Scenario: Native Apps for different Platforms3 Developers2 different HardwaresMISSING DISTRIBUTION CHANELSBETA TestingAndroidstraightforward BUT: reducesecurity + missingdistributioncontroliOSentreprise -> no securityloss, (ordeviceidcontrol)WP7 -> via marketplace
Jan Peuker, Raoul Neu: Enterprise Android for the Win
Droidcon 2012«The purpose of an organization isto enable ordinary humans beingsto do extraordinary things» Peter F. Drucker Large Organizations have to strictly follow rules and laws Very risk averse, very security and privacy aware Rigid development standards and quality assurance Large Organizations are internationally spread IT as business enabler, not feature- but productivity-driven IT usually outsourced – documentation and processes mandatory We look at corporate internal applications
Droidcon 2012What makes Android so interestingfor the enterprise?Captain Jean-Luc Picard: Theres an aura around him.Lieutenant Geordi La Forge: Well, of course, hes an android.
Droidcon 2012ChallengersiOS Windows [mobile|embedded|CE|phone] Very strong C-Level visibility, Windows CE is the standard favorite in BYOD schemes mobile productivity platform Very good enterprise Broad range of rugged and features, particularly for hardware (SAM) secured devices update and hardware services Very good enterprise features, Strong device and mail very strong Outlook integration encryption WP 7 incompatible, Windows Development requires Embedded 8 could be game- separate infrastructure changerMost importantly, though, they care.
Droidcon 2012«I had a problem so I thought to use Java – now I have a ProblemFactory»
Droidcon 2012«We seek peaceful co-existence»Capt. Remmickor: Supporting multiple platforms The right choice: Native, Hybrid or Cross- Platform No silver bullet. Analyze your requirements & constraints. MEAP: Advantages & Drawbacks Pro’s in integration and governance. Con’s in usability and native features.
Droidcon 2012 Native Code Thick Cross- Client Code Generator Rich Client VM / Runtime How much users actually like it* Hybrid App How much it Web fits enterprise Starter standards Web Client Generic Code Generic UI Native UI*) the uncanny valley, see http://martinfowler.com/bliki/CrossPlatformMobile.html
«How can you be certain theyre Droidcon 2012receiving us?» Capt. Picardor: Supporting multiple devices Blacklists vs Whitelists Trusted Certificates vary between device/api/provider API & Development Issues HttpUrlConnection vs DefaultHttpClient Different Bouncycastle algorithms and hardware security features Missing XML validation Licensing 3rd party software. Best technical solution Business model
«Mr. Data, is that the trouble I Droidcon 2012believe it is?» Capt. Picardor: Supporting multiple apps Dealing with enterprise release and life cycles Always be ready to release. Think of test environment and repositories Intergalactic Continuous Integration Not out of the box: strong & exotic hardware requirements Missing Distribution Channels Android stays behind its competitors
Droidcon 2012How do you manage the diversity ofrules and guidelines in an enterprise?
Droidcon 2012«The bureaucratic mentality is the only constant in the universe» Dr. McCoy Governance is key Enterprises applications require transactions and accountability Device state and user assignment must be maintainable E-Mail, Clipboard, Intents and Caches often not properly secured Security is key Device Encryption and Application Safety are mandatory Trusted context either via virtualization (BizzTrust, VMware) or encryption e.g. with hardware modules (3LM, Certgate, Ageto) Tradeoff: Most sophisticated protection is not integrated in standard Android. Requires rooting, which itself is a security risk.
Droidcon 2012 «One of the advantages of being a Captain is being able to ask for advice without necessarily having to take it.» Cpt. Kirk Bring your own device (BYOD) Most employees do not want complex device passwords or full control over their device and route all internet traffic over VPN* Currently no distinction between Corporate/Private data (except for dual-boot or application-level encryption) Rooting and malicious software must be recognized Connectivity Connectivity should usually established over secure channels Android does not support Proxy Authentication, Wi-Fi configuration Tethering and Bluetooth cannot be controlled*) Which, luckily, is currently impossible anyways
Droidcon 2012Missing features:What will the future bring?
Droidcon 2012«Reports of my assimilation have beengreatly exaggerated» Cpt. Picard Missing ecosystem features Enterprise Market with CA for trusted applications OTA Update API without Google account Clear Chrome (Jelly Bean), Motorola and Samsung strategy Understanding of enterprise features with app makers Missing security features MDM which supports user certificates, CA’s and network config Wi-Fi Proxy Authentication, Full VPN routing, EAP-SIM Real ASLR and storage encryption for corporate/private stores E-Mail and Exchange features for S/MIME and two-factor auth Robust Synchronization (SyncML), Robust Service and SSL API
Droidcon 2012Recap Align to enterprise policies, prepare for non-market distribution Embrace development standards, KPI’s and lifecycles Thoroughly manage traceability, accountability and privacy Prepare for integration using secure Webservices and XML Prepare for fragmented device base and users who need to be supported by – in the end – yourself (incomprehensible pain)
Droidcon 2012May the force be with email@example.com@elca.ch