There is a good reason for this. The out-of-the-box Android does not really allow for much restriction, setup automation (like pre-setting up Exchange mail, contacts, and calendar for example), and visibility into the device. This is in stark contrast to iOS that has, since 2010, been baking enterprise-friendly features into the core OS. Certainly BlackBerry (both BB7 and BB10) which arguably set the standard for enterprise mobile security back in the early 2000s, still have the most restrictions and control, even if customers are not buying them like they used to.
The second issue with Android is the different vendor versions. If you were an enterprise deciding to allow a Bring Your Own Device (BYOD) policy, could you really mandate which exact devices your employees must purchase? Probably, but it would be a very unpopular BYOD program.
Speaking of different variants of Android, it is actually those companies who have stepped up to make Android enterprise friendly. Let's refer to the MDM Matrix that shows what MDM policies are supported by which mobile OSes.
If we look in column C, we see out-of-the-box Android, the version that you’ll find on a Nexus or Google Play edition of a device. You’ll notice that while it supports all of the password restrictions you’d want, beyond that there is not much. Now look at columns D, E, F, and G where you’ll see versions of Android by Samsung, LG, Lenovo, and Motorola (the latter two soon to be combined into Lenovo). You will notice that all of these vendors have added enterprise-friendly controls like the ability to disable the camera, disable screen capture, disable copy/paste, disabling synchronization while roaming, etc.
As an enterprise you will be concerned with data leakage. You do not want data, be it in email, documents, or corporate apps, being shared with non-employees. So you’ll want to limit features like copy/paste, or screen capturing for example.
With that in mind, if you wanted to craft a BYOD program for your company, iOS seems like a natural fit with its baked-in controls. Android is tough because of its varying level of controls based on the vendor. One way to address this is by adopting a container like the ones provided by Good Technology and Divide. The container creates a uniform application of controls across all Android devices. The drawback of course is that your users must now adapt to different email, contacts, and calendar apps.
If you were to adopt a Company Owned (CO) or Company Owned Personally Enabled (COPE) device, then you could simply look at a table like the MDM Matrix, and decide which MDM vendor provides the controls you need, and purchase only those devices. Certainly the most obvious choice is Samsung since they provide by far the most controls and restrictions in the Android space.
If you decide on CO or COPE, you can control the devices you purchase, which then allows you to control them the way you want. The benefit to the employee is that they do not need to learn two separate email, contacts, and calendar apps.
Today, it seems that not only are Apple and Samsung the leaders in the consumer space but, in the near future, also in the enterprise space. What are your thoughts on Android in the enterprise? What devices has your company chosen? Have they adopted BYOD, CO, or COPE?
Post Date: 14.05.2014