Android OS: Friend or Foe to your BYOD Landscape

The people have spoken and they love their Smartphone and Tablets powered the Android OS. Samsung and Google have a strong footprint in the consumer technology market, making them popular with the causal home user to the powerful corner office executive. But what happens when your IT infrastructure creates a BYOD policy for your company and then those Smartphones and Tablets running the Android platform are set free to access your company’s file and network shares, etc…Are you unknowingly exposing your environment to security risks? With cute operating system names like Jellybean and Kit Kat, the security of your infrastructure might be heading for a serious and painful root canal.

While IT cannot control what devices are purchased and then brought into the office by the end user community, IT can make sure that the environment eliminate any risk to vulnerability due to potential security gaps in the Linux-Based Android OS. Let us look at some of the potential security risks posed by the Android OS.

1) As an open platform, the Android OS is open to allow people to modify the OS and applications installed by making changes to the bootloader. This can expose the alternate version of the OS to be open to malicious software on the device.

2) Any files shared by applications viewed by all. The permissions on the Android come in two flavors:  readable by specific app or world readable. It would be wise to set the permission model on the Android OS to be readable by specific app to minimize the potential to expose files to other application running on the device that could be compromised.

3) Android OS upgrades take a little time to be released for a particular device, so security issues can still be present. Therefore, do not depend on the platform OS to keep your device secure, incorporate enterprise security tools at your disposal in your IT infrastructure.

4) Active content can be exploited. Malware can take advantage of the Flash, Java, JavaScript, and HTML5. Avoid this by ensuring your security policies are set to prevent being attacked through your active content.

5) The Android OS is favored by hackers. Because the Android OS is an open platform, it makes it an easy target by those cyber-snooping geeks waiting in the shadows. Make sure your anti-malware tools are up to date.

Before you begin your BYOD initiative, you might want to consider looking at the top three priorities for your Enterprise mobility strategy when you cannot get away with just the basics of a BYOD rollout. As the subject matter experts, IT cannot just support whatever is brought it through the front doors. A plan has to be in place to achieve a success in the BYOD arena. Think of the needs of your organization and people and then how to best use MDM or Mobile Device Management and MAM or Mobile Application Management to ensure the best outcome for true mobile device and mobile application control for the Admins.

These should be your top three priorities for your enterprise mobile strategy:

1) Provide protection for your most valuable assets. You cannot manage every device that comes your way. Plan to support only corporate and personal devices vital to the needs of your company and its employees. Also protect critical and sensitive data.

2) Get your employees to buy-in and get support for the end user community. The challenge of IT is to incorporate the employee base and not alienate them with fancy high level tech speak or to tell someone that their mobile device is not supported or does not meet your IT requirements. Get a pilot group of heavy mobile users and work with them to outline a mobile strategy based on their usage and needs to better understand your core audience and user base when you design and deploy your BYOD environment.

3) Be compliant when setting up and designing and creating your eventual BYOD strategy. First make sure you have security and risk management thought out for your BYOD initiative. And second be sure to plan for future upgrades or changes as your BYOD landscapes changes and grows with the needs and demands of your end-user community.

BYOD and the mobile enterprise are now very much a part of a company’s IT direction in 2014. As keepers of the vision of what IT can do to meet the needs of the ever changing and popular mobile device to work anywhere at any time, we need to put ourselves in the shoes of those who want and need their devices to be their mobile office and what that looks like to the productive work force of today.

Labels: , , , , , , , , , ,