0
Android in the  Enterprise: PiecingTogether Fragmentation         Presented by Drew Schmanek  1
What will I learn today? •   The Android fragmentation problem •   Provisioning Android devices •   Policy requirements • ...
The Problem of Android Fragmentation… • UI Uniformity   – There is NONE! • The BIG Three   – Samsung   – HTC   – Motorola ...
Poll Question Number 1 • Does your organization provide or support   Android devices from the following   manufacturers?  ...
Provisioning • Android Device Management    – Agent/Application based    – EAS (Exchange ActiveSync) / Lotus Notes Travele...
Poll Question Number 2 • Is your organization allowing Android devices to   access corporate resources?   – Yes, we do   –...
Android Policy • Requirements    –   Profile Management    –   Email, Wi-Fi, & VPN    –   Applications    –   Encryption  ...
Poll Question Number 3 • Does your corporation have policy in place to   encrypt email on devices?   – Yes   – No         ...
Automated Actions • Compliance   – Alerts   – Restrictions/Wipes   – Merge                          9
Android Best Practices • Have a realistic policy in place for your users    – Support multiple device platforms and allow ...
MaaS360 OverviewUser/Device Enrollment   OTA Configuration &         Management  In-depth Inventory &      Device Reportin...
Agility of the cloud for the pace of change in mobility  • Fast deployment     – Simple provisioning processes     – Intui...
Try MaaS360, Get a Swag Kit  Sign up for a free trial after today’s webinar and         you will be sent a swag kit—on us!...
Questions or follow-up?Wrap Up                                                               aschmanek@fiberlink.com      ...
Upcoming SlideShare
Loading in...5
×

Android in the Enterprise: Piecing Together Fragmentation

512

Published on

Learn how using mobile device management (MDM) can help Enterprises combat Android fragmentation to broaden BYOD device offerings.

Learn more: http://www.maas360.com/products/mobile-device-management/android/

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
512
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Hello, my name is Drew Schmanek. Welcome to the ?th edition of the MORE series presented by MaaS360. Today we will learn what it new and improved with Android 4.0 also known as ICS, or Ice Cream Sandwich We discuss how Android devices are acceptance is progressing for enterprise deployment.
  • In our webinar today we will address the growing fragmentation issue we keep seeing, while going over the provisioning of devices, policy set requirements, automated actions, and security and best practices for the Android platform.
  • UI Uniformity:For Android, Google has created a full open source ecosystem that has many flavors and variants. This is causing issues across the platform with how different user interfaces are able to connect and manage corporate resources. These issues are with users that are preferring a user interface over another vendors, .api’s in the custom email clients layered in the UI, and even encryption limitations and options.The BIG Three:(Touchwiz – SAMSUNG)Has a very iOS-like look and feel. Samsung has managed to customize just about everything outside of the stock Android framework here to provide what they feel is a more simple user experience. They are packing their own Android App gateway outside of Google’s Play Store, modifying native Android applications with new features, and even changing some of the way the user navigates through menu items and applications on the device.(Sense – HTC)Sense is also heavily modified in all areas as well especially the email client. HTC has managed to incorporate a fully modified version of Android’s native email client. This sometime interacts with your mail server, providing two device ID’s for the same device. They also have made other additions to the stock Android web browser, calendar, and camera.(Motoblur – Motorola)Motorola’s offering is pretty much on par with the rest by setting themselves different from the pack with Blur or otherwise known as Motoblur. Blur also features a modified email client that can also duplicate device ID’s on mailbox servers causing the same issue we see with HTC devices. Although the connection to mail server is fine in the client, it makes accurate reporting more difficult for the IT admin with out an option to merge the device ID’s. How Motorola is setting themselves apart is with the implementation of their EDM api for device encryption. Outside of Android 3.0 which was a tablet based OS, device encryption was unavailable on devices running Android 2.3 gingerbread and below. With their EDM api Motorola enabled encryption on their select number of 2.3.X devices.
  • Intro:You have a few limited ways in which you can manage Android devices. Unlike iOS, the Android platform is fully open and these devices put the consumer first by origin. This has the IT admin at a disadvantage at what their employees truly have connected to their environment.Agent/Application based:Outside Android’s framework, the operating system is natively built around applications or .APK’s which are all housed on the device in the app drawer. APK’s allow centralized commination to the device from things like remote servers, or Google’s Play Store for updates and new features to be applied. Advanced device policy sets can be applied with restrictions in place to help IT admins enroll and receive full device reporting and details of the device. EAS/Lotus Notes Traveler:You also can manage Android devices connecting to Exchange ActiveSync through either the Exchange Management Console, or by running remote PowerShell commands using the remote PowerShell prompt, or a Domino Lotus Notes Traveler Server. This type of management is very limited because you are really only managing the device’s ID association with the Exchange/Domino mailbox by applying an ActiveSync policy set. You can not do things like selectively wipe a device, or enforce a compliance policy set. You also only can report on a very limited amount of device data using EAS/Traveler, you do not have the full capabilities that you would with managing the device from a centralized .apk and making calls to unique device .api’s.Device Enrollment:Enrolling devices insures there is a set template in place to provision your devices quickly and securely. Without advance enrollment options available, the IT admin poses the risk of not being able to manage the devices with set restrictions, compliance, or security settings.
  • Profile Management:Distributing and defining profiles in the Android policy allows the IT admin to efficiently manage the user’s device and how it enforces restrictions, security settings, and accesses corporate resources/applications.Email, Wi-Fi, & VPN:Setting up requirements for users/employees to access corporate resources can be a nightmare for the IT admin. Users can setup and configure these settings themselves if they know the credentials without the IT admin ever having any visibility. This limits the admin from being able to manage the corporate resources and how users are connecting. Having a defined policy set in place, can and will eliminate this.Applications:Allowing a policy set to Blacklist, Require, and Whitelist select applications – provides a line of sight into how you would like the user to utilize their device. This enables the IT admin to monitor and report on specific applications that are installed on the device, later requiring action if it does not meet the compliance set of the list of apps built by the IT admin.Encryption:Android currently boasts On-Device Encryption, which allows IT to protect sensitive data, which is available on Ice Cream Sandwich. This technology is also included on Android 3.0 Honeycomb, but that is primarily a tablet operating system. There is also an EDM .api available found on select Motorola devices running Gingerbread Android 2.3.X. This advance .api allows the enforcement of encryption on these select devices, that is not natively supported by Android on older versions of the platform.
  • Alerts:Actively monitordevices and alert the user or administration if a device has applications that should not be installed, or if the device is not meeting the requirements provided by the policy set that is in place. These alerts can be the first to notify the end user or employee before an action below is taken.Restrictions/Wipes:With compliance rule sets built and applied, it allows the IT admin to take action on a device when it is out of compliance or violating the corporate mobile device policy. The admin will be able to issue selective wipes to the end user, removing corporate resources off the device such as email, wi-fi, and vpn configurations – all while still having the device enrolled in the policy and managing the device.Merge:There are many different types of email clients for Android which have been known for there quirkiness on Exchange ActiveSync, and Domino Lotus Notes Traveler. One main issue is the specific devices sometimes provide more than one device ID for a user’s mailbox on select Android devices, so the user looks like they have more than one device but really they do not. This is directly related to the fragmentation of the custom UI’s embedded by OEM’s on the devices flavor of Android. This also can cause issues with how the devices integrate with native Android’s email client and the email server. Having a solution in place to merge the records is essential to providing a clean experience on the backend for the IT admin. They will be able to provide accurate reporting metrics for their devices eliminating duplicate records.
  • Have a realistic policy set in place. Support multiple device platforms and allow personal devices. You are likely already doing this now, but with very minimal information a user can sync an Android or even a newer iPod touch device to your exchange/domino server without you ever being alerted or notified. Cost savings could also add up as the employee is covering their own plan.Take stock of your mobile devices by implementing a multi-platform reporting and inventory tool. This will help understand risks regarding mobile devices and make informed decisions. The solution should also be extended to your help desk and HR departmentsProbably the most important, require and enforce basic security precautions. This includes requiring a strong password, expiration, auto-lock, and auto-wipe if a specific number of failures incur. Enforce that local encryption is enabled, and have the ability to remote wipe. ICS now offers on-device encryption for not only tablets but phones which was unavailable with the last implementation Honeycomb 3.0 which was for tablets only.
  • I want to take 5 minutes out right now and dive into this key slide. This is really how we approach and integrate into the different device platforms which are out there. We first start with a breadth approach, then provide depth with more granular security and policy options for devices such as iOS and Android.For breadth, we allow the management of any device that leverages ActiveSync for either Exchange or Lotus Notes. This allows for an auto-discovery of any device using ActiveSync in your environment to get corporate e-mail. It also allows you to manage those devices via the standard feature set made available thought Exchange or Notes.  Like creating and enforcing ActiveSync policies, remote wipe, auto-device discovery. Integration into your Exchange or Lotus environment is made possible by our MaaS360 Cloud Extender. This is a 13MB piece of software which can be installed on your mail server or on a server which can communicate to the mail server. It helps facilitate communication between your environment and ours. One thing to note, it does not change or interrupt your mail deliver as it exists today. It’s designed to be very light touch in your environment.  For more in-depth management of iOS and Android devices, we have additional integration.  Specifically, for  iOS devices, we have chosen a best practice method by utilizing the MDM API which apple has created for the management of these devices. This allows us to have the integration needed without the weight of an agent. In a sense, Apple made it easy for us and for you. The additional features you can use with this type of integration include performing select data wipe (wiping corporate data and leaving personal data behind), pushing down Wi-Fi Profiles, and even pushing down and managing VPN profiles).  For Android, we were forced to take an agent based approach. This is because the Android OS does not have the mature API calls that Apple had developed. So for Android, we allow for more granular control by placing an agent on the device itself. Together, the ActiveSync integration, iOS API, and Android Agent allow for complete management of mobile devices. All of this comes together in our MaaS360 Platformwhich allows you to perform actions on devices as well as review your own environment with our mobility intelligence reporting. Mobility intelligence is our version of business intelligence reporting with additional analytics.  Do you have any questions around how we integrate into the different device platforms? 
  • End of webinar will redirect to trial landing page, also will be sent a link to the trial after today’s webinar
  • Joe to cover
  • Transcript of "Android in the Enterprise: Piecing Together Fragmentation"

    1. 1. Android in the Enterprise: PiecingTogether Fragmentation Presented by Drew Schmanek 1
    2. 2. What will I learn today? • The Android fragmentation problem • Provisioning Android devices • Policy requirements • Automated actions • Security best practices 2
    3. 3. The Problem of Android Fragmentation… • UI Uniformity – There is NONE! • The BIG Three – Samsung – HTC – Motorola 3
    4. 4. Poll Question Number 1 • Does your organization provide or support Android devices from the following manufacturers? – Motorola – Samsung – HTC – LG – Other 4
    5. 5. Provisioning • Android Device Management – Agent/Application based – EAS (Exchange ActiveSync) / Lotus Notes Traveler – Device Enrollment 5
    6. 6. Poll Question Number 2 • Is your organization allowing Android devices to access corporate resources? – Yes, we do – Not today; planning/considering – No plans to permit such access 6
    7. 7. Android Policy • Requirements – Profile Management – Email, Wi-Fi, & VPN – Applications – Encryption 7
    8. 8. Poll Question Number 3 • Does your corporation have policy in place to encrypt email on devices? – Yes – No 8
    9. 9. Automated Actions • Compliance – Alerts – Restrictions/Wipes – Merge 9
    10. 10. Android Best Practices • Have a realistic policy in place for your users – Support multiple device platforms and allow personal devices • Put in a multi-platform inventory tool, immediately – Many businesses don’t have good data on their mobile devices; knowing the total amount that they have connected to corporate resources. – Find unsupported devices and help in troubleshooting how to have your users connect securely and safely. • Enforce the basic security precautions – Password – Remote Wipe – Encryption (standard in 4.0 phones/tablets) 10
    11. 11. MaaS360 OverviewUser/Device Enrollment OTA Configuration & Management In-depth Inventory & Device Reporting Improved Visibility & Control 11
    12. 12. Agility of the cloud for the pace of change in mobility • Fast deployment – Simple provisioning processes – Intuitive user interface • Effortless scalability – Instantly turn up devices, users, apps – Start small and easily expand up • Automatic upgrades – Continuous updates available instantly – No ongoing maintenance • Unmatched affordability – Zero infrastructure needed – All inclusive subscription price model 12
    13. 13. Try MaaS360, Get a Swag Kit Sign up for a free trial after today’s webinar and you will be sent a swag kit—on us! 13
    14. 14. Questions or follow-up?Wrap Up aschmanek@fiberlink.com jharrington@fiberlink.com• Upcoming Webinars (Registration Links in Chat Window) – Tuesday, May 22 – Getting Started with MaaS360 – Thursday, May 24 - Enabling the Social Mobile Enterprise from the Cloud – Thursday, June 7 – Embracing BYOD with MDM and NAC• Past Webinars (http://links.maas360.com/webinars) – BYOD: Striking a Balance—Employee Privacy and IT Governance – Ten Mysteries of Android – The New iPad Goes to Work• Plus lots of How-To content on our website – Mobile Device Management Best Practices • http://links.maas360.com/mdm – Mobile Device Management Glossary • http://links.maas360.com/mdm_glossary 14
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×