Android Fragmentation: Solving the Enterprise Mobility Dilemma

771 views

Published on

Learn how to solve the Android fragmentation problem for peace of mind during enterprise deployment.

Learn more: http://www.maas360.com/products/mobile-device-management/android/

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
771
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • If you ask Google they will show you this picture of the Android world . . .As of Feb 2, almost 90% of Android devices running 2.1 or 2.2Platform API Level DistributionAndroid 1.5 3 3.9%Android 1.6 4 6.3%Android 2.1 7 31.4%Android 2.2 8 57.6%Android 2.3 9 0.8%
  • If you ask others you’ll get a little different picture . . . Look at this eye chart! If that doesn’t scare you nothing will.The reality is in between. It is not quite as orderly as Google would have you believe, and it is not quite as chaotic as this chart would lead you to believe.Let’s look at some data to quantify all this . . .
  • 125+ phones, 30+ manufacturers, 15+ carriers, 5 different versions of Android shipped on phones released in 2010 (1.5 , 1.6, 2.0, 2.1, 2.2).In the US alone there are nearly 80 different Android phones currently for sale.2008 – 1 phone from 1 manufacturer2009 – 15 phones from 7 manufacturers2010 – 44 phones from 12 manufacturersPOLL 1Are fragmentation issues preventing or delaying use of Android devices in your organization?
  • 125+ phones, 30+ manufacturers, 15+ carriers, 5 different versions of Android shipped on phones released in 2010 (1.5 , 1.6, 2.0, 2.1, 2.2).In the US alone there are nearly 80 different Android phones currently for sale.2008 – 1 phone from 1 manufacturer2009 – 15 phones from 7 manufacturers2010 – 44 phones from 12 manufacturersPOLL 1Are fragmentation issues preventing or delaying use of Android devices in your organization?
  • 125+ phones, 30+ manufacturers, 15+ carriers, 5 different versions of Android shipped on phones released in 2010 (1.5 , 1.6, 2.0, 2.1, 2.2).In the US alone there are nearly 80 different Android phones currently for sale.2008 – 1 phone from 1 manufacturer2009 – 15 phones from 7 manufacturers2010 – 44 phones from 12 manufacturersPOLL 1Are fragmentation issues preventing or delaying use of Android devices in your organization?
  • 125+ phones, 30+ manufacturers, 15+ carriers, 5 different versions of Android shipped on phones released in 2010 (1.5 , 1.6, 2.0, 2.1, 2.2).In the US alone there are nearly 80 different Android phones currently for sale.2008 – 1 phone from 1 manufacturer2009 – 15 phones from 7 manufacturers2010 – 44 phones from 12 manufacturersPOLL 1Are fragmentation issues preventing or delaying use of Android devices in your organization?
  • UsersDepends on whether an app they want is available and compatible with their deviceDevelopersMore difficulty and effort to develop, test and support applications – Rovio -> Angry BirdsBut it’s a big big market to sell into that is growing faster than any otherCorporationsThe CEO knows his employees will be more productive and his customers better servedThe CFO knows he can save moneyThe employees know their teenagers can do all this stuff at home alreadyIT departmentsHow do you deal with this? You cant ignore it.What are the risks?Where are the gaps?What practices and tools are available to help?Lets spend a minute talking about what some of the major challenges are for IT.
  • UsersDepends on whether an app they want is available and compatible with their deviceDevelopersMore difficulty and effort to develop, test and support applications – Rovio -> Angry BirdsBut it’s a big big market to sell into that is growing faster than any otherCorporationsThe CEO knows his employees will be more productive and his customers better servedThe CFO knows he can save moneyThe employees know their teenagers can do all this stuff at home alreadyIT departmentsHow do you deal with this? You cant ignore it.What are the risks?Where are the gaps?What practices and tools are available to help?Lets spend a minute talking about what some of the major challenges are for IT.
  • UsersDepends on whether an app they want is available and compatible with their deviceDevelopersMore difficulty and effort to develop, test and support applications – Rovio -> Angry BirdsBut it’s a big big market to sell into that is growing faster than any otherCorporationsThe CEO knows his employees will be more productive and his customers better servedThe CFO knows he can save moneyThe employees know their teenagers can do all this stuff at home alreadyIT departmentsHow do you deal with this? You cant ignore it.What are the risks?Where are the gaps?What practices and tools are available to help?Lets spend a minute talking about what some of the major challenges are for IT.
  • UsersDepends on whether an app they want is available and compatible with their deviceDevelopersMore difficulty and effort to develop, test and support applications – Rovio -> Angry BirdsBut it’s a big big market to sell into that is growing faster than any otherCorporationsThe CEO knows his employees will be more productive and his customers better servedThe CFO knows he can save moneyThe employees know their teenagers can do all this stuff at home alreadyIT departmentsHow do you deal with this? You cant ignore it.What are the risks?Where are the gaps?What practices and tools are available to help?Lets spend a minute talking about what some of the major challenges are for IT.
  • Help DeskBuilt around standardized platforms, tools, processes, training, and documentationAndroid variants do not create a help desk friendly environmentReportingDevices report similar properties (like OS version) inconsistently or not at allSecurityCore featuresEncryption – Android does not currently hw based encryption (ios supports this)ActiveSync Security IssuesEnabled passcode policy on Android devices via ActiveSync.Non-Motorola Android devices began having problems receiving emailApplications can create new vulnerabilitiesAndroid PDF viewer does not respect the password-protected attribute in PDF filesYou may need to understand what is installed and perform application blacklistingAndroid platform upgradeGetting an update requires cooperation of both device manufacturer and carrierI am a slightly disgruntled Samsung Galaxy S user still waiting for 2.2 upgrade from AT&TOver 90% of iOS devices are running one of the 2 latest version of iOS.
  • Help DeskBuilt around standardized platforms, tools, processes, training, and documentationAndroid variants do not create a help desk friendly environmentReportingDevices report similar properties (like OS version) inconsistently or not at allSecurityCore featuresEncryption – Android does not currently hw based encryption (ios supports this)ActiveSync Security IssuesEnabled passcode policy on Android devices via ActiveSync.Non-Motorola Android devices began having problems receiving emailApplications can create new vulnerabilitiesAndroid PDF viewer does not respect the password-protected attribute in PDF filesYou may need to understand what is installed and perform application blacklistingAndroid platform upgradeGetting an update requires cooperation of both device manufacturer and carrierI am a slightly disgruntled Samsung Galaxy S user still waiting for 2.2 upgrade from AT&TOver 90% of iOS devices are running one of the 2 latest version of iOS.
  • Help DeskBuilt around standardized platforms, tools, processes, training, and documentationAndroid variants do not create a help desk friendly environmentReportingDevices report similar properties (like OS version) inconsistently or not at allSecurityCore featuresEncryption – Android does not currently hw based encryption (ios supports this)ActiveSync Security IssuesEnabled passcode policy on Android devices via ActiveSync.Non-Motorola Android devices began having problems receiving emailApplications can create new vulnerabilitiesAndroid PDF viewer does not respect the password-protected attribute in PDF filesYou may need to understand what is installed and perform application blacklistingAndroid platform upgradeGetting an update requires cooperation of both device manufacturer and carrierI am a slightly disgruntled Samsung Galaxy S user still waiting for 2.2 upgrade from AT&TOver 90% of iOS devices are running one of the 2 latest version of iOS.
  • Help DeskBuilt around standardized platforms, tools, processes, training, and documentationAndroid variants do not create a help desk friendly environmentReportingDevices report similar properties (like OS version) inconsistently or not at allSecurityCore featuresEncryption – Android does not currently hw based encryption (ios supports this)ActiveSync Security IssuesEnabled passcode policy on Android devices via ActiveSync.Non-Motorola Android devices began having problems receiving emailApplications can create new vulnerabilitiesAndroid PDF viewer does not respect the password-protected attribute in PDF filesYou may need to understand what is installed and perform application blacklistingAndroid platform upgradeGetting an update requires cooperation of both device manufacturer and carrierI am a slightly disgruntled Samsung Galaxy S user still waiting for 2.2 upgrade from AT&TOver 90% of iOS devices are running one of the 2 latest version of iOS.
  • Discuss articles on MaaSters Center from Maribel Lopez and Philippe Winthrop on this.Let’s take a look at an EMM model and discuss how to apply it supporting Android devices.
  • The goal of EMM is to maximize customer satisfaction and employee productivity while simultaneously minimizing cost and risk for the enterprise.Enterprise Mobility is best approached from an outside-in rather than an inside-out perspective.The natural tendency is to focus inside-out starting with the device (mobile device management) but this perspective may cause you to miss important issues while forming your EMM strategy.Users – Who should be mobilized? How and with what?This may be influenced by your industry and regulations your company must comply with but a lot of it is up to your organizationWho gets a corporate provisioned device? Execs, LOB, RolesAre employee-owned devices supported?Are separate policies needed for corporate-owned and employee-owned tablets?What end-user support will be available?Applications – What will be mobilized ?Email/Contact/Calendar for sureWill LOB apps be supported (ERP, CRM, etc.)?Will commercial applications be leveraged?Do you need to blacklist applications?Will custom mobile applications be developed?Do you need an enterprise mobile app store?Data – How will the data consumed and produced by mobile applications be protected?Tied tightly to the applications that are mobilizedData encryptionWatch out for data on removable storage devicesRestrict access to email attachments?Do you need to be able to wipe corporate data while leaving personal data intact?Networks – What networks will be used?Corporate networksAccess to corporate WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How will expenses managed?Devices – What devices are being used? How are they tracked, managed and protected? Classic MDM.Basic inventory management (data collection and reporting)Make, model, OS version, etc.Device lifecycle (provision, manage, deprovision)ManageEnforcing policiesEnforce a passcode policy for device accessTaking actionRemote wipe - when a device is lost or stolen, or when employee leaves the organizationLet’s look at each of these areas in a little more detail.
  • The goal of EMM is to maximize customer satisfaction and employee productivity while simultaneously minimizing cost and risk for the enterprise.Enterprise Mobility is best approached from an outside-in rather than an inside-out perspective.The natural tendency is to focus inside-out starting with the device (mobile device management) but this perspective may cause you to miss important issues while forming your EMM strategy.Users – Who should be mobilized? How and with what?This may be influenced by your industry and regulations your company must comply with but a lot of it is up to your organizationWho gets a corporate provisioned device? Execs, LOB, RolesAre employee-owned devices supported?Are separate policies needed for corporate-owned and employee-owned tablets?What end-user support will be available?Applications – What will be mobilized ?Email/Contact/Calendar for sureWill LOB apps be supported (ERP, CRM, etc.)?Will commercial applications be leveraged?Do you need to blacklist applications?Will custom mobile applications be developed?Do you need an enterprise mobile app store?Data – How will the data consumed and produced by mobile applications be protected?Tied tightly to the applications that are mobilizedData encryptionWatch out for data on removable storage devicesRestrict access to email attachments?Do you need to be able to wipe corporate data while leaving personal data intact?Networks – What networks will be used?Corporate networksAccess to corporate WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How will expenses managed?Devices – What devices are being used? How are they tracked, managed and protected? Classic MDM.Basic inventory management (data collection and reporting)Make, model, OS version, etc.Device lifecycle (provision, manage, deprovision)ManageEnforcing policiesEnforce a passcode policy for device accessTaking actionRemote wipe - when a device is lost or stolen, or when employee leaves the organizationLet’s look at each of these areas in a little more detail.
  • The goal of EMM is to maximize customer satisfaction and employee productivity while simultaneously minimizing cost and risk for the enterprise.Enterprise Mobility is best approached from an outside-in rather than an inside-out perspective.The natural tendency is to focus inside-out starting with the device (mobile device management) but this perspective may cause you to miss important issues while forming your EMM strategy.Users – Who should be mobilized? How and with what?This may be influenced by your industry and regulations your company must comply with but a lot of it is up to your organizationWho gets a corporate provisioned device? Execs, LOB, RolesAre employee-owned devices supported?Are separate policies needed for corporate-owned and employee-owned tablets?What end-user support will be available?Applications – What will be mobilized ?Email/Contact/Calendar for sureWill LOB apps be supported (ERP, CRM, etc.)?Will commercial applications be leveraged?Do you need to blacklist applications?Will custom mobile applications be developed?Do you need an enterprise mobile app store?Data – How will the data consumed and produced by mobile applications be protected?Tied tightly to the applications that are mobilizedData encryptionWatch out for data on removable storage devicesRestrict access to email attachments?Do you need to be able to wipe corporate data while leaving personal data intact?Networks – What networks will be used?Corporate networksAccess to corporate WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How will expenses managed?Devices – What devices are being used? How are they tracked, managed and protected? Classic MDM.Basic inventory management (data collection and reporting)Make, model, OS version, etc.Device lifecycle (provision, manage, deprovision)ManageEnforcing policiesEnforce a passcode policy for device accessTaking actionRemote wipe - when a device is lost or stolen, or when employee leaves the organizationLet’s look at each of these areas in a little more detail.
  • The goal of EMM is to maximize customer satisfaction and employee productivity while simultaneously minimizing cost and risk for the enterprise.Enterprise Mobility is best approached from an outside-in rather than an inside-out perspective.The natural tendency is to focus inside-out starting with the device (mobile device management) but this perspective may cause you to miss important issues while forming your EMM strategy.Users – Who should be mobilized? How and with what?This may be influenced by your industry and regulations your company must comply with but a lot of it is up to your organizationWho gets a corporate provisioned device? Execs, LOB, RolesAre employee-owned devices supported?Are separate policies needed for corporate-owned and employee-owned tablets?What end-user support will be available?Applications – What will be mobilized ?Email/Contact/Calendar for sureWill LOB apps be supported (ERP, CRM, etc.)?Will commercial applications be leveraged?Do you need to blacklist applications?Will custom mobile applications be developed?Do you need an enterprise mobile app store?Data – How will the data consumed and produced by mobile applications be protected?Tied tightly to the applications that are mobilizedData encryptionWatch out for data on removable storage devicesRestrict access to email attachments?Do you need to be able to wipe corporate data while leaving personal data intact?Networks – What networks will be used?Corporate networksAccess to corporate WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How will expenses managed?Devices – What devices are being used? How are they tracked, managed and protected? Classic MDM.Basic inventory management (data collection and reporting)Make, model, OS version, etc.Device lifecycle (provision, manage, deprovision)ManageEnforcing policiesEnforce a passcode policy for device accessTaking actionRemote wipe - when a device is lost or stolen, or when employee leaves the organizationLet’s look at each of these areas in a little more detail.
  • The goal of EMM is to maximize customer satisfaction and employee productivity while simultaneously minimizing cost and risk for the enterprise.Enterprise Mobility is best approached from an outside-in rather than an inside-out perspective.The natural tendency is to focus inside-out starting with the device (mobile device management) but this perspective may cause you to miss important issues while forming your EMM strategy.Users – Who should be mobilized? How and with what?This may be influenced by your industry and regulations your company must comply with but a lot of it is up to your organizationWho gets a corporate provisioned device? Execs, LOB, RolesAre employee-owned devices supported?Are separate policies needed for corporate-owned and employee-owned tablets?What end-user support will be available?Applications – What will be mobilized ?Email/Contact/Calendar for sureWill LOB apps be supported (ERP, CRM, etc.)?Will commercial applications be leveraged?Do you need to blacklist applications?Will custom mobile applications be developed?Do you need an enterprise mobile app store?Data – How will the data consumed and produced by mobile applications be protected?Tied tightly to the applications that are mobilizedData encryptionWatch out for data on removable storage devicesRestrict access to email attachments?Do you need to be able to wipe corporate data while leaving personal data intact?Networks – What networks will be used?Corporate networksAccess to corporate WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How will expenses managed?Devices – What devices are being used? How are they tracked, managed and protected? Classic MDM.Basic inventory management (data collection and reporting)Make, model, OS version, etc.Device lifecycle (provision, manage, deprovision)ManageEnforcing policiesEnforce a passcode policy for device accessTaking actionRemote wipe - when a device is lost or stolen, or when employee leaves the organizationLet’s look at each of these areas in a little more detail.
  • The goal of EMM is to maximize customer satisfaction and employee productivity while simultaneously minimizing cost and risk for the enterprise.Enterprise Mobility is best approached from an outside-in rather than an inside-out perspective.The natural tendency is to focus inside-out starting with the device (mobile device management) but this perspective may cause you to miss important issues while forming your EMM strategy.Users – Who should be mobilized? How and with what?This may be influenced by your industry and regulations your company must comply with but a lot of it is up to your organizationWho gets a corporate provisioned device? Execs, LOB, RolesAre employee-owned devices supported?Are separate policies needed for corporate-owned and employee-owned tablets?What end-user support will be available?Applications – What will be mobilized ?Email/Contact/Calendar for sureWill LOB apps be supported (ERP, CRM, etc.)?Will commercial applications be leveraged?Do you need to blacklist applications?Will custom mobile applications be developed?Do you need an enterprise mobile app store?Data – How will the data consumed and produced by mobile applications be protected?Tied tightly to the applications that are mobilizedData encryptionWatch out for data on removable storage devicesRestrict access to email attachments?Do you need to be able to wipe corporate data while leaving personal data intact?Networks – What networks will be used?Corporate networksAccess to corporate WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How will expenses managed?Devices – What devices are being used? How are they tracked, managed and protected? Classic MDM.Basic inventory management (data collection and reporting)Make, model, OS version, etc.Device lifecycle (provision, manage, deprovision)ManageEnforcing policiesEnforce a passcode policy for device accessTaking actionRemote wipe - when a device is lost or stolen, or when employee leaves the organizationLet’s look at each of these areas in a little more detail.
  • Adopt and publish sensible guidelines for usersTerms of UseEmployee may have to accept that a passcode will be enabled to control access to deviceEmployee may have to accept that if they lose device or leave the company their personal device will be wipedAcceptable UseAppropriate uses of device (camera), networks, applications, dataMany companies publish an approved or recommended list of devices and carriersMany companies will vary the support offered based on a categorization of the deviceCORPORATE implies that the corporation has full ability to secure, manage and support the deviceTRUSTED implies that the device meets basic thresholds and can therefore is sanctioned for approved uses (like email only)UNTRUSTED implies that the corporation cannot manage, secure, or support the device. Quarantine (UNKNOWN)
  • Adopt and publish sensible guidelines for usersTerms of UseEmployee may have to accept that a passcode will be enabled to control access to deviceEmployee may have to accept that if they lose device or leave the company their personal device will be wipedAcceptable UseAppropriate uses of device (camera), networks, applications, dataMany companies publish an approved or recommended list of devices and carriersMany companies will vary the support offered based on a categorization of the deviceCORPORATE implies that the corporation has full ability to secure, manage and support the deviceTRUSTED implies that the device meets basic thresholds and can therefore is sanctioned for approved uses (like email only)UNTRUSTED implies that the corporation cannot manage, secure, or support the device. Quarantine (UNKNOWN)
  • Adopt and publish sensible guidelines for usersTerms of UseEmployee may have to accept that a passcode will be enabled to control access to deviceEmployee may have to accept that if they lose device or leave the company their personal device will be wipedAcceptable UseAppropriate uses of device (camera), networks, applications, dataMany companies publish an approved or recommended list of devices and carriersMany companies will vary the support offered based on a categorization of the deviceCORPORATE implies that the corporation has full ability to secure, manage and support the deviceTRUSTED implies that the device meets basic thresholds and can therefore is sanctioned for approved uses (like email only)UNTRUSTED implies that the corporation cannot manage, secure, or support the device. Quarantine (UNKNOWN)
  • Adopt and publish sensible guidelines for usersTerms of UseEmployee may have to accept that a passcode will be enabled to control access to deviceEmployee may have to accept that if they lose device or leave the company their personal device will be wipedAcceptable UseAppropriate uses of device (camera), networks, applications, dataMany companies publish an approved or recommended list of devices and carriersMany companies will vary the support offered based on a categorization of the deviceCORPORATE implies that the corporation has full ability to secure, manage and support the deviceTRUSTED implies that the device meets basic thresholds and can therefore is sanctioned for approved uses (like email only)UNTRUSTED implies that the corporation cannot manage, secure, or support the device. Quarantine (UNKNOWN)
  • Mobilize capabilities appropriatelyUse the user/device segmentation approach to determine which applications are appropriate for the different segmentsCollaboration (email, contacts, calendar) and web browsing are the killer apps for a smartphone user – your first task is to understand how these can be safely supported across the broadest range of devicesYou can leverage EAS to quickly enable collaboration for your mobile usersWatch out for attachments. You can disallow attachment download via EAS policy.Understand that each mobile device will have a different implementation of ActiveSync.You will have devices that cannot sync with Exchange.Enable Outlook Web App (OWA) on your Exchange server to allow access to email/calendar via the smartphones web browserNot the greatest user experience on a smartphone but it does work.Enterprise ApplicationsMajor vendors may have a version available in Android MarketDo you need to Blacklist commercial apps?– Talk to Clint
  • Mobilize capabilities appropriatelyUse the user/device segmentation approach to determine which applications are appropriate for the different segmentsCollaboration (email, contacts, calendar) and web browsing are the killer apps for a smartphone user – your first task is to understand how these can be safely supported across the broadest range of devicesYou can leverage EAS to quickly enable collaboration for your mobile usersWatch out for attachments. You can disallow attachment download via EAS policy.Understand that each mobile device will have a different implementation of ActiveSync.You will have devices that cannot sync with Exchange.Enable Outlook Web App (OWA) on your Exchange server to allow access to email/calendar via the smartphones web browserNot the greatest user experience on a smartphone but it does work.Enterprise ApplicationsMajor vendors may have a version available in Android MarketDo you need to Blacklist commercial apps?– Talk to Clint
  • Your data issues will tightly bound to applications that are mobilized. Because it is the applications that produce and consume the data
  • Your data issues will tightly bound to applications that are mobilized. Because it is the applications that produce and consume the data
  • Your data issues will tightly bound to applications that are mobilized. Because it is the applications that produce and consume the data
  • Your data issues will tightly bound to applications that are mobilized. Because it is the applications that produce and consume the data
  • Your data issues will tightly bound to applications that are mobilized. Because it is the applications that produce and consume the data
  • Networks – What networks will be used?Corporate networksAccess to WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How are expenses managed?
  • Networks – What networks will be used?Corporate networksAccess to WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How are expenses managed?
  • Networks – What networks will be used?Corporate networksAccess to WLANs and VPNs?Public networksWho will pay for it? Corporation or employee?How are expenses managed?
  • Segment based on Android versionIf a device is not running at least 2.2 it should not be considered for use as a corporate provisioned device or trusted deviceAndroid 2.2Device Policy Manager API’s – allows 3rd party MDM solutions (like maaS360) manage and enforce security features on the device, such as, minimum password strength, data wipe, etc.Android Cloud to Device Messaging (two way push/sync functionality) allows alerting and messaging to deviceActive Sync enhancementsRemote wipe supportEnforce alphanumeric pin or passwordGAL lookup & auto-complete from emailAndroid 2.3/2.4 No security or management enhancementsSmartphone manufacturers will have different ActiveSync implementationsIn a minute we will talk about some recent announcements from these manufacturers related to innovations they have developed to improve Android management and security
  • Segment based on Android versionIf a device is not running at least 2.2 it should not be considered for use as a corporate provisioned device or trusted deviceAndroid 2.2Device Policy Manager API’s – allows 3rd party MDM solutions (like maaS360) manage and enforce security features on the device, such as, minimum password strength, data wipe, etc.Android Cloud to Device Messaging (two way push/sync functionality) allows alerting and messaging to deviceActive Sync enhancementsRemote wipe supportEnforce alphanumeric pin or passwordGAL lookup & auto-complete from emailAndroid 2.3/2.4 No security or management enhancementsSmartphone manufacturers will have different ActiveSync implementationsIn a minute we will talk about some recent announcements from these manufacturers related to innovations they have developed to improve Android management and security
  • Segment based on Android versionIf a device is not running at least 2.2 it should not be considered for use as a corporate provisioned device or trusted deviceAndroid 2.2Device Policy Manager API’s – allows 3rd party MDM solutions (like maaS360) manage and enforce security features on the device, such as, minimum password strength, data wipe, etc.Android Cloud to Device Messaging (two way push/sync functionality) allows alerting and messaging to deviceActive Sync enhancementsRemote wipe supportEnforce alphanumeric pin or passwordGAL lookup & auto-complete from emailAndroid 2.3/2.4 No security or management enhancementsSmartphone manufacturers will have different ActiveSync implementationsIn a minute we will talk about some recent announcements from these manufacturers related to innovations they have developed to improve Android management and security
  • Deploy an agent-based MDM solution - More than just a wrapper around EAS.Additional featuresEncryption, Insure that there are consistent set of security policies are implemented across all mobile devices (Android and non-Android)Insure a consistent implementation of each security policy. All devices behave identically to the same policy.EAS policies are associated with a mailbox not a device.This means that an employee with multiple mobile devices can be associated with only a single policyCant support someone with an iPhone and an Android tablet.
  • Deploy an agent-based MDM solution - More than just a wrapper around EAS.Additional featuresEncryption, Insure that there are consistent set of security policies are implemented across all mobile devices (Android and non-Android)Insure a consistent implementation of each security policy. All devices behave identically to the same policy.EAS policies are associated with a mailbox not a device.This means that an employee with multiple mobile devices can be associated with only a single policyCant support someone with an iPhone and an Android tablet.
  • Deploy an agent-based MDM solution - More than just a wrapper around EAS.Additional featuresEncryption, Insure that there are consistent set of security policies are implemented across all mobile devices (Android and non-Android)Insure a consistent implementation of each security policy. All devices behave identically to the same policy.EAS policies are associated with a mailbox not a device.This means that an employee with multiple mobile devices can be associated with only a single policyCant support someone with an iPhone and an Android tablet.
  • Deploy an agent-based MDM solution - More than just a wrapper around EAS.Additional featuresEncryption, Insure that there are consistent set of security policies are implemented across all mobile devices (Android and non-Android)Insure a consistent implementation of each security policy. All devices behave identically to the same policy.EAS policies are associated with a mailbox not a device.This means that an employee with multiple mobile devices can be associated with only a single policyCant support someone with an iPhone and an Android tablet.
  • Android 3.0 ->APIs available to provide following features via 3rd party MDM solutionsEncrypted storagepassword expiration, password history, and ability to require complex characters in passwordsSamsung announcement90+ api’s focused on managing and securing Android phones and tablets from SamsungAll 3rd-party MDM solutions will integrate with these APIsMotorola acquires 3LM (Three Laws of Mobility)Motorola’s goal is to build the standard for “enterprise-ready” Android devicesHTC, Sony-Ericsson, Sharp, Pantech have already announced supportWhat does this mean?Is this a push into the space occupied in the Enterprise today by Blackberry and in line-of-business by Windows Mobile/Motorola-Symbol?Doesn’t address employee-owned device issuesWill it serve to improve fragmentation issue or is it a new front in the fragmentation battle?What about the carriers? They still control pushing new Android versions out to their customers devices
  • Android 3.0 ->APIs available to provide following features via 3rd party MDM solutionsEncrypted storagepassword expiration, password history, and ability to require complex characters in passwordsSamsung announcement90+ api’s focused on managing and securing Android phones and tablets from SamsungAll 3rd-party MDM solutions will integrate with these APIsMotorola acquires 3LM (Three Laws of Mobility)Motorola’s goal is to build the standard for “enterprise-ready” Android devicesHTC, Sony-Ericsson, Sharp, Pantech have already announced supportWhat does this mean?Is this a push into the space occupied in the Enterprise today by Blackberry and in line-of-business by Windows Mobile/Motorola-Symbol?Doesn’t address employee-owned device issuesWill it serve to improve fragmentation issue or is it a new front in the fragmentation battle?What about the carriers? They still control pushing new Android versions out to their customers devices
  • Android 3.0 ->APIs available to provide following features via 3rd party MDM solutionsEncrypted storagepassword expiration, password history, and ability to require complex characters in passwordsSamsung announcement90+ api’s focused on managing and securing Android phones and tablets from SamsungAll 3rd-party MDM solutions will integrate with these APIsMotorola acquires 3LM (Three Laws of Mobility)Motorola’s goal is to build the standard for “enterprise-ready” Android devicesHTC, Sony-Ericsson, Sharp, Pantech have already announced supportWhat does this mean?Is this a push into the space occupied in the Enterprise today by Blackberry and in line-of-business by Windows Mobile/Motorola-Symbol?Doesn’t address employee-owned device issuesWill it serve to improve fragmentation issue or is it a new front in the fragmentation battle?What about the carriers? They still control pushing new Android versions out to their customers devices
  • Android Fragmentation: Solving the Enterprise Mobility Dilemma

    1. 1. Android Fragmentation: Solving the Enterprise Mobility Dilemma Joseph Pappano© 2011 Fiberlink Communications MORE Webinar Series © 2011 Fiberlink Communications
    2. 2. Is Android fragmented? The Hope. MORE Webinar Series © 2011 Fiberlink Communications 2
    3. 3. Is Android fragmented? The Hype. MORE Webinar Series © 2011 Fiberlink Communications 3
    4. 4. Is Android fragmented? The Data.> Devices and manufacturers  125+ devices  30+ manufacturers MORE Webinar Series © 2011 Fiberlink Communications 4
    5. 5. Is Android fragmented? The Data.> Devices and manufacturers  125+ devices  30+ manufacturers> Android OS versions  In 2010, devices were shipped running 5 separate versions of Android MORE Webinar Series © 2011 Fiberlink Communications 5
    6. 6. Is Android fragmented? The Data.> Devices and manufacturers  125+ devices  30+ manufacturers> Android OS versions  In 2010, devices were shipped running 5 separate versions of Android> Carriers  15+ carriers MORE Webinar Series © 2011 Fiberlink Communications 6
    7. 7. Is Android fragmented? The Data.> Devices and manufacturers  125+ devices  30+ manufacturers> Android OS versions  In 2010, devices were shipped running 5 separate versions of Android> Carriers  15+ carriers> Software  Carrier-specific filtering in Android Market  Carrier-specific pre-installed software MORE Webinar Series © 2011 Fiberlink Communications 7
    8. 8. Who is this an issue for?> Users  Possibly MORE Webinar Series © 2011 Fiberlink Communications 8
    9. 9. Who is this an issue for?> Users  Possibly> Android developers  Probably MORE Webinar Series © 2011 Fiberlink Communications 9
    10. 10. Who is this an issue for?> Users  Possibly> Android developers  Probably> Corporations  Maybe MORE Webinar Series © 2011 Fiberlink Communications 10
    11. 11. Who is this an issue for?> Users  Possibly> Android developers  Probably> Corporations  Maybe> IT departments  Definitely MORE Webinar Series © 2011 Fiberlink Communications 11
    12. 12. What are some of the challenges for IT?> Help desk and end-user support processes  Built around standardization strategy MORE Webinar Series © 2011 Fiberlink Communications 12
    13. 13. What are some of the challenges for IT?> Help desk and end-user support processes  Built around standardization strategy> Reporting  Device properties are not reported consistently MORE Webinar Series © 2011 Fiberlink Communications 13
    14. 14. What are some of the challenges for IT?> Help desk and end-user support processes  Built around standardization strategy> Reporting  Device properties are not reported consistently> Security  Many core security features are missing  ActiveSync security features implemented inconsistently  Applications may open new vulnerabilities MORE Webinar Series © 2011 Fiberlink Communications 14
    15. 15. What are some of the challenges for IT?> Help desk and end-user support processes  Built around standardization strategy> Reporting  Device properties are not reported consistently> Security  Many core security features are missing  ActiveSync security features implemented inconsistently  Applications may open new vulnerabilities> No ability to upgrade platform across the ecosystem  Google cannot do this for Android  Apple can do this for iOS MORE Webinar Series © 2011 Fiberlink Communications 15
    16. 16. How do you get a handle on this?> Start with an Enterprise Mobility Management Strategy MORE Webinar Series © 2011 Fiberlink Communications 16
    17. 17. Approaching Enterprise Mobility Management Users Applications Data Networks Devices MORE Webinar Series © 2011 Fiberlink Communications 17
    18. 18. Approaching Enterprise Mobility Management Define policies Users Applications Data Networks Devices MORE Webinar Series © 2011 Fiberlink Communications 18
    19. 19. Approaching Enterprise Mobility Management Define policies Users ApplicationsDeploy and restrict Data applications Networks Devices MORE Webinar Series © 2011 Fiberlink Communications 19
    20. 20. Approaching Enterprise Mobility Management Define policies Users ApplicationsDeploy and restrict Data applications Networks Devices Protect data MORE Webinar Series © 2011 Fiberlink Communications 20
    21. 21. Approaching Enterprise Mobility Management Define policies Users ApplicationsDeploy and restrict Data applications Networks Devices Protect data Access networks MORE Webinar Series © 2011 Fiberlink Communications 21
    22. 22. Approaching Enterprise Mobility Management Define policies Users Applications Manage devicesDeploy and restrict Data applications Networks Devices Protect data Access networks MORE Webinar Series © 2011 Fiberlink Communications 22
    23. 23. Users> Define Terms of Use and Acceptable Use policies  Have employees agree to them MORE Webinar Series © 2011 Fiberlink Communications 23
    24. 24. Users> Define Terms of Use and Acceptable Use policies  Have employees agree to them> Determine which employees or roles require a corporate device MORE Webinar Series © 2011 Fiberlink Communications 24
    25. 25. Users> Define Terms of Use and Acceptable Use policies  Have employees agree to them> Determine which employees or roles require a corporate device> Publish an approved or recommended list of devices  And carriers MORE Webinar Series © 2011 Fiberlink Communications 25
    26. 26. Users> Define Terms of Use and Acceptable Use policies  Have employees agree to them> Determine which employees or roles require a corporate device> Publish an approved or recommended list of devices  And carriers> Define end-user support policies  Base support offered on device characteristics • Corporate owned - CORPORATE • Employee owned and corporate approved - TRUSTED • Employee owned and not corporate approved - UNTRUSTED MORE Webinar Series © 2011 Fiberlink Communications 26
    27. 27. Applications> Mobilize applications appropriately  Use a framework to segment - Corporate, Trusted, Untrusted MORE Webinar Series © 2011 Fiberlink Communications 27
    28. 28. Applications> Mobilize applications appropriately  Use a framework to segment - Corporate, Trusted, Untrusted> Application Types  Email/Contacts/Calendar • Enable EAS or OWA in Exchange • Watch out for attachments  Enterprise Applications • ERP, CRM, LOB, . . .  Custom Applications • Enterprise App Store  Commercial Applications • Downloaded from Android Market MORE Webinar Series © 2011 Fiberlink Communications 28
    29. 29. Data> Email  Attachments MORE Webinar Series © 2011 Fiberlink Communications 29
    30. 30. Data> Email  Attachments> Enterprise Applications  Data storage, sync and encryption MORE Webinar Series © 2011 Fiberlink Communications 30
    31. 31. Data> Email  Attachments> Enterprise Applications  Data storage, sync and encryption> Commercial data storage and sync applications  You may need to blacklist these MORE Webinar Series © 2011 Fiberlink Communications 31
    32. 32. Data> Email  Attachments> Enterprise Applications  Data storage, sync and encryption> Commercial data storage and sync applications  You may need to blacklist these> Removable storage  Phones look like any other USB storage device when tethered  Password protect device and encrypt data MORE Webinar Series © 2011 Fiberlink Communications 32
    33. 33. Data> Email  Attachments> Enterprise Applications  Data storage, sync and encryption> Commercial data storage and sync applications  You may need to blacklist these> Removable storage  Phones look like any other USB storage device when tethered  Password protect device and encrypt data> Remote Wipe  To remove data from a lost device or when an employee exits MORE Webinar Series © 2011 Fiberlink Communications 33
    34. 34. Networks> Corporate WLAN  MDM solution needed to manage MORE Webinar Series © 2011 Fiberlink Communications 34
    35. 35. Networks> Corporate WLAN  MDM solution needed to manage> Corporate VPN  MDM solution needed to manage MORE Webinar Series © 2011 Fiberlink Communications 35
    36. 36. Networks> Corporate WLAN  MDM solution needed to manage> Corporate VPN  MDM solution needed to manage> Public networks  Expense management MORE Webinar Series © 2011 Fiberlink Communications 36
    37. 37. Devices> Segment based on Android version  2.2 is the earliest version that can be considered for TRUSTED use in the enterprise  2.3 just released, 2.4 on the way • Not much for IT in these releases MORE Webinar Series © 2011 Fiberlink Communications 37
    38. 38. Devices> Segment based on Android version  2.2 is the earliest version that can be considered for TRUSTED use in the enterprise  2.3 just released, 2.4 on the way • Not much for IT in these releases> Segment based on manufacturer  Variations in EAS support can be significant MORE Webinar Series © 2011 Fiberlink Communications 38
    39. 39. Devices> Segment based on Android version  2.2 is the earliest version that can be considered for TRUSTED use in the enterprise  2.3 just released, 2.4 on the way • Not much for IT in these releases> Segment based on manufacturer  Variations in EAS support can be significant> Determine your MDM architecture  Exchange ActiveSync (EAS)  3rd Party MDM Solution  Hybrid (EAS & MDM) MORE Webinar Series © 2011 Fiberlink Communications 39
    40. 40. Advantages of an Agent-based MDM Solution> Provide additional security features  Selective Wipe, Encryption MORE Webinar Series © 2011 Fiberlink Communications 40
    41. 41. Advantages of an Agent-based MDM Solution> Provide additional security features  Selective Wipe, Encryption> Insures a consistent set of security policies exist  Addresses implementation inconsistencies in Android variants MORE Webinar Series © 2011 Fiberlink Communications 41
    42. 42. Advantages of an Agent-based MDM Solution> Provide additional security features  Selective Wipe, Encryption> Insures a consistent set of security policies exist  Addresses implementation inconsistencies in Android variants> Provide richer device data  Network and location information  Addresses data inconsistencies in Android variants MORE Webinar Series © 2011 Fiberlink Communications 42
    43. 43. Advantages of an Agent-based MDM Solution> Provide additional security features  Selective Wipe, Encryption> Insures a consistent set of security policies exist  Addresses implementation inconsistencies in Android variants> Provide richer device data  Network and location information  Addresses data inconsistencies in Android variants> Addresses gaps in EAS policy management model  EAS policy is associated with a mailbox not a device  Cant support different policies for multiple devices accessing the same mailbox MORE Webinar Series © 2011 Fiberlink Communications 43
    44. 44. Recent Developments> Google announces Android 3.0  Tablet only  Full device encryption MORE Webinar Series © 2011 Fiberlink Communications 44
    45. 45. Recent Developments> Google announces Android 3.0  Tablet only  Full device encryption> Device manufacturers are filling the gaps  Mobile World Congress Announcements • Samsung announces enterprise security enhancements • Motorola announces acquisition of 3LM MORE Webinar Series © 2011 Fiberlink Communications 45
    46. 46. Recent Developments> Google announces Android 3.0  Tablet only  Full device encryption> Device manufacturers are filling the gaps  Mobile World Congress Announcements • Samsung announces enterprise security enhancements • Motorola announces acquisition of 3LM> Enterprise-class security and management is coming MORE Webinar Series © 2011 Fiberlink Communications 46
    47. 47. Key Takeaways> You can’t avoid Android or legislate it away  Corporate purchasing is no longer the dominant form of device adoption  Mobile device usage is no longer a privilege but a right MORE Webinar Series © 2011 Fiberlink Communications 47
    48. 48. Key Takeaways> You can’t avoid Android or legislate it away  Corporate purchasing is no longer the dominant form of device adoption  Mobile device usage is no longer a privilege but a right> There are practices and tools available today  Enterprise Mobility Management  EAS and 3rd-party MDM solutions MORE Webinar Series © 2011 Fiberlink Communications 48
    49. 49. Key Takeaways> You can’t avoid Android or legislate it away  Corporate purchasing is no longer the dominant form of device adoption  Mobile device usage is no longer a privilege but a right> There are practices and tools available today  Enterprise Mobility Management  EAS and 3rd-party MDM solutions> Help is on the way  Watch what Google, Motorola-3LM, and Samsung are doing MORE Webinar Series © 2011 Fiberlink Communications 49
    50. 50. Questions or follow-up? Joseph Pappano Wrap-up jpappano@fiberlink.com> Up-coming Webinars (http://links.maas360.com/webinars/)  March 3: Provisioning and Mobile Device Management for iPhones, iPads, and Androids> Past Webinars (http://links.maas360.com/webinars/)  Managing Personal Mobile Devices In Your Business  Financial Services: Benchmarking your Smartphone IT Operations  Enabling iPhones and iPads in the Enterprise> Plus lots of How-To content at the MaaSters Center  Mobile Device Management Best Practices • http://links.maas360.com/mdm/  Mobile Device Management Strategy Series from Lopez Research • http://links.maas360.com/mdm/  Mobile Device Management Glossary • http://links.maas360.com/mdm/  Over 300 articles and posts including training videos and free tools • http://maasters.maas360.com/ MORE Webinar Series © 2011 Fiberlink Communications 50

    ×