2. Droidcon 2012
«The purpose of an organization is
to enable ordinary humans beings
to do extraordinary things» Peter F. Drucker
Large Organizations have to strictly follow rules and laws
Very risk averse, very security and privacy aware
Rigid development standards and quality assurance
Large Organizations are internationally spread
IT as business enabler, not feature- but productivity-driven
IT usually outsourced – documentation and processes mandatory
We look at corporate internal applications
3. Droidcon 2012
What makes Android so interesting
for the enterprise?
Captain Jean-Luc Picard: There's an aura
around him.
Lieutenant Geordi La Forge: Well, of course, he's
an android.
5. Droidcon 2012
Challengers
iOS Windows [mobile|embedded|CE|phone]
Very strong C-Level visibility, Windows CE is the standard
favorite in BYOD schemes mobile productivity platform
Very good enterprise Broad range of rugged and
features, particularly for hardware (SAM) secured devices
update and hardware services Very good enterprise features,
Strong device and mail encryption very strong Outlook integration
Development requires WP 7 incompatible, Windows
separate infrastructure Embedded 8 could be game-changer
Most importantly, though, they care.
6. Droidcon 2012
«I had a problem so I thought to use Java –
now I have a ProblemFactory»
7. Droidcon 2012
«We seek peaceful co-existence»
Capt. Remmick
or: Supporting multiple platforms
The right choice: Native, Hybrid or Cross-Platform
No silver bullet. Analyze your requirements & constraints.
MEAP: Advantages & Drawbacks
Pro’s in integration and governance. Con’s in usability and native features.
8. Droidcon 2012
Native Code Thick
Cross- Client
Code
Generator
Rich
Client
VM /
Runtime How much
users actually
like it*
Hybrid
App How much it
Web fits enterprise
Starter standards
Web
Client
Generic Code
Generic UI Native UI
*) the uncanny valley, see http://martinfowler.com/bliki/CrossPlatformMobile.html
9. «How can you be certain they're Droidcon 2012
receiving us?» Capt. Picard
or: Supporting multiple devices
Blacklists vs Whitelists
Trusted Certificates vary between device/api/provider
API & Development Issues
HttpUrlConnection vs DefaultHttpClient
Different Bouncycastle algorithms and hardware security features
Missing XML validation
Licensing 3rd party software.
Best technical solution Business model
10. «Mr. Data, is that the trouble I Droidcon 2012
believe it is?» Capt. Picard
or: Supporting multiple apps
Dealing with enterprise release and life cycles
Always be ready to release. Think of test environment and repositories
Intergalactic Continuous Integration
Not out of the box: strong & exotic hardware requirements
Missing Distribution Channels
Android stays behind its competitors
12. Droidcon 2012
How do you manage the diversity of
rules and guidelines in an enterprise?
13. Droidcon 2012
«The bureaucratic mentality is the
only constant in the universe» Dr. McCoy
Governance is key
Enterprises applications require transactions and accountability
Device state and user assignment must be maintainable
E-Mail, Clipboard, Intents and Caches often not properly secured
Security is key
Device Encryption and Application Safety are mandatory
Trusted context either via virtualization (BizzTrust, VMware) or
encryption e.g. with hardware modules (3LM, Certgate, Ageto)
Tradeoff: Most sophisticated protection is not integrated in standard
Android. Requires rooting, which itself is a security risk.
14. Droidcon 2012
«One of the advantages of being a Captain
is being able to ask for advice without
necessarily having to take it.» Cpt. Kirk
Bring your own device (BYOD)
Most employees do not want complex device passwords or full
control over their device and route all internet traffic over VPN*
Currently no distinction between Corporate/Private data (except
for dual-boot or application-level encryption)
Rooting and malicious software must be recognized
Connectivity
Connectivity should usually established over secure channels
Android does not support Proxy Authentication, Wi-Fi configuration
Tethering and Bluetooth cannot be controlled
*) Which, luckily, is currently impossible anyways
16. Droidcon 2012
«Reports of my assimilation have been
greatly exaggerated» Cpt. Picard
Missing ecosystem features
Enterprise Market with CA for trusted applications
OTA Update API without Google account
Clear Chrome (Jelly Bean), Motorola and Samsung strategy
Understanding of enterprise features with app makers
Missing security features
MDM which supports user certificates, CA’s and network config
Wi-Fi Proxy Authentication, Full VPN routing, EAP-SIM
Real ASLR and storage encryption for corporate/private stores
E-Mail and Exchange features for S/MIME and two-factor auth
Robust Synchronization (SyncML), Robust Service and SSL API
17. Droidcon 2012
Recap
Align to enterprise policies, prepare for non-market distribution
Embrace development standards, KPI’s and lifecycles
Thoroughly manage traceability, accountability and privacy
Prepare for integration using secure Webservices and XML
Prepare for fragmented device base and users who need to be
supported by – in the end – yourself (incomprehensible pain)
Scenario: Native Apps for different Platforms3 Developers2 different HardwaresMISSING DISTRIBUTION CHANELSBETA TestingAndroidstraightforward BUT: reducesecurity + missingdistributioncontroliOSentreprise -> no securityloss, (ordeviceidcontrol)WP7 -> via marketplace