Embracing Android in the Enterprise
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
........................................
EMBRACING ANDROID™ IN THE ENTERPRISE
WHITE PAPER:
Embracing Android™ in the Enterprise
Who should read this paper
This white paper is intended for CIOs, CISOs, VPs or Directors of IT
Operations, Directors or Managers of Mobile Strategy, Mobile Architects,
and Mobile Program Managers. This paper provides an overview of the
challenges related to managing Android devices, gives snapshots of how
organizations are handling Android in their businesses today, and
provides a brief review of the different options available that enable
organizations to confidently embrace Android in the enterprise.Embracing Android™ in the Enterprise Content Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 The challenges of being an enterprise pioneer in the “Wild West” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Enterprise responses to Android . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Meeting the Android challenge: a brief review of enterprise options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Embracing Android™ in the Enterprise
Introduction
Prolif
Proliferation
eration of Android devices is no longer jus
justt a consumer phenomenon
Today, mobile devices and apps play a growing role in business. Yet the speed of mobile device and app adoption may be even greater than
many enterprises realize. Perhaps more than any other technology, mobile devices and apps have swept into the enterprise at a rapid rate.
According to IDC’s “Mobile World Congress 2014: The Enterprise Mobility Perspective,” “Enterprise mobility has so far been mostly
characterized by consumerization. Smartphones, apps, mobile broadband, personal cloud storage, and social media have combined to
transform consumers' everyday lives. Consumers have taken these benefits into their working lives too, and enterprises' IT departments have
1
been working to handle the impact on their organizations in areas such as data security, legal liability, and telecommunications costs.”
And this movement is global. Recognizing that employees may be most productive on devices of their choice, bring your own device (BYOD) is
expanding worldwide. In regions or industries where BYOD is growing at a slower pace due to privacy concerns, regulatory and compliance
issues, and cultural differences, organizations are seeking to offer their employees device choice or a “choose your own device” (CYOD)
model. As an open source platform, Android devices are available at a number of price points, offering attractively inexpensive options for
both consumer users and cost-conscious enterprises issuing corporate-owned devices.
Android dominates the consumer market with 78.4 percent global market share in 2013, an increase of 68 percent over the previous
2
year. The enterprise market is a different story. iOS appears to be the preferred mobile platform, especially for corporate-owned
3
devices. However, Android is gaining traction in the enterprise market.
In the coming years, analysts anticipate the growth of two trends with enormous consequences for enterprise IT security: greater acceptance
of BYOD in countries outside of North America, and greater Android market penetration in North America and beyond. According to IDC, as
many as 58 percent of all Android devices shipped in North America will be for business purposes; in the Asia-Pacific region, that number is
4
expected to be 45 percent. Business acceptance of Android as a low-cost option for corporate-owned devices will grow, particularly in
regions or industries experiencing economic downturns, but the greater reluctance to embrace BYOD outside of North America may dampen
overall Android adoption figures.
Worldwide, both trends are projected to expand. According to its recent paper, “Worldwide Business Use Smartphone 2013-2017 Forecast
and Analysis,” IDC expects the share of Android phones to increase from approximately 20 percent of the corporate-liable shipment share in
2013 to more than 50 percent in 2017. But at the same time, employee-liable shipments as a share of the total are anticipated to grow from
5
18.5 percent to 25.7 percent over the same period.
In this employee-liable segment share, Android dominates: It held close to 60 percent of the market in 2012, and is projected to total
6
approximately 75 percent by the end of 2017. For enterprises, the message is clear: As a greater share of smartphone use is employee
liable—in other words, BYOD—Android will have a greater significance for enterprise IT.
1- IDC, “Mobile World Congress 2014: The Enterprise Mobility Perspective,” Doc #LM55W, March 2014
2- Gartner, “Market Share: Mobile Phones by Region and Country 4Q13 and 2013,” Doc #2665415, February 2014
3- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013
4- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013
5- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013
6- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013
1Embracing Android™ in the Enterprise
The challenges of being an enterprise pioneer in the “Wild West”
The increasing significance of Android for the enterprise becomes more apparent every day. On the plus side, Android's open source platform
offers vendor and handset choices that can lead to significant cost savings, which is appealing to both enterprises and end users.
Unfortunately, Android has a "Wild West" reputation that can inhibit adoption. The promise of expanded, affordable productivity can be
compromised by a number of challenges, including platform fragmentation, multiple app marketplaces, and a growing threat landscape.
Platform fragmentation: For starters, each platform upgrade means the simultaneous existence of multiple OS versions. According to
7
OpenSignal, a survey of 682,000 Android devices exposed 11,868 distinct versions, up from 3,997 seen the previous year. While iOS is
tamed by Apple's unique control, Android's open platform—which has been a boon to consumers and device manufacturers—has also proven
to be a bane to enterprises. Instead of just facing a handful of image variations, IT must secure many dozens of Android images that vary by
brand and even carrier.
Because of this open model, getting timely patches for all devices can be challenging. For enterprise IT, staying current means pursuing
upgrades from a long chain of big companies that do not necessarily have a vested interest in promoting free software updates. From their
perspective, why sustain customers on older devices for a longer period of time when there are new models to sell? As a consequence, there
is a broad base of users holding older versions of Android. These users cannot take advantage of new features that Google introduces (unless
they purchase a new device), and they are left vulnerable to malware and data theft as a result of bugs and vulnerabilities in the code. As an
example, consider the recent Heartbleed outbreak.
Multiple app marketplaces: Every iOS app must be delivered from a single app marketplace, the Apple® App Store. Apple vets the apps
before they become available, which provides a certain level of reliability. But the large number of official app stores and "gray" stores, plus
the end user's ability to "sideload" Android apps, adds an unwelcome layer of unpredictability to the Android app marketplace. While Google
has an automated system designed to scan apps in its Google Play™ store, many other Android app marketplaces may not vet the apps.
Simply put, enterprises have no way of knowing where and how their end users are getting their apps.
Growing threat landscape: Between 2012 and 2013, the mobile space was exposed to a 712 percent increase in Android malware. In its
"Internet Security Threat Report: 2014," Symantec™ researchers found that each malware family had 57 variants in 2013, up from 38 in
2012. Android alone was hit with 3,262 mobile malware variants. Also worth noting is that mobile malware seemed almost exclusively
8
focused on Android in 2013. Even "legitimate" apps offer no guarantee of security; the proliferation of grayware means that consumers
frequently use otherwise legitimate apps that can overstep their bounds, collecting device data—some of it sensitive—without enterprise
permission or user awareness. While no enterprise has yet reported a major IT breach via a mobile device or app, app vulnerability represents
a security threat that will inevitably compromise data on end users' devices—and open new pathways to targeted attacks on enterprises.
7- OpenSignal, “Android Fragmentation Visualized,” July 2013, http://opensignal.com/reports/fragmentation-2013/
8- Symantec, “Internet Security Threat Report: 2014,” April 2014
2Embracing Android™ in the Enterprise
Enterprise responses to Android
As dramatic as the growth statistics may be, the real Android story is being told and lived on the ground among enterprises weighing their
mobility options. While all Android adopters face similar challenges, their management responses vary by region, industry, and the unique
demands of individual enterprises. Following are snapshots of real enterprise engagements with Android, including their ambitions, their
frustrations, and their efforts to find a responsible balance of productivity and security.
Flexibilit
Flexibilityy in Asia P
Pacific
acific:: Hong K
Kong
ong insurer expands its reach saf
safely
ely
Customers will not wait—that is the lesson on the top of mind of a Hong Kong insurance provider weighing its mobility options. To meet its
sales agents’ need for speed and flexibility, the insurer decided not to limit its device choices, but to “sandbox” confidential data by wrapping
its underwriting apps with security protection. By wrapping its apps rather than restricting devices, the insurer is able to implement security
controls at the app level, allowing the company to embrace Android while working around the challenges imposed by the underlying OS and
the device management APIs that it may or may not support.
Emer
Emerging
ging EMEA trend: turn Android’s openness to the enterprise
enterprise’s
’s adv
advantage
antage
In Europe, Android typically enjoys a greater market penetration than in North America, with 50–60 percent shares far above what iOS or
9
Microsoft® currently enjoys. The key driver? Cost. Due to the greater reluctance of the region to adopt BYOD, organizations are providing
Android devices to their employees. Countries that have been especially affected by the economic downturn, such as Spain and Italy, have
found inexpensive Android options, like those from Vodafone, very attractive.
But cost is not the only consideration. A few large system integrators with significant government contracts have turned Android’s openness
to their advantage, developing unique versions of the operating system that give them greater security control. Others, like a European firm
with an international sales force in the thousands, have begun developing their own apps to control sensitive data. In both cases, there is a
perceived need to shift protection from the device level to the application level, where protection can be applied regardless of user behavior.
To secure data within apps and to direct traffic to and through protected gateways, enterprises are beginning to see app wrapping as a
forward-looking supplement to the mobile device management (MDM) controls they have already applied.
North American success sstor
tory:
y: healthcare provider expands ph
physician
ysician access through wrapped app
appss
In California, a major statewide provider of healthcare has committed to iOS as the mobile platform acceptable for its employee base of
caregivers and staff.
But the same provider also works with a large number of affiliated physicians who prefer to use a variety of Android devices. The provider
chose a pathway that maintains the network’s current security policy while safely accommodating affiliate physicians. By wrapping the
network’s email and patient data applications and making them available through the Symantec App Center, affiliates can use any mobile
device they prefer while the healthcare network sustains its established IT posture, and maintains consistent security and confidentiality
policies.
Unique indus
industr
tryy challenges: retailer sstill
till shopping ffor
or op
options
tions
In North America, a large retailer has adopted a hybrid approach to mobile platforms for its headquarter employees: a strict iOS-only policy
on corporate-owned devices, and an openness to mixed platforms on employee-owned devices as long as the devices have been loaded with
9- IDC, “Worldwide Business Use Smartphone 2013-2017 Forecast and Analysis,” Doc #241599, June 2013
3Embracing Android™ in the Enterprise
approved MDM and mobile application management (MAM) controls. The company chose to standardize corporate-issued devices on iOS
because “with Apple, there’s more consistency.” For the BYOD environment, rooted Android devices are prohibited.
Android represents less than 20 percent of the retailer’s BYOD environment. The retailer believes this is largely because many of its users are
familiar and comfortable with Apple devices. There are fewer people who know about Android; those who do may perceive Android to be less
user friendly, as they’re not aware of the improvements Google has made with the operating system.
Like other enterprises, the retailer finds the fragmentation of Android’s open platform difficult to manage, and is concerned about potential
malware infections from the “Wild West” of app stores and sideloads.
Mas
Mastering
tering man
manyy vintages: a winer
wineryy adds Android to its mobile mix
For a large winery in California, ambivalence about Android comes down to something simple. “We are not a technology company,” its
mobility manager says. “We don’t want to invest in a lot of platforms.” When the winery looks at Android, it sees the open source model as a
driver of fragmentation. “Every new device has a new OS,” the manager observes. Android’s device variation imposes a high learning curve on
the winery’s IT department. “When people call in a ticket,” the manager says, “they expect IT to be an expert.”
As a result, the winery’s mobility “blend” is dominated by iOS with a touch of BlackBerry and only a hint of Android. But given Android’s
popularity among executives, the winery needs to accommodate Android users and has done so by restricting the options. “We ask that all
new Android devices be Samsung devices,” says the manager. By applying MDM and installing a mobile threat protection app, the winery is
able to manage the mix of device options favored by its employees. The manager added that solutions which can make IT organizations worry
less about what the underlying operating systems does or does not support would make Android more palatable.
Meeting the Android challenge: a brief review of enterprise options
In a fluid environment, enterprises expect sound choices, and IT wants to respond with flexible options. The following list
summarizes the enterprise/Android landscape from the most to the least restrictive.
1) Prohibit or limit Android use
In enterprises dominated by corporate-liable devices, and in markets where iOS commands the consumer market, it is still possible to impose
restrictions on Android adoption. But this path commits the enterprise to a more expensive mobile choice, and limits end user flexibility. To
circumvent the complexities caused by fragmentation, some enterprises purchase or accept Android from a small subset of OEMs and/or
service providers. By embracing a limited number of images, IT is better able to assert some control over device assets.
2) Supplement Android with MDM
Perhaps the most widely accepted option among enterprises that have adopted Android devices, the addition of MDM gives the enterprise
some basic protections, including the enforcement of device PINs and passwords, remote device locking/wiping, on-device data encryption,
and root detection. While MDM offers a baseline of security, it does not protect data should the device be hacked or accessed via malware or
stolen identifiers, and relying only on MDM throughout the enterprise means that IT may have to accommodate a burdensome variety of
devices.
4Embracing Android™ in the Enterprise
3) Add threat pro
protection
tection
Even devices with MDM remain vulnerable to malware, privacy risks, and other threats. Supplementing MDM with threat protection not only
guards against apps that overstep their bounds, but also prevents inoculated devices from becoming backdoors that can be used to penetrate
enterprise systems. Effective threat protection provides inoculation against mobile malware and grayware; interception against access to,
and communications with, fraudulent websites; defense against apps that collect too much data, remote scanning, and cleansing of devices;
and mobile threat reporting to the enterprise.
4) Bring pro
protection
tection to the app level with MAM
Instead of trying to master a plethora of platforms—or impose controls that restrict personal privacy—a growing number of enterprises are
turning to MAM solutions that provide policy controls at the app level (vs. the device level). By applying policy controls to individual
apps—whether they are developed in house, from external stores, or by third-party sources—IT can secure corporate data without crippling
the user experience or infringing upon user privacy. By moving the control point to the app level, IT can worry less about what is or is not
included in the underlying operating system. A comprehensive MAM solution provides the ability to apply granular policies on an a per-app
basis without developer resources, dynamically update application policies, control the deployment of mobile apps via an enterprise app
store, monitor app performance and usage, and remotely wipe apps and data without impacting end users’ personal data and apps.
5Embracing Android™ in the Enterprise
Conclusion
It ma
mayy be time to welcome Android
Until recently, enterprises have largely kept their distance from Android, even as they have embraced mobile devices and apps.
But Android’s growing market share, and the worldwide rise of consumerization, have made Android too big and too important
to ignore.
While fragmentation and the relatively open market for Android apps remain a concern, today’s enterprises have sophisticated security
options, including traditional MDM, advanced threat protection, and mobile app management, that make Android less threatening—and a
more rewarding mobile option for increasing productivity at lower costs.
As demonstrated by the real-world examples presented in this paper, enterprises can and should consider Android as part of their mobile
strategies. But many enterprises are not prepared to go it alone. And few IT vendors have the range of expertise, breadth of products, and
proven security track records that are necessary for embracing Android with confidence. As a firm that offers a comprehensive solution to the
full range of enterprise mobile management and security needs, Symantec is available as trusted partner in the pursuit of mobile productivity
and protection.
To learn more about how to embrace Android in the enterprise with confidence, visit www.symantec.com/mobility.
6Embracing Android™ in the Enterprise
About Symantec
Symantec Corporation (NASDAQ: SYMC) is an
information protection expert that helps people,
businesses, and governments seeking the freedom
to unlock the opportunities technology
brings—anytime, anywhere. Founded in April 1982,
Symantec, a Fortune 500 company operating one of
the largest global data-intelligence networks, has
provided leading security, backup, and availability
solutions for where vital information is stored,
accessed, and shared. The company’s more than
20,000 employees reside in more than 50
countries. Ninety-nine percent of Fortune 500
companies are Symantec customers. In fiscal 2013,
it recorded revenues of $6.9 billion. To learn more
go to www.symantec.com or connect with Symantec
at: go.symantec.com/socialmedia.
For specific country offices Symantec World Headquarters Copyright © 2014 Symantec Corporation. All rights
reserved. Symantec, the Symantec Logo, and the
Checkmark Logo are trademarks or registered
and contact numbers, please 350 Ellis St. trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be
visit our website. Mountain View, CA 94043 USA trademarks of their respective owners.
5/2014 21332808
+1 (650) 527 8000
1 (800) 721 3934
www.symantec.comYou can also read
