Enterprise mobility offers a wealth lot of opportunities for OEMs, solutions providers, UX designers, and developers. On the face of it, this may appear as easy as mobile applications grabbing business data from enterprise servers, but the reality is completely different. Read on to learn more.
Lets start this discussion by defining what enterprise mobility actually is. In my opinion, it is the trend that denotes the shift in how todays employees think about working from out of the office. Its about their current expectations regarding accessing enterprise business flows from their mobile devices in a seamless manner.
From the perspective of an enterprises CIO (Chief Information Officer) or CISO (Chief Information Security Officer), enterprise mobility is an immensely investment hungry trend, because it requires mobile access to enterprise data and sometimes business-critical enterprise data over non-trusted networksall from an employees mobile device.
The bring your own device (BYOD) practice at work is now inevitable for any enterprise interested in enterprise mobility. Various enterprise mobility management (EMM) solutions are available in the market, which are capable of addressing an organisations data security and device management needs.
Androids Lollipop OS is quite different from its predecessors in terms of enterprise capabilities. One of the core requirements for supporting BYOD is the identification of enterprise applications and personal applications on the users devices. So far, established EMM providers have been addressing this challenge in customised ways. Hence, the capabilities they offer vary from one product to another. However Lollipop is coming out with a new set of APIs called Android for Work, built over Samsungs Knox security framework. Currently, all popular OEMs are working with Google to provide support for Android for Work on their devices.
Lets take a closer look at what this means for enterprises and IT workers.
Lollipop aims to provide a physical separation between a users personal data and enterprise data, using the Knox framework. There will be a separate launcher app for enterprise apps, and all enterprise applications will be marked by the Android for Work icon.
This separation will empower IT administrators to control enterprise apps and their corresponding data without affecting the users personal applications and data. All leading EMM providers are claiming support of Lollipop by leveraging the native capabilities offered by Google.
Figure 1 gives a comparative view of the pre-Lollipop and Lollipop eras.
Changes at the application layer and the Android OS layer are expected to bring enterprise-class security in a default manner in Android Lollipop-powered devices. All EMM providers will then be able to leverage this default support in their upcoming releases.
A typical EMM solution consists of the following:
- A web console
- An on-device EMM agent
- An EMM library to be used with enterprise applications for policy compliance
In the pre-Lollipop scenario, an on-device EMM agent and the EMM library were specific to particular EMM providers. Hence, the enterprise acceptability of an Android device was driven by the capabilities of the selected third-party EMM solution.
But now, in the Lollipop era, the equivalent of an on-device agent will be provided by Google, and Android for Work APIs will replace the EMM library. Hence, going forward, it can be assumed that, by default, Lollipop-powered devices will be enterprise ready. However, third party EMM solutions will still be required to perform administrative activities like enterprise policies management, their deployment on selected sets of devices, etc, in a remote manner.
Figure 3 shows an overview of a typical EMM solution in the Lollipop era.
Device and data security
We have already discussed the strong separation between personal and enterprise data and applications in Lollipop. Apart from this, Lollipop includes a device protection feature called the Kill Switch. If this anti-theft protection is enabled on the device and the Lock password feature is available, then the devices Factory reset option will ask the user for their registered Google ID credentials. Without providing valid credentials, a thief will not be able to implement a factory reset on a stolen device, and the device will remain unusable.
Support for IT policies and restrictions
EMM providers will be able to use a new set of APIs powered by Knox to enforce a wide set of policies ranging from system settings to application-specific settings.
Knox APIs for secure enterprise apps
EMM providers will be able to use new backend APIs powered by Knox APIs. This will empower IT administrators to take care of remotely deployed devices and securely manage the applications installed on them.
Android Lollipop is the largest and most ambitious release from Google, especially from an enterprise mobility perspective. Last but not least, all the changes disscussed above will enable Google to address OEM fragmentation issues to a certain extent.
References
[1] http://android-developers.blogspot.in/2014/07/knox-contribution-to-android.html
[2] https://www.samsungknox.com/en/androidworkwithknox
