With a 76 percent market share of worldwide mobile devices, Android is the clear leader among consumers, surpassing Apple, Windows, and Blackberry. However, despite Android’s popularity among consumers, enterprises have largely avoided Android devices due to their reputation for risk.
Although past versions were rife with vulnerabilities, the most recent operating system, Android 5.0, has made important security advancements. In addition to supporting data encryption and automatic lock screen, the latest devices limit the privileges of applications to help protect against security breaches.
Related blog post: 4 Best Practices for Apple Device Management
Another noteworthy enhancement is Google’s new enterprise program, Android for Work. It offers enterprise-level security and supports containerization – the ability to separate work and personal data on employee Android devices.
These significant enhancements make it possible to use Android securely within the enterprise, provided organizations address the remaining, inherent security issues. To that end, here are the four best practices for Android device management:
Rooting is a means of unlocking the Android operating system so users can install unapproved, potentially malicious applications, update the operating system, and replace the firmware, among other things. It’s a common occurrence that presents significant security challenges for enterprises. A rooted device is more vulnerable to malicious apps. It can expose the corporate network and jeopardize sensitive data and is more susceptible to hackers. To prevent the rooting or jailbreaking of your workforce’s Android devices, we recommend blocking rooted devices from connecting to the network and training employees on the dangers and repercussions of rooting their smartphones.
Because Android users can install applications from any app store (not just Google Play), they are exposed to a larger volume of apps that contain malware. This impacts the enterprise, because applications targeted by malware can steal login credentials, access the corporate network, and cause critical data loss. To protect the corporate network against mobile malware, we recommend installing anti-malware software on approved devices. In addition, IT needs to gain visibility into all installed applications, detect mobile malware in real time, blacklist vulnerable applications, and leverage a secure enterprise app store or catalog to distribute and update approved applications.
As with all mobile devices, strong security measures are necessary to protect the corporate network. Although specific policies will vary according to industry, these are our baseline recommendations for Enterprise Mobility Management across all approved devices: require strong passwords, enforce data encryption, control app usage based on Wi-Fi networks, and block certain functions – including copy/paste, location services, email, camera, and the microphone – based on access policies and device location.
IT needs to be able to centrally manage and configure Android devices. We recommend remotely wiping lost or stolen devices, automatically wiping devices after a set number of failed unlock attempts, and implementing location services that identify device coordinates in real time and enforce access policies accordingly.
Learn about our Mobile Service Desk