MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
TABLE OF CONTENTS 2 Introduction 3 Legacy Operating Systems 4 Android Enterprise Evolution 6 How Honeywell Helps 8 Android Lifecycle Management 9 Conclusion and Recommendations Mobile Operating System Transition White Paper | Table of Contents | www.honeywell.com | 1
INTRODUCTION A shift in the mobile operating system landscape has occurred over the last several years. Microsoft has ended support for Windows® mobile applications and security patches are no longer available, leaving companies no choice but to upgrade to Android. Those that do not upgrade will be exposed to the security risks that are inherent with an unsupported operating system. This paper will elaborate on these points and provide the reader with guidance on recommended solutions. Mobile Operating System Transition White Paper | Introduction | www.honeywell.com | 2
LEGACY OPERATING SYSTEMS 1 Customers currently running applications that require a legacy Microsoft® operating system (Windows CE 6 or Windows Mobile/ Windows Embedded Handheld 6.5) will no longer recieve support for their platform. Mainstream support, which includes regular updates, has ended for both legacy systems. Microsoft extended support (security As support for legacy operating fixes) ended for Windows CE 6 in systems has ended, customers need early 2018 and ended for Windows to make decisions to move forward. Embedded Handheld 6.5 in early Android’s large market presence 2020. Vendors are unable to provide supports a broad variety of OEMs patches should a vulnerability or and hardware form factors, making it error be found in Microsoft code. more likely that a device is available to For this and other reasons, many meet the customer’s use case and cost customers are transitioning to new requirements, including devices that applications running under Android™. offer integrated physical keypads. Mobile Operating System Transition White Paper | Legacy Operating Systems | www.honeywell.com | 3
ANDROID ENTERPRISE EVOLUTION 2 Prior to 4.0 Ice Cream Sandwich, Android offered little in the way of enterprise features. The consumer-focused operating system was augmented by OEM extensions and third- party software to allow it to be controlled and managed in the enterprise environment. Enterprise features gradually began Added features include bulk As its market share has grown, Android appearing in the 4.2 Jelly Bean and 4.4 provisioning to speed device setup, has become a target for exploits and KitKat releases, culminating with the Device Owner (Android Enterprise) malware attacks. Google has responded introduction of Android for Work in 5.0 mode to allow fully managed devices by increasing the protections to prevent Lollipop. Android for Work provided at the corporate level, always-on VPN the introduction of Potentially Harmful an extended set of management APIs and encryption enabled by default to Apps (PHAs), as well as implement and a container system for separating protect personal and corporate data. defenses inside the OS that limit the and independently managing ability of the system to be compromised Popular mobile operating systems such personal and work apps and data. should a PHA be installed. A few of as Android enable companies to access these protections are discussed below. Google® has continued investing heavily a large ecosystem of applications, in enterprise capabilities in each of its development tools and resources, but Detailed information is available in last several versions, renaming Android also involve security risks that must be Google’s Android Security 2018 Year for Work to Android Enterprise. addressed and mitigated. Google has in Review report located here: steadily evolved its approach to security. https://source.android.com/ security/reports/Google_Android_ Security_2018_Report_Final.pdf Mobile Operating System Transition White Paper | Android Enterprise Evolution | www.honeywell.com | 4
A COMPARISON OF SECURITY CONTROLS FOR MOBILE DEVICES S mode (1803) Windows 10 in 2 (Android 8) 3 (Android 9) Google Pixel Google Pixel Google Pixel Windows 10 Surface Pro (Android 7) Chrome OS iOS 12.1.3 Android 6 Android 7 Android 8 Android 9 Microsoft Samsung Samsung Samsung Knox 2.6 Knox 2.9 Knox 3.2 iOS 11.2 (1709) WHAT WAS COMPARED? OS OS OS Platform OS Device Platform OS Device OS Device Platform OS OS OS Device BUILT-IN SECURITY Access Control by Default 2 2 2 2 2 2 2 2 2 2 2 2 3 2 2 2 Authentication Security 3 3 2 2 2 2 2 2 2 3 3 3 2 2 2 2 Device Encryption on by Default 3 3 2 3 2 3 3 2 3 3 3 3 3 2 3 3 File-Level Encryption 3 3 1 1 3 3 3 3 3 3 3 3 3 3 3 3 App Isolation 3 3 3 3 3 3 3 3 3 3 3 3 3 2 3 2 OS Updates 3 3 1 2 2 3 2 2 3 2 3 2 3 3 3 3 Security Updates 3 3 2 2 2 3 3 3 3 3 3 3 3 3 3 3 App Updates 1 1 3 3 3 3 3 3 3 3 3 3 3 2 3 2 App Privileges 3 3 3 3 3 3 3 3 3 3 3 3 3 1 3 1 Runtime App Permissions 3 3 2 2 2 2 3 3 3 3 3 3 3 2 3 2 Platform Integrity Protection 2 3 2 3 2 2 3 3 3 3 3 3 3 3 3 3 Root of Trust 3 3 1 3 2 3 3 3 3 3 3 3 3 3 3 3 Exploit Mitigation 2 3 2 3 2 2 3 2 2 3 3 3 3 3 3 3 Network Security 1 1 1 1 2 2 3 3 3 3 3 3 3 3 3 3 Network Encryption 2 2 1 1 2 2 2 2 2 2 2 2 2 1 2 1 Built-in Anti-Malware 2 2 3 3 3 3 3 3 3 3 3 Secure Browsing 3 3 3 3 3 3 3 3 3 3 3 CORPORATE-MANAGED SECURITY Authentication Methods 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 Authentication Policy Management 2 2 2 3 2 2 3 3 3 3 3 3 3 3 3 3 Encryption Management 3 3 2 3 3 3 3 3 3 3 3 3 3 2 2 2 Device/Corporate Wipe 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 Workplace Isolation 2 2 2 3 2 2 3 3 3 3 3 3 3 3 3 3 Secure Key Store 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 Jailbreak/Root Protection 2 3 2 3 2 2 3 3 3 3 3 3 3 NA 3 NA App Vetting 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 Enterprise App Store 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 App Monitoring and Control 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 Secure Remote Access 2 2 2 3 2 2 3 2 2 2 2 3 2 3 3 3 Policy Management 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 Remote Health Attestation 1 1 1 3 2 2 3 3 3 3 3 3 3 3 3 3 Source: Gartner (January 2019) 1 = WEAK 2 = AVERAGE 3 = STRONG HIGHLIGHTS • Windows lags in runtime protection • Android security updates for isolation and segmentation. come faster than firmware. • Android 9 is stronger in most areas • Android uses encryption by of corporate-managed security. default and Windows does not. Mobile Operating System Transition White Paper | Android Enterprise Evolution | www.honeywell.com | 5
HOW HONEYWELL HELPS 3 Honeywell is strongly committed to cybersecurity. Our global businesses include aerospace and process solutions that demand a very high degree of security in all aspects of operations. A corporate-level cybersecurity task force Enterprise Launcher. These tools control sets and maintains security policies and user access to system resources and standards, including test procedures can restrict the system to execute only used during product development designated apps. Removing the user’s that specifically identify software ability to install or run unauthorized apps issues that could make systems more makes the system far less vulnerable to vulnerable to exploits. This approach security exploits caused by user actions. eliminates potential vulnerabilities Honeywell offers tools that enable before products are even released. customers to establish application white The cybersecurity team monitors lists or black lists, control availability multiple information sources to learn of a wide range of device features Honeywell is committed to providing of potential system security issues as and control which IP addresses are the best available security and lifecycle early as possible, and has implemented accessible through the firewall. on its mobile computing platform. To an escalation protocol that mobilizes receive the best available security on Another important aspect of security Android devices, the only way is to run resources company-wide on a priority is maintaining an updated system. the latest Android version. To keep basis to address these issues. Researchers are constantly discovering up with the ever-changing security Once an Android vulnerability is revealed and responsibly reporting vulnerabilities landscape, Google adds security and a corrective action posted by in the Android code base that could features to new Android version releases. Google, Honeywell’s Android security potentially be subject to malicious Honeywell provides unmatched experts implement the fix and deliver exploits. Google even offers a bounty security and lifecycle by guaranteeing it to customers. Direct distribution of program to encourage researchers and delivering more Android version patches and updates enables Honeywell to find and report potential issues. compatibility and provides flexibility to reduce response time compared to so that you can upgrade at your own Google and chipset providers such as OEMs who must go through secondary pace. For customers not yet ready Qualcomm® provide security patches to channels to deliver their updates. to upgrade OS versions, Honeywell OEMs on a regular basis for incorporation Many enterprise customers choose to into their software builds. Honeywell offers security patching services. restrict end-users further by “locking updates its Android system images down” the device through the use of on a regular 60-day cadence, with an Enterprise Mobility Management patches for extremely critical exploits. (EMM) agent or app such as Honeywell Mobile Operating System Transition White Paper | How Honeywell Helps | www.honeywell.com | 6
HONEYWELL OS VERSION AVAILABILITY ANDROID VERSIONS 6/M 7/N 8/O 9/P 10/Q 11/R 12/S 13/T CT40 WWAN CT40 WLAN CT40 XP WWAN CT40 XP WLAN CT60 WWAN CT60 WLAN CT60 XP WWAN CT60 XP WLAN As with our leadership on Android 11(R), Honeywell is committed to continuing efforts towards feasibility of Android 12 and 13 compatibility. ZEBRA DEVICE OS VERSION AVAILABILITY ANDROID VERSIONS 6/M 7/N 8/O 9/P 10/Q 11/R 12/S 13/T TC51 TC52 TC52x TC56 TC57 TC57x TC70x TC72 TC75x TC77 Source: https://www.zebra.com/ap/en/support-downloads.html KEY Available or Guaranteed Best Security and Features Committed Planned and/or Subject to Change or Restriction Mobile Operating System Transition White Paper | How Honeywell Helps | www.honeywell.com | 7
ANDROID LIFECYCLE MANAGEMENT 4 Customers deploying mobile computer solutions in the rugged enterprise environment expect a longer usage cycle than consumers. Where smartphones in consumer use cases generally turn over in 2–3 years, enterprises are expecting their systems to last 3–5 years or longer. Historically, embedded operating For those not ready to upgrade their most recent patch. In other words, systems used in rugged mobile devices to the latest Android version, patches are cumulative. Specific computers had a lifecycle corresponding Honeywell offers the Sentinel™ security patches cannot be applied individually. to enterprise use cases. Windows CE patch program. Sentinel provides security SECURITY PATCHES ARE TESTED and Windows Embedded Handheld patches for Android versions up to FOLLOWING Honeywell standard test were supported by Microsoft for 10 eight years old. Again, maintaining the procedures applicable to all software years after initial introduction. latest Android version is the security releases. It remains the responsibility best practice rather than resorting Different from Windows, Android of the customer to test any software to security patch backporting. provides an incremental approach. updates received from Honeywell Each Android version is built upon the TIMING OF DELIVERY TO CUSTOMERS to their satisfaction prior to rolling last, adding new features to the newest IS QUARTERLY, or less if no severe out an update to their estate. Android version. The only way to receive patches applicable to the supported CUSTOMERS RECEIVE THESE the best available security, including all operating system version are BENEFITS under the terms of a new security features, is through the reported. Applicable patches will service contract, either standalone latest Android version, not through a generally be delivered within 90 days or incorporated into another type of patch. While patches are provided for of public disclosure with exceptions service agreement. Customers without a prior Android versions, it is important possible for imminent threats. contract will not receive security patches to know that patches for prior versions CUSTOMERS UTILIZING THIS SERVICE after Google security patch support ends. do not contain all the security features ARE EXPECTED to apply all previously included in the latest Android version. released patches in order to apply the Mobile Operating System Transition White Paper | Android Lifecycle Management | www.honeywell.com | 8
CONCLUSION AND RECOMMENDATIONS Android is a secure operating system, utilizing application isolation and exploit mitigation techniques to provide a high level of security to the user. The key security point is to maintain the latest OS version and choose devices with the longest lifecycle possible. Backporting is not the security best practice and should be avoided. Honeywell’s products are designed from MOBILITY EDGE software once, and then deploy across the start to meet Honeywell’s rigorous One way businesses can simplify the multiple devices in multiple form security standards. Security is evaluated migration process is by selecting devices factors, more rapidly and at a lower cost throughout the development process, that are built on a unified mobile platform, than typical mobile deployments. identifying and mitigating vulnerabilities like Honeywell’s Mobility Edge™. Devices Businesses wishing to extend product even before products are released. built on this common hardware and lifecycle and gain a better return on software platform are easier and less costly Education of customers and constant their technology investment will be to deploy and manage and have longer monitoring of security vulnerabilities assured by the fact that Mobility Edge lifecycles with a history and guarantee and exploits, with defined processes for platform devices can be upgraded of providing the most forward Android addressing those issues that are discovered, through at least Android 11 with a version compatibility than other devices. further protect our customers’ systems commitment to continuing efforts from compromise. A subscription-based Mobility Edge devices feature a common towards feasibility of Android 12 and notification model enables customers hardware System On Module, or SOM, 13 compatibility. Honeywell also to take immediate action to mitigate which is a single, certified module that provides critical security updates for risk while software is being patched and includes the device’s CPU, memory, Android versions up to eight years old. tested. Customers can be assured that their WWAN (in selected devices), WLAN, systems are designed and supported to the Bluetooth® and near-field communication HONEYWELL MARKETPLACE highest standards and they can operate (NFC). They also feature a common OS For businesses needing help with their their businesses with confidence knowing software image and a common software Android transition strategy, the Honeywell Honeywell is working to help them ecosystem, which includes not only Marketplace offers a helpful resource. maintain the security of these systems. Honeywell software, but also software Honeywell Marketplace is an enterprise from Honeywell-approved independent app store that provides businesses with With its large market share and extensive software vendors (ISVs). direct access to software and solutions ecosystem of apps, developers and developed by Honeywell and third- VARs, Android has become the clear Having a common SOM and OS software party independent software vendors. choice for many enterprises in a variety image provides flexibility and reduces Companies can search for solutions by of industries. Transitioning to Android costs for businesses to deploy additional industry, by solution type (developer involves writing new apps, adapting device form factors because there are tools, ERP, etc.) or by technology workflows and changing the mobile no added development or certification (mobile computer, wearables, etc.) and devices workers use. This can be a costs. Companies can validate all find a diverse set of applications to costly and complicated endeavor. their mobile devices, use cases and help ease their mobile transitions. Mobile Operating System Transition White Paper | Conclusion | www.honeywell.com | 9
For more information www.honeywellaidc.com Mobility Edge and Sentinel are trademarks or registered trademarks Honeywell Safety and of Honeywell International Inc. Android is a trademark or registered Productivity Solutions trademark of Google LLC. Bluetooth is a trademark or registered trademark of Bluetooth SG, Inc. Microsoft and Windows are 300 S Tryon St Suite 500 trademarks or registered trademarks of Microsoft Corporation. All Charlotte, NC 28202 other trademarks are the property of their respective owners. 800-582-4263 Mobile Operating System Transition White Paper | Rev C | 08/20 www.honeywell.com © 2020 Honeywell International Inc.
You can also read