The Complete Magazine on Open Source

Android Lollipop: What’s in it for Enterprises?

SHARE
/ 172 0
Android Lollipop
Enterprise mobility offers a wealth lot of opportunities for OEMs, solutions providers, UX designers, and developers. On the face of it, this may appear as easy as mobile applications grabbing business data from enterprise servers, but the reality is completely different. Read on to learn more.

Let’s start this discussion by defining what enterprise mobility actually is. In my opinion, it is the trend that denotes the shift in how today’s employees think about working from out of the office. It’s about their current expectations regarding accessing enterprise business flows from their mobile devices in a seamless manner.

From the perspective of an enterprise’s CIO (Chief Information Officer) or CISO (Chief Information Security Officer), enterprise mobility is an immensely investment hungry trend, because it requires mobile access to enterprise data and sometimes business-critical enterprise data over non-trusted networks—all from an employee’s mobile device.

The ‘bring your own device’ (BYOD) practice at work is now inevitable for any enterprise interested in enterprise mobility. Various enterprise mobility management (EMM) solutions are available in the market, which are capable of addressing an organisation’s data security and device management needs.

Android’s Lollipop OS is quite different from its predecessors in terms of enterprise capabilities. One of the core requirements for supporting BYOD is the identification of enterprise applications and personal applications on the users’ devices. So far, established EMM providers have been addressing this challenge in customised ways. Hence, the capabilities they offer vary from one product to another. However Lollipop is coming out with a new set of APIs called ‘Android for Work’, built over Samsung’s Knox security framework. Currently, all popular OEMs are working with Google to provide support for ‘Android for Work’ on their devices.

Let’s take a closer look at what this means for enterprises and IT workers.
Lollipop aims to provide a physical separation between a user’s personal data and enterprise data, using the Knox framework. There will be a separate launcher app for enterprise apps, and all enterprise applications will be marked by the ‘Android for Work’ icon.

This separation will empower IT administrators to control enterprise apps and their corresponding data without affecting the user’s personal applications and data. All leading EMM providers are claiming support of Lollipop by leveraging the native capabilities offered by Google.

Image1

Figure 1: Comparative view

Figure 1 gives a comparative view of the ‘pre-Lollipop’ and ‘Lollipop’ eras.

Changes at the application layer and the Android OS layer are expected to bring enterprise-class security in a default manner in Android Lollipop-powered devices. All EMM providers will then be able to leverage this default support in their upcoming releases.

A typical EMM solution consists of the following:

  • A web console
  • An on-device EMM agent
  • An EMM library to be used with enterprise applications for policy compliance

In the pre-Lollipop scenario, an on-device EMM agent and the EMM library were specific to particular EMM providers. Hence, the enterprise acceptability of an Android device was driven by the capabilities of the selected third-party EMM solution.
But now, in the Lollipop era, the equivalent of an on-device agent will be provided by Google, and ‘Android for Work’ APIs will replace the EMM library. Hence, going forward, it can be assumed that, by default, Lollipop-powered devices will be enterprise ready. However, third party EMM solutions will still be required to perform administrative activities like enterprise policies management, their deployment on selected sets of devices, etc, in a remote manner.

Figure 3 shows an overview of a typical EMM solution in the Lollipop era.

Image2

Figure 2: A typical EMM solution

Image3

Figure 3: An EMM solution in the area of Android Lollipop

Device and data security
We have already discussed the strong separation between personal and enterprise data and applications in Lollipop. Apart from this, Lollipop includes a device protection feature called the Kill Switch. If this anti-theft protection is enabled on the device and the ‘Lock password’ feature is available, then the device’s ‘Factory reset’ option will ask the user for their registered Google ID credentials. Without providing valid credentials, a thief will not be able to implement a factory reset on a stolen device, and the device will remain unusable.

Support for IT policies and restrictions
EMM providers will be able to use a new set of APIs powered by Knox to enforce a wide set of policies ranging from system settings to application-specific settings.

Knox APIs for secure enterprise apps
EMM providers will be able to use new backend APIs powered by Knox APIs. This will empower IT administrators to take care of remotely deployed devices and securely manage the applications installed on them.
Android Lollipop is the largest and most ambitious release from Google, especially from an enterprise mobility perspective. Last but not least, all the changes disscussed above will enable Google to address OEM fragmentation issues to a certain extent.

References
[1] http://android-developers.blogspot.in/2014/07/knox-contribution-to-android.html
[2] https://www.samsungknox.com/en/androidworkwithknox