management responses vary by region, industry, and the unique demands of individual enterprises. Following are snapshots of real enterprise engagements with Android, including their ambitions, their frustrations, and their efforts to find a responsible balance of productivity and security. Flexibilit Flexibilityy in Asia P Pacific acific:: Hong K Kong ong insurer expands its reach saf safely ely Customers will not wait—that is the lesson on the top of mind of a Hong Kong insurance provider weighing its mobility options. To meet its sales agents’ need for speed and flexibility, the insurer decided not to limit its device choices, but to “sandbox” confidential data by wrapping its underwriting apps with security protection. By wrapping its apps rather than restricting devices, the insurer is able to implement security controls at the app level, allowing the company to embrace Android while working around the challenges imposed by the underlying OS and the device management APIs that it may or may not support. Emer Emerging ging EMEA trend: turn Android’s openness to the enterprise enterprise’s ’s adv advantage antage In Europe, Android typically enjoys a greater market penetration than in North America, with 50–60 percent shares far above what iOS or 9 Microsoft® currently enjoys. The key driver? Cost. Due to the greater reluctance of the region to adopt BYOD, organizations are providing Android devices to their employees. Countries that have been especially affected by the economic downturn, such as Spain and Italy, have found inexpensive Android options, like those from Vodafone, very attractive. But cost is not the only consideration. A few large system integrators with significant government contracts have turned Android’s openness to their advantage, developing unique versions of the operating system that give them greater security control. Others, like a European firm with an international sales force in the thousands, have begun developing their own apps to control sensitive data. In both cases, there is a perceived need to shift protection from the device level to the application level, where protection can be applied regardless of user behavior. To secure data within apps and to direct traffic to and through protected gateways, enterprises are beginning to see app wrapping as a forward-looking supplement to the mobile device management (MDM) controls they have already applied. North American success sstor tory: y: healthcare provider expands ph physician ysician access through wrapped app appss In California, a major statewide provider of healthcare has committed to iOS as the mobile platform acceptable for its employee base of caregivers and staff. But the same provider also works with a large number of affiliated physicians who prefer to use a variety of Android devices. The provider chose a pathway that maintains the network’s current security policy while safely accommodating affiliate physicians. By wrapping the network’s email and patient data applications and making them available through the Symantec App Center, affiliates can use any mobile device they prefer while the healthcare network sustains its established IT posture, and maintains consistent security and confidentiality policies. Unique indus industr tryy challenges: retailer sstill till shopping ffor or op options tions In North America, a large retailer has adopted a hybrid approach to mobile platforms for its headquarter employees: a strict iOS-only policy on corporate-owned devices, and an openness to mixed platforms on employee-owned devices as long as the devices have been loaded with 9- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013 3
Embracing Android™ in the Enterprise approved MDM and mobile application management (MAM) controls. The company chose to standardize corporate-issued devices on iOS because “with Apple, there’s more consistency.” For the BYOD environment, rooted Android devices are prohibited. Android represents less than 20 percent of the retailer’s BYOD environment. The retailer believes this is largely because many of its users are familiar and comfortable with Apple devices. There are fewer people who know about Android; those who do may perceive Android to be less user friendly, as they’re not aware of the improvements Google has made with the operating system. Like other enterprises, the retailer finds the fragmentation of Android’s open platform difficult to manage, and is concerned about potential malware infections from the “Wild West” of app stores and sideloads. Mas Mastering tering man manyy vintages: a winer wineryy adds Android to its mobile mix For a large winery in California, ambivalence about Android comes down to something simple. “We are not a technology company,” its mobility manager says. “We don’t want to invest in a lot of platforms.” When the winery looks at Android, it sees the open source model as a driver of fragmentation. “Every new device has a new OS,” the manager observes. Android’s device variation imposes a high learning curve on the winery’s IT department. “When people call in a ticket,” the manager says, “they expect IT to be an expert.” As a result, the winery’s mobility “blend” is dominated by iOS with a touch of BlackBerry and only a hint of Android. But given Android’s popularity among executives, the winery needs to accommodate Android users and has done so by restricting the options. “We ask that all new Android devices be Samsung devices,” says the manager. By applying MDM and installing a mobile threat protection app, the winery is able to manage the mix of device options favored by its employees. The manager added that solutions which can make IT organizations worry less about what the underlying operating systems does or does not support would make Android more palatable. Meeting the Android challenge: a brief review of enterprise options In a fluid environment, enterprises expect sound choices, and IT wants to respond with flexible options. The following list summarizes the enterprise/Android landscape from the most to the least restrictive. 1) Prohibit or limit Android use In enterprises dominated by corporate-liable devices, and in markets where iOS commands the consumer market, it is still possible to impose restrictions on Android adoption. But this path commits the enterprise to a more expensive mobile choice, and limits end user flexibility. To circumvent the complexities caused by fragmentation, some enterprises purchase or accept Android from a small subset of OEMs and/or service providers. By embracing a limited number of images, IT is better able to assert some control over device assets. 2) Supplement Android with MDM Perhaps the most widely accepted option among enterprises that have adopted Android devices, the addition of MDM gives the enterprise some basic protections, including the enforcement of device PINs and passwords, remote device locking/wiping, on-device data encryption, and root detection. While MDM offers a baseline of security, it does not protect data should the device be hacked or accessed via malware or stolen identifiers, and relying only on MDM throughout the enterprise means that IT may have to accommodate a burdensome variety of devices. 4
Embracing Android™ in the Enterprise 3) Add threat pro protection tection Even devices with MDM remain vulnerable to malware, privacy risks, and other threats. Supplementing MDM with threat protection not only guards against apps that overstep their bounds, but also prevents inoculated devices from becoming backdoors that can be used to penetrate enterprise systems. Effective threat protection provides inoculation against mobile malware and grayware; interception against access to, and communications with, fraudulent websites; defense against apps that collect too much data, remote scanning, and cleansing of devices; and mobile threat reporting to the enterprise. 4) Bring pro protection tection to the app level with MAM Instead of trying to master a plethora of platforms—or impose controls that restrict personal privacy—a growing number of enterprises are turning to MAM solutions that provide policy controls at the app level (vs. the device level). By applying policy controls to individual apps—whether they are developed in house, from external stores, or by third-party sources—IT can secure corporate data without crippling the user experience or infringing upon user privacy. By moving the control point to the app level, IT can worry less about what is or is not included in the underlying operating system. A comprehensive MAM solution provides the ability to apply granular policies on an a per-app basis without developer resources, dynamically update application policies, control the deployment of mobile apps via an enterprise app store, monitor app performance and usage, and remotely wipe apps and data without impacting end users’ personal data and apps. 5
Embracing Android™ in the Enterprise Conclusion It ma mayy be time to welcome Android Until recently, enterprises have largely kept their distance from Android, even as they have embraced mobile devices and apps. But Android’s growing market share, and the worldwide rise of consumerization, have made Android too big and too important to ignore. While fragmentation and the relatively open market for Android apps remain a concern, today’s enterprises have sophisticated security options, including traditional MDM, advanced threat protection, and mobile app management, that make Android less threatening—and a more rewarding mobile option for increasing productivity at lower costs. As demonstrated by the real-world examples presented in this paper, enterprises can and should consider Android as part of their mobile strategies. But many enterprises are not prepared to go it alone. And few IT vendors have the range of expertise, breadth of products, and proven security track records that are necessary for embracing Android with confidence. As a firm that offers a comprehensive solution to the full range of enterprise mobile management and security needs, Symantec is available as trusted partner in the pursuit of mobile productivity and protection. To learn more about how to embrace Android in the enterprise with confidence, visit www.symantec.com/mobility. 6
Embracing Android™ in the Enterprise About Symantec Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments seeking the freedom to unlock the opportunities technology brings—anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company operating one of the largest global data-intelligence networks, has provided leading security, backup, and availability solutions for where vital information is stored, accessed, and shared. The company’s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia. For specific country offices Symantec World Headquarters Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered and contact numbers, please 350 Ellis St. trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be visit our website. Mountain View, CA 94043 USA trademarks of their respective owners. 5/2014 21332808 +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com
You can also read