The people have spoken and they love their Smartphone
and Tablets powered the Android OS. Samsung and Google have a strong footprint in
the consumer technology market, making them popular with the causal home user to the powerful corner office
executive. But what happens when your IT infrastructure creates a BYOD policy
for your company and then those Smartphones and Tablets running the Android platform are
set free to access your company’s file and network shares, etc…Are you unknowingly
exposing your environment to security risks? With cute operating system names like
Jellybean and Kit Kat, the security of your infrastructure might be heading for
a serious and painful root canal.
While IT cannot control what devices are purchased and then
brought into the office by the end user community, IT can make sure that the
environment eliminate any risk to vulnerability due to potential security gaps
in the Linux-Based Android OS. Let us look at some of the potential security risks
posed by the Android OS.
1) As an open platform, the Android OS is open to allow
people to modify the OS and applications installed by making changes to
the bootloader. This can expose the alternate version of the OS to be open to
malicious software on the device.
2) Any files shared by applications viewed by all.
The permissions on the Android come in two flavors: readable by specific app or world readable. It
would be wise to set the permission model on the Android OS to be readable by
specific app to minimize the potential to expose files to other application
running on the device that could be compromised.
3) Android OS upgrades take a little time to be released
for a particular device, so security issues can still be present. Therefore, do
not depend on the platform OS to keep your device secure, incorporate enterprise
security tools at your disposal in your IT infrastructure.
4) Active content can be exploited. Malware can take
advantage of the Flash, Java, JavaScript, and HTML5. Avoid this by ensuring your
security policies are set to prevent being attacked through your active content.
5) The Android OS is favored by hackers. Because the
Android OS is an open platform, it makes it an easy target by those cyber-snooping
geeks waiting in the shadows. Make sure your anti-malware tools are up to date.
Before you begin your BYOD initiative, you might want to
consider looking at the top three priorities for your Enterprise mobility strategy
when you cannot get away with just the basics of a BYOD rollout. As the subject
matter experts, IT cannot just support whatever is brought it through the front
doors. A plan has to be in place to achieve a success in the BYOD arena. Think
of the needs of your organization and people and then how to best use MDM or
Mobile Device Management and MAM or Mobile Application Management to ensure the
best outcome for true mobile device and mobile application control for the
Admins.
These should be your top three priorities for your enterprise
mobile strategy:
1) Provide protection for your most valuable
assets. You cannot manage every device that comes your way. Plan to support
only corporate and personal devices vital to the needs of your company and its
employees. Also protect critical and sensitive data.
2) Get your employees to buy-in and get support for
the end user community. The challenge of IT is to incorporate the employee base
and not alienate them with fancy high level tech speak or to tell someone that
their mobile device is not supported or does not meet your IT requirements. Get
a pilot group of heavy mobile users and work with them to outline a mobile
strategy based on their usage and needs to better understand your core audience
and user base when you design and deploy your BYOD environment.
3) Be compliant when setting up and designing and
creating your eventual BYOD strategy. First make sure you have security and
risk management thought out for your BYOD initiative. And second be sure to
plan for future upgrades or changes as your BYOD landscapes changes and grows
with the needs and demands of your end-user community.
BYOD and the mobile enterprise are now very much a part of a company’s IT direction in 2014. As keepers of the vision of what
IT can do to meet the needs of the ever changing and popular mobile device to
work anywhere at any time, we need to put ourselves in the shoes of those who
want and need their devices to be their mobile office and what that looks like
to the productive work force of today.
Labels: Android, Android Security, Backup, BYOD, Enterprise Mobility Solution, MAM, MDM, Mobile Apps, Mobility, Samsung, XenMobile