MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
MOBILE OPERATING SYSTEM TRANSITION Helping Customers Migrate and Maintain the Latest Android OS
TABLE OF
CONTENTS
2 Introduction
3 Legacy Operating Systems
4 Android Enterprise Evolution
6 How Honeywell Helps
8 Android Lifecycle Management
9 Conclusion and Recommendations
Mobile Operating System Transition White Paper | Table of Contents | www.honeywell.com | 1
INTRODUCTION
A shift in the mobile operating system
landscape has occurred over the last
several years. Microsoft has ended support
for Windows® mobile applications and
security patches are no longer available,
leaving companies no choice but to
upgrade to Android. Those that do not
upgrade will be exposed to the security
risks that are inherent with an unsupported
operating system. This paper will elaborate
on these points and provide the reader with
guidance on recommended solutions.
Mobile Operating System Transition White Paper | Introduction | www.honeywell.com | 2
LEGACY
OPERATING
SYSTEMS
1
Customers currently running applications
that require a legacy Microsoft® operating
system (Windows CE 6 or Windows Mobile/
Windows Embedded Handheld 6.5) will no
longer recieve support for their platform.
Mainstream support, which includes regular
updates, has ended for both legacy systems.
Microsoft extended support (security As support for legacy operating
fixes) ended for Windows CE 6 in systems has ended, customers need
early 2018 and ended for Windows to make decisions to move forward.
Embedded Handheld 6.5 in early
Android’s large market presence
2020. Vendors are unable to provide
supports a broad variety of OEMs
patches should a vulnerability or
and hardware form factors, making it
error be found in Microsoft code.
more likely that a device is available to
For this and other reasons, many
meet the customer’s use case and cost
customers are transitioning to new
requirements, including devices that
applications running under Android™.
offer integrated physical keypads.
Mobile Operating System Transition White Paper | Legacy Operating Systems | www.honeywell.com | 3ANDROID
ENTERPRISE
EVOLUTION
2
Prior to 4.0 Ice Cream Sandwich, Android
offered little in the way of enterprise features.
The consumer-focused operating system was
augmented by OEM extensions and third-
party software to allow it to be controlled
and managed in the enterprise environment.
Enterprise features gradually began Added features include bulk As its market share has grown, Android
appearing in the 4.2 Jelly Bean and 4.4 provisioning to speed device setup, has become a target for exploits and
KitKat releases, culminating with the Device Owner (Android Enterprise) malware attacks. Google has responded
introduction of Android for Work in 5.0 mode to allow fully managed devices by increasing the protections to prevent
Lollipop. Android for Work provided at the corporate level, always-on VPN the introduction of Potentially Harmful
an extended set of management APIs and encryption enabled by default to Apps (PHAs), as well as implement
and a container system for separating protect personal and corporate data. defenses inside the OS that limit the
and independently managing ability of the system to be compromised
Popular mobile operating systems such
personal and work apps and data. should a PHA be installed. A few of
as Android enable companies to access
these protections are discussed below.
Google® has continued investing heavily a large ecosystem of applications,
in enterprise capabilities in each of its development tools and resources, but Detailed information is available in
last several versions, renaming Android also involve security risks that must be Google’s Android Security 2018 Year
for Work to Android Enterprise. addressed and mitigated. Google has in Review report located here:
steadily evolved its approach to security.
https://source.android.com/
security/reports/Google_Android_
Security_2018_Report_Final.pdf
Mobile Operating System Transition White Paper | Android Enterprise Evolution | www.honeywell.com | 4A COMPARISON OF SECURITY CONTROLS FOR MOBILE DEVICES
S mode (1803)
Windows 10 in
2 (Android 8)
3 (Android 9)
Google Pixel
Google Pixel
Google Pixel
Windows 10
Surface Pro
(Android 7)
Chrome OS
iOS 12.1.3
Android 6
Android 7
Android 8
Android 9
Microsoft
Samsung
Samsung
Samsung
Knox 2.6
Knox 2.9
Knox 3.2
iOS 11.2
(1709)
WHAT WAS COMPARED? OS OS OS Platform OS Device Platform OS Device OS Device Platform OS OS OS Device
BUILT-IN SECURITY
Access Control by Default 2 2 2 2 2 2 2 2 2 2 2 2 3 2 2 2
Authentication Security 3 3 2 2 2 2 2 2 2 3 3 3 2 2 2 2
Device Encryption on by Default 3 3 2 3 2 3 3 2 3 3 3 3 3 2 3 3
File-Level Encryption 3 3 1 1 3 3 3 3 3 3 3 3 3 3 3 3
App Isolation 3 3 3 3 3 3 3 3 3 3 3 3 3 2 3 2
OS Updates 3 3 1 2 2 3 2 2 3 2 3 2 3 3 3 3
Security Updates 3 3 2 2 2 3 3 3 3 3 3 3 3 3 3 3
App Updates 1 1 3 3 3 3 3 3 3 3 3 3 3 2 3 2
App Privileges 3 3 3 3 3 3 3 3 3 3 3 3 3 1 3 1
Runtime App Permissions 3 3 2 2 2 2 3 3 3 3 3 3 3 2 3 2
Platform Integrity Protection 2 3 2 3 2 2 3 3 3 3 3 3 3 3 3 3
Root of Trust 3 3 1 3 2 3 3 3 3 3 3 3 3 3 3 3
Exploit Mitigation 2 3 2 3 2 2 3 2 2 3 3 3 3 3 3 3
Network Security 1 1 1 1 2 2 3 3 3 3 3 3 3 3 3 3
Network Encryption 2 2 1 1 2 2 2 2 2 2 2 2 2 1 2 1
Built-in Anti-Malware 2 2 3 3 3 3 3 3 3 3 3
Secure Browsing 3 3 3 3 3 3 3 3 3 3 3
CORPORATE-MANAGED SECURITY
Authentication Methods 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3
Authentication Policy Management 2 2 2 3 2 2 3 3 3 3 3 3 3 3 3 3
Encryption Management 3 3 2 3 3 3 3 3 3 3 3 3 3 2 2 2
Device/Corporate Wipe 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3
Workplace Isolation 2 2 2 3 2 2 3 3 3 3 3 3 3 3 3 3
Secure Key Store 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
Jailbreak/Root Protection 2 3 2 3 2 2 3 3 3 3 3 3 3 NA 3 NA
App Vetting 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
Enterprise App Store 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
App Monitoring and Control 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3
Secure Remote Access 2 2 2 3 2 2 3 2 2 2 2 3 2 3 3 3
Policy Management 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
Remote Health Attestation 1 1 1 3 2 2 3 3 3 3 3 3 3 3 3 3
Source: Gartner (January 2019) 1 = WEAK 2 = AVERAGE 3 = STRONG
HIGHLIGHTS
• Windows lags in runtime protection • Android security updates
for isolation and segmentation. come faster than firmware.
• Android 9 is stronger in most areas • Android uses encryption by
of corporate-managed security. default and Windows does not.
Mobile Operating System Transition White Paper | Android Enterprise Evolution | www.honeywell.com | 5HOW
HONEYWELL
HELPS
3
Honeywell is strongly committed to cybersecurity.
Our global businesses include aerospace and
process solutions that demand a very high
degree of security in all aspects of operations.
A corporate-level cybersecurity task force Enterprise Launcher. These tools control
sets and maintains security policies and user access to system resources and
standards, including test procedures can restrict the system to execute only
used during product development designated apps. Removing the user’s
that specifically identify software ability to install or run unauthorized apps
issues that could make systems more makes the system far less vulnerable to
vulnerable to exploits. This approach security exploits caused by user actions.
eliminates potential vulnerabilities
Honeywell offers tools that enable
before products are even released.
customers to establish application white
The cybersecurity team monitors lists or black lists, control availability
multiple information sources to learn of a wide range of device features Honeywell is committed to providing
of potential system security issues as and control which IP addresses are the best available security and lifecycle
early as possible, and has implemented accessible through the firewall. on its mobile computing platform. To
an escalation protocol that mobilizes receive the best available security on
Another important aspect of security Android devices, the only way is to run
resources company-wide on a priority
is maintaining an updated system. the latest Android version. To keep
basis to address these issues.
Researchers are constantly discovering up with the ever-changing security
Once an Android vulnerability is revealed and responsibly reporting vulnerabilities landscape, Google adds security
and a corrective action posted by in the Android code base that could features to new Android version releases.
Google, Honeywell’s Android security potentially be subject to malicious Honeywell provides unmatched
experts implement the fix and deliver exploits. Google even offers a bounty security and lifecycle by guaranteeing
it to customers. Direct distribution of program to encourage researchers and delivering more Android version
patches and updates enables Honeywell to find and report potential issues. compatibility and provides flexibility
to reduce response time compared to so that you can upgrade at your own
Google and chipset providers such as
OEMs who must go through secondary pace. For customers not yet ready
Qualcomm® provide security patches to
channels to deliver their updates. to upgrade OS versions, Honeywell
OEMs on a regular basis for incorporation
Many enterprise customers choose to into their software builds. Honeywell offers security patching services.
restrict end-users further by “locking updates its Android system images
down” the device through the use of on a regular 60-day cadence, with
an Enterprise Mobility Management patches for extremely critical exploits.
(EMM) agent or app such as Honeywell
Mobile Operating System Transition White Paper | How Honeywell Helps | www.honeywell.com | 6HONEYWELL OS VERSION AVAILABILITY
ANDROID VERSIONS
6/M 7/N 8/O 9/P 10/Q 11/R 12/S 13/T
CT40 WWAN
CT40 WLAN
CT40 XP WWAN
CT40 XP WLAN
CT60 WWAN
CT60 WLAN
CT60 XP WWAN
CT60 XP WLAN
As with our leadership on Android 11(R), Honeywell is committed to
continuing efforts towards feasibility of Android 12 and 13 compatibility.
ZEBRA DEVICE OS VERSION AVAILABILITY
ANDROID VERSIONS
6/M 7/N 8/O 9/P 10/Q 11/R 12/S 13/T
TC51
TC52
TC52x
TC56
TC57
TC57x
TC70x
TC72
TC75x
TC77
Source: https://www.zebra.com/ap/en/support-downloads.html
KEY
Available or Guaranteed Best Security and Features
Committed
Planned and/or Subject to Change or Restriction
Mobile Operating System Transition White Paper | How Honeywell Helps | www.honeywell.com | 7ANDROID
LIFECYCLE
MANAGEMENT
4
Customers deploying mobile computer
solutions in the rugged enterprise
environment expect a longer usage cycle
than consumers. Where smartphones in
consumer use cases generally turn over
in 2–3 years, enterprises are expecting
their systems to last 3–5 years or longer.
Historically, embedded operating For those not ready to upgrade their most recent patch. In other words,
systems used in rugged mobile devices to the latest Android version, patches are cumulative. Specific
computers had a lifecycle corresponding Honeywell offers the Sentinel™ security patches cannot be applied individually.
to enterprise use cases. Windows CE patch program. Sentinel provides security
SECURITY PATCHES ARE TESTED
and Windows Embedded Handheld patches for Android versions up to
FOLLOWING Honeywell standard test
were supported by Microsoft for 10 eight years old. Again, maintaining the
procedures applicable to all software
years after initial introduction. latest Android version is the security
releases. It remains the responsibility
best practice rather than resorting
Different from Windows, Android of the customer to test any software
to security patch backporting.
provides an incremental approach. updates received from Honeywell
Each Android version is built upon the TIMING OF DELIVERY TO CUSTOMERS to their satisfaction prior to rolling
last, adding new features to the newest IS QUARTERLY, or less if no severe out an update to their estate.
Android version. The only way to receive patches applicable to the supported
CUSTOMERS RECEIVE THESE
the best available security, including all operating system version are
BENEFITS under the terms of a
new security features, is through the reported. Applicable patches will
service contract, either standalone
latest Android version, not through a generally be delivered within 90 days
or incorporated into another type of
patch. While patches are provided for of public disclosure with exceptions
service agreement. Customers without a
prior Android versions, it is important possible for imminent threats.
contract will not receive security patches
to know that patches for prior versions
CUSTOMERS UTILIZING THIS SERVICE after Google security patch support ends.
do not contain all the security features
ARE EXPECTED to apply all previously
included in the latest Android version.
released patches in order to apply the
Mobile Operating System Transition White Paper | Android Lifecycle Management | www.honeywell.com | 8CONCLUSION AND
RECOMMENDATIONS
Android is a secure operating system,
utilizing application isolation and exploit
mitigation techniques to provide a high level
of security to the user. The key security point
is to maintain the latest OS version and
choose devices with the longest lifecycle
possible. Backporting is not the security
best practice and should be avoided.
Honeywell’s products are designed from MOBILITY EDGE software once, and then deploy across
the start to meet Honeywell’s rigorous One way businesses can simplify the multiple devices in multiple form
security standards. Security is evaluated migration process is by selecting devices factors, more rapidly and at a lower cost
throughout the development process, that are built on a unified mobile platform, than typical mobile deployments.
identifying and mitigating vulnerabilities like Honeywell’s Mobility Edge™. Devices
Businesses wishing to extend product
even before products are released. built on this common hardware and
lifecycle and gain a better return on
software platform are easier and less costly
Education of customers and constant their technology investment will be
to deploy and manage and have longer
monitoring of security vulnerabilities assured by the fact that Mobility Edge
lifecycles with a history and guarantee
and exploits, with defined processes for platform devices can be upgraded
of providing the most forward Android
addressing those issues that are discovered, through at least Android 11 with a
version compatibility than other devices.
further protect our customers’ systems commitment to continuing efforts
from compromise. A subscription-based Mobility Edge devices feature a common towards feasibility of Android 12 and
notification model enables customers hardware System On Module, or SOM, 13 compatibility. Honeywell also
to take immediate action to mitigate which is a single, certified module that provides critical security updates for
risk while software is being patched and includes the device’s CPU, memory, Android versions up to eight years old.
tested. Customers can be assured that their WWAN (in selected devices), WLAN,
systems are designed and supported to the Bluetooth® and near-field communication HONEYWELL MARKETPLACE
highest standards and they can operate (NFC). They also feature a common OS For businesses needing help with their
their businesses with confidence knowing software image and a common software Android transition strategy, the Honeywell
Honeywell is working to help them ecosystem, which includes not only Marketplace offers a helpful resource.
maintain the security of these systems. Honeywell software, but also software Honeywell Marketplace is an enterprise
from Honeywell-approved independent app store that provides businesses with
With its large market share and extensive
software vendors (ISVs). direct access to software and solutions
ecosystem of apps, developers and
developed by Honeywell and third-
VARs, Android has become the clear Having a common SOM and OS software
party independent software vendors.
choice for many enterprises in a variety image provides flexibility and reduces
Companies can search for solutions by
of industries. Transitioning to Android costs for businesses to deploy additional
industry, by solution type (developer
involves writing new apps, adapting device form factors because there are
tools, ERP, etc.) or by technology
workflows and changing the mobile no added development or certification
(mobile computer, wearables, etc.) and
devices workers use. This can be a costs. Companies can validate all
find a diverse set of applications to
costly and complicated endeavor. their mobile devices, use cases and
help ease their mobile transitions.
Mobile Operating System Transition White Paper | Conclusion | www.honeywell.com | 9For more information
www.honeywellaidc.com
Mobility Edge and Sentinel are trademarks or registered trademarks
Honeywell Safety and of Honeywell International Inc. Android is a trademark or registered
Productivity Solutions trademark of Google LLC. Bluetooth is a trademark or registered
trademark of Bluetooth SG, Inc. Microsoft and Windows are
300 S Tryon St Suite 500 trademarks or registered trademarks of Microsoft Corporation. All
Charlotte, NC 28202 other trademarks are the property of their respective owners.
800-582-4263 Mobile Operating System Transition White Paper | Rev C | 08/20
www.honeywell.com © 2020 Honeywell International Inc.You can also read
